[afnog] An application on ethereal (wireshark).

Sat Jun 21 11:49:42 UTC 2008

Sammy,

Please don't forget you can only measure traffic for your internet connection if either you have access to the router behind the ISP connections and can setup snmp, or if you can 'port mirror' the router/switch traffic on another port on the router/switch in to which you can plug in a monitoring PC, or if you buy/make a hardware network probe. Choosing your monitoring point is crucial to capturing/monitoring the right traffic.
________________________________

In regard to tools here are my quick thoughts, but no doubt others will chip in and help.

Wireshark ( http://www.wireshark.org ) allows for analysis of live/captured packet streams - I am not sure that it would be easy to trigger an email alert, but you can export the captured data to  XML, CSV, or plain text. So you 'could' write a program to analyse that and then alert you.
________________________________

Nagios ( http://www.nagios.org/ ) allows you to setup probes of devices on the network, and can send you alerts. It also has a plug-in available (check_mrtgtraf). This will check the incoming/outgoing transfer rates of a router, or whatever that has been recorded in an MRTG log.  If the MRTG hasn't run it can be detected; If either the incoming or outgoing rates exceed set thresholds either a WARNING or CRITICAL status results.  Sounds like that will do it for you :
________________________________

Cacti (www.cacti.net) is a brilliant graphing tool and has plug-ins (so you could write one to do what you want); there is a patched version ( www.cactiusers.org ) which has a plug-in for thresholds allows you to alert on down hosts and the exceeding values in your graphs. HOWEVER please note that this is an in-line patched version of the standard cacti implementation so you cannot use YUM etc to auto update the main cacti application. On the other hand for other people interested in exploring monitoring kits the author has produced a self installing (needs an empty pc because it formats the disc) CD Boot ISO which does a centos4 install together with all the components needed to run cacti (including the plug-ins, and a few other tools) preconfigured. You can then build on it.
________________________________

I have uses all three in hands-on workshops  for educational institutions who are interesting in monitoring (first) and managing their internet bandwidth under the auspices of INASP ( www.inasp.info or to get to the project use http://www.inasp.info/file/209/bandwidth-management-and-optimisation.html ). 

For those in the list who are interested we have put together a free book "How to accelerate your Internet: A Practical Guide to Bandwidth Management and Optimization using Open Source Software", sponsored by INASP. To access the full text online, go to http://bwmo.net

I wish you well in your endeavours..... The more institutions monitor their internet bandwidth usage the better use they will be able to make of this (usually scarce) resource.

Dick Elleray

________________________________

        From: afnog-bounces at afnog.org [mailto:afnog-bounces at afnog.org] On Behalf Of MABIALA SAMMY
        Sent: 21 June 2008 11:08
        To: afnog at afnog.org
        Subject: [afnog] An application on ethereal (wireshark).

        Dear all,

        On behalf of the application of my work-end study, I'd like to create a wireless network (802.11) or TCP / IP and analyze a network sniffer; ethereal or wireshark and that each time that there is a problem that the system can send me an email or an alarm and ultimately I hope that my program monitors the flow of the Internet connection which must always remain stable and equal to that set in advance by the Internet provider .

        Is this possible?

        Give me a few tracks

        Answer me please.

        Sammy MABIALA / DRC / Kinshasa
        002430810099284
        pitusimabiala at yahoo.fr
        sammymabiala at gmail.com