We have an edge router connecting the Internet and our internal network. I needed to monitor the traffic going in and out, and make a report about which server/host uses most of our bandwidth and preferably which applications are the top consumes (torrents/http download, etc.)
Is it practical to port mirror (WAN interface) of our edge router and place a laptop running wireshark on it? just to see the statistics or usage?
I was just playing around nagios, and didn't seem to find this kind of monitoring.
Are there any applications that do this easily?
Best Answer
I'm gong to echo, for the most part, the answer JMurphy provided. Wireshark (IMO) doesn't lend itself very well to the type of analysis you're looking to do. Wireshark is better suited to detailed traffic analysis when you're trying to solve a specific network problem between two hosts.
What I would suggest would be one of two things:
PRTG or MRTG. This can give you a high level overview of the traffic transiting your internet connection, such as traffic type (HTTP, SMTP, etc.) and the hosts involved in said traffic (source and destination) as well as being able to give you traffic summaries, such as the volume of HTTP traffic, etc.
NetFlow or its alternative, depending on what your router and/or switches support. Again, this can give you a high level overview of the traffic transiting your internet connection, such as traffic type (HTTP, SMTP, etc.) and the hosts involved in said traffic (source and destination) as well as being able to give you traffic summaries, such as the volume of HTTP traffic, etc.