Problem: You have unpredictable slowness on your network and want to know the cause. Network traffic logs do not reveal any significant transfers occurring at the time of each incident. You expect the problem is either local to your network, your ISP or to the remote hosts you are communicating with. Additionally, your logs do not show tell-tale signs of remote communication problems nor do they contain enough granular information to detemine peak loads that may be contributing to the problem.
Solution: Implement a network flow anaylsis tool that shows live packet and byte counters as traffic occurs in a format that can be quickly viewed and referenced to detect correlated activity occurring at the time of reported slowness.
--------------
My Review:
I've conducted a quick review of these three network flow tools that work from command line using 'ncurses'. These are: trafshow, iptraf, and iftop.
My Review Process:
I compiled each from source and briefly tested each without reading beyond the README and the help section which was built-in to each tool.
My Recommendations:
trafshow - Information provided by this tool is displayed at intervals which makes it more difficult to detect active hosts when observing over time. (ref: http://www.freshports.org/net/trafshow/)
iptraf - This is my favorite 'out-of-box' solution for this purpose, you can watch byte and packet counters rapidly changing to quickly hone in on active hosts. (ref: http://iptraf.seul.org/download.html)
iftop - This is my second choice, you see the same information as iptraf, but must rely on dynamic bars rather than counters to detect active hosts because counters are not grandular enough to detect slight changes in counters which would indicate live communication. (ref: http://freshmeat.net/projects/iftop/)
Thursday, March 01, 2007
Subscribe to:
Posts (Atom)