Check out argus (http://qosient.com/argus/).
I've tried ntop, and it's unusable when the network gets busy. On Tue, Jul 8, 2008 at 10:51 PM, David Schulz <[EMAIL PROTECTED]> wrote: > Hello, > > can someone recommend me a good way to quickly determine who on the network > is using up most the Bandwith, and preferrably, what are the using it for? > > I have a 4.3 Machine, which is the Firewall and Router for a Network with > about 100 Machines. Every once in a while, i see the Traffic picking up > consideribly when using bwm-ng to check. During normal Operation, i know the > average Kilobytes per second is around 100kbps , but when bwm-ng shows me > the traffic is going up 750kbps, and then i know something is up. > > Normally then i use something like pftop -s 1 -o rate , and then find out > who is on top of the list. I wonder if anyone has a better way of finding > Bandwidth Hogs. On an older FreeBSD System, i simply installed iftop, which > quickly showed me my top Users. Similar to bwm-ng, but basically showing you > per IP who is using how much Bandwidth. > > Ideally would be a way that not only shows me quickly who is using the most > Bandwidth, but also, if they are using it for HTTP traffic, or simply > downloading a large mail or having a Skype Conversation or else. > > Excellent would also be a way i can somehow graph all of that, so that even > when i am not in the office, i can identify people who are doing things they > shouldnt. I do have an RRD Graph for my main Interface, so i can say for > example a few hours ago something made the Traffic pick up to 750kbps for 20 > minutes, but i have no idea who it was. I once had all my protocols and IP's > labeled, and used pfctl -s labels to parse them into my rrd files, but the > whole process with collecting and graphing got quite slow. > > Also i tried darkstat, but its doesnt do a better job than current bwm-ng > and pftop. > > Thanks for any suggestions, > David
