Monitor bandwidth and internet activity

Now that you have your policy in place, it is time to get your hands dirty and start implementing the monitoring and controlling measures. You can monitor everything from Web access, e-mail and websites providing audio/video streaming to e-commerce transactions and even VPN connectivity between your various offices.

To check if you are getting the right amount of bandwidth, you need to monitor to see if your ISP is providing you with the promised bandwidth and check for other internal bottlenecks, such as any misconfigured or overloaded proxy server.

Many tools are available for this. Some of the better-known ones are Multi Router Traffic Grapher, PRTG Network Monitor, PRTG Network Monitor Pro and Ntop. Multi Router Traffic Grapher (Multi-Router Traffic Grapher) is widely used by most ISPs and is available for Windows and Linux. PRTG Network Monitor (Paessler Router Traffic Grapher), a variant of Multi Router Traffic Grapher, is a freeware Windows-based tool that lets you monitor only a single network port. Once PRTG Network Monitor is installed, you need to add a sensor for the network ports you want to monitor. A sensor is nothing but the IP address of the network card you want to monitor. You also need to ensure that SNMP is enabled on the machine you are Monitoring, as PRTG Network Monitor uses it for polling and gathering data. The tool provides real-time graphs of the traffic moving in and out of the network port. It can create detailed HTML reports of the bandwidth on a daily, weekly or monthly basis. You should use it to monitor the network port of your Internet Gateway.

PRTG Network Monitor Pro is PRTG Network Monitor’s commercial edition that lets you add as many sensors as you like. Another powerful tool is Ntop. It can capture data that travels through your Internet gateway and provides a complete drill down of The type of traffic that’s flowing, which protocols is it using and which users are accessing how much bandwidth. It can tell you which machine is using which application, which will help you determine who all are using IMs and P2P applications (such as Kazaa) on your network and how many users are accessing the Web through HTTP. It will, however, not tell you the specific websites being visited by different users. For that, you will need other tools. It has a built-in Web server, which allows you to see all its reports through a Web browser.

PRTG Network Monitor captures raw packets from your Internet gateway and displays them in a detailed real-time graph. It even generates comprehensive HTML-based reports of them. If you want to use Ntop, you can read on to find out how to do so. Else, you can skip to the next section titled

Make Sense of Data. Ntop is available on many OSs; we show you how to run it on Linux.

You need to place ntop just before your proxy or Internet gateway so that it captures all the information before it moves out. Now unzip it to install it as shown below.

#cp ntop-3.0.tgz /
#cd /
#tar —zxvf ntop-3.0.tgz
#cd ntop-3.0
#./configure
#make
#make install

When Ntop is run on Linux, it asks for some files that it was unable to find in /var/ntop folder. So, you need to create them manually by running the following commands.

#touch addressQueue
#touch dnsCache
#touch macPrefix
#touch ntop_pw
#touch prefsCache

Now,you need to give these files full rights by running the following.

#chmod 777 /var/ntop/*

Copy /etc/ntop.conf.sample to /etc/ntop.conf and run the following command.

#ntop –w 3000 –W 0

With this your Ntop server will be up and running. It works on port 3000. To access its frontend, fire up a browser and enter the link http://127.0.0.1:3000. You can also access Ntop from any other machine with the external address of the Ntop machine and port 3000.

When you first start Ntop, you will find some links on the welcome page. Here, click on the Summary link to see graphs for network traffic, host traffic and network load.

There are some other links as well, such as IP Summary, All Protocols, Local IP and Admin. The first two links will give details about the protocols and the last will give you access to administrate the Ntop server. But, to create proper reports, you need to know how often the data should be captured. For instance, Ntop can capture a huge amount of data, which can quickly fill up your entire hard drive. So, you may not need to constantly Capture the data. Instead, define specific time periods for doing so. You could, for instance, configure it to run for a few minutes in the morning when all employees come in. Then you could run it for a few minutes every hour for the rest of the day and finally stop it after office hours.