Network Packet Monitoring tool

iqbalkhan · ‎11-29-2005

HI

I have 50 client pc, cisco switch and router. often i face a problem that is large packet generate. manullay i find out which pc generate exceed number of packet. its boring job.

I am looking a best packet monitoring software. by the software i can find out every pc generate type of packet, number of packet and whats reason packet generate .for which reason workstation/pc generate packet.

IF I install the software in my monitoring pc then i can get all information from the workstation pc or any configturation in gateway Cisco switch ? for monitoring.

pls give me the information about the software who are used and get benefit.

thanks

Biplob

spremkumar · ‎11-30-2005

Hi

I would suggest to check something inline with VSAPN or RSPAN so that you can connect ur montiroing pc to any of the ports and start collecting the datas about the traffic flow over the vlans or the switch ports.

http://www.cisco.com/en/US/products/hw/switches/ps646/products_configuration_guide_chapter09186a00800c9fe4.html#xtocid7

regds

thisisshanky · ‎11-30-2005

In addition to what Edwin and Rick suggested, "IP route-cache flow" on the interfaces of the router which enables Netflow, to figure out top talkers, as well as protocol level stats (you will need a hex to dec converting calculator, windows calc will do).

If you are looking for a "Nice but Xpensive" solution you can get modules such as NAM (for 6509) and NM-NAM for the routers, which has a built in packet capture tool and an embedded web interface to display the captured output..

HTH

PS: Please remember to rate replies!

Sankar Nair
UC Solutions Architect
Pacific Northwest | CDW
CCIE Collaboration #17135 Emeritus

Georg Pauwen · ‎11-30-2005

Hello,

in addition to Edwin´s post, you might want to start out with enabling ´ip accounting´ on your router interfaces. The output will give you source and destination IP address pairs, as well as the number of packets and bytes.

Also, there is a free sniffer available that might be useful, you can download it at:

www.ethereal.com

HTH,

GP

desai.jaideep · ‎12-01-2005

Hi

try Packetanalyzer from www.networkchemistry.com , its the best I can suggest, better then Ethereal.

Regards

JD

iqbalkhan · ‎12-03-2005

Hi

Thanks to all. For this software any configure in switch like configure monitor port enable ?

Thanks biplob

desai.jaideep · ‎12-04-2005

Hi,

No need.These software will monitor all the packets roaming in ur LAN.

PS:-Even the spanning tree packets and CDP packets will be visible.

Regards

JD

iqbalkhan · ‎12-05-2005

thanks but my question is my pc where install the software , the network cable connect any port of a switch, then i get all information from the network where pc are connect the switch ?

or connect the monitor port of gateway switch.

thanks

biplob

desai.jaideep · ‎12-05-2005

Hi

I am not able to understand what a "Gateway switch" is?Probably give the model no.

The software will listen to the packets in your typically what you call a broadcasting domain.Hence the PC should be connected to a normal port, just like other PCs in your network so that you would be able to "sniff" the packets.Try installing in your workstation PC.

Regards

JD

iqbalkhan · ‎12-05-2005

hi

very much thanks to u. i try it.

biplob

desai.jaideep · ‎12-05-2005

PS: Please remember to rate replies!

iqbalkhan · ‎12-07-2005

Hi

Its a excellent helpful software.i already insatalled and observation it. its provide me which I want.

but i have some question:

it has option

1. protocol, decode, connection, statistics and capture filter.

in protocol option i found 1.frame and ethernet.

i run the software 5 min and shows ethernet 98%.

This protocol and statistic option shows overall network statistic or my pc lancard statistic ?

2. In connection option dispaly always realtime log ?

3.when percantage 100% then capture stop or freeze and when i again start then it work so for 30 min or 1 hour continious observation what i configure ?

for best benefit from this software any suzzation from you in configure level ?.

Thanks

Biplob

desai.jaideep · ‎12-07-2005

Hi

Ques 1--> It is overall network statics for your network

Ques 2-->In connection window,the log is always based on the capture.You may refer it as realtime until you are capturing.

Ques 3-->To tell u the truth, I never tried to do 100% capture,b'coz my problems are solved before that,but try maximizing the capture size.The default settings are best suited.

PS:Monitor the decode window, thats where the action is.

Regards

JD