+1 You can filter (using bpf statements) on the TCP/IP ports you want to monitor, and also the addresses, if you want to narrow it down.
However, it does need to be in a mirror/span port, or running on a machine that is a router or bridge between the firewall and users. Kurt On Fri, Feb 13, 2009 at 11:54 AM, Walker, Clay <[email protected]> wrote: > if you want to go the open source route, ntop. > ________________________________ > From: [email protected] [mailto:[email protected]] > Sent: Friday, February 13, 2009 9:45 AM > To: NT System Admin Issues > Subject: RE: Monitor users internet sessions real-time > > +1 > > About two dozen boxes in the field and virtually zero issues and easy > management. Spend 20 minutes doing end user training on reporting and they > get anything they need. > > > > From: David Mazzaccaro [mailto:[email protected]] > Sent: Friday, February 13, 2009 10:39 AM > To: NT System Admin Issues > Subject: RE: Monitor users internet sessions real-time > > > > I use St Bernard's "iPrism" hardware product for this. > > Works great - can sit back and watch all internet traffic in real time. > > > > > > > > ________________________________ > > From: Jake Gardner [mailto:[email protected]] > Sent: Friday, February 13, 2009 10:30 AM > To: NT System Admin Issues > Subject: Monitor users internet sessions real-time > > Anyone have suggestions for software to watch users bandwidth consumption in > real time? > > > > My current setup: > > > > 3Mb feed(2 T's)->Juniper firewall->ISA 2004->clients > > > > Obviously there's switches in the mix that I have PRTG watching, but trying > to pinpoint a couple users out of 200+ isn't exactly easy when my switch > links are 2Gb and some have constant multicast traffic over 20Mb (work > related). > > > > I can watch each clients web request via ISA, but it just shows each new > connection. Not existing single connections like downloading a movie or > something and sustaining say a 400Kb/s transfer. > > > > Thanks, > > > > Jake Gardner > > TTC Network Administrator > > Ext. 246 > > > > > > > > > > ***Teletronics Technology Corporation*** > This e-mail is confidential and may also be privileged. If you are not the > addressee or authorized by the addressee to receive this e-mail, you may not > disclose, copy, distribute, or use this e-mail. If you have received this > e-mail in error, please notify the sender immediately by reply e-mail or by > telephone at 267-352-2020 and destroy this message and any copies. > > Thank you. > > ******************************************************************* > > > > > > > > > > > > > > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~
