Useful tool for traffic analysis?

monkeyface

I work in a small office where a handful of machines access the internet through our DSL modem.

Currently this is running pretty slow as we are using up our bandwidth.

I am investigating measures to reduce bandwidth usage in my office but seeing what services are using it up.

My results from a wireshark capture are inconclusive because the sample is over too small a period of time.

Is there a more useful product I should be using that instead of storing /all/ the bits on the wire could sample the traffic over a couple days/weeks etc. and report on it?

liven

ARGUS!!!

http://qosient.com/argus/

Get a box with a decent sized hard drive and cron up the argus_archive tool.

Then you can use a tool called RA to see everything that happened on the network.

You will need to place this right behind your DSL router to get a good idea what is happening on the network.

I have had this tool running for years on some network choke points. If someone asks me about a particular event on a particular day I can go an look for it.

RA works a lot like TCP ****, you can query for hosts and protocols etc.

Argus is really different than most other sniffers because it only captures the header info, so it is not as intrusive. If you see odd traffic then you can stand up a sniffer and really dig down.

After you run if for a week or so, start querying for the IP addresses on your network. It will be very clear which boxes are chatting the most.