Hi, If your firewall supports SNMP you can use any number of tools such as Ntopng, Cacti or MRTG to see what is up with your packets. If your firewall isn't able to handle the load of this function in addition to its day to day functioning you can always separate this out to another Linux box that you attach to a SPAN port on your switch or use a tap to monitor your connection.
Are you using the Comcast gateway as your firewall? If so, I'd recommend upgrading to any number of great open source firewalls which can be built on commodity hardware for ~$1000 you'll get an enterprise grade firewall with supernumerary features. Proxying, malware scanning and QoS would certainly be helpful to your situation. I'd recommend looking at OpnSense or Untangle. Both are open and offer community and corporate support. Both of these vendors offer ready made firewall solutions as well. Both of these have some of the bandwidth monitoring features among their many others. https://opnsense.org/ https://www.untangle.com/ In terms of gaining insight into your traffic you'll either need a network switch that supports SPAN/port mirroring or a network TAP. Then you can use any number of tools to get VERY detailed insights into the traffic flowing on your network. Tools like NtopNg,Cacti, MRTG among others would give you LOTS of insights of what is happening with your network. https://www.ntop.org/products/traffic-analysis/ntop/ https://www.cacti.net/ https://oss.oetiker.ch/mrtg/ Lastly, I'd not use Windows 8 for anything other than.. well nothing. =P You can take that desktop and throw just about ANY Linux desktop focused distro on it and then put Ntop, Catcti, Wireshark on it and it'll be a heck of a lot more secure, stable and performant. You can then plug that into a SPAN/port mirror or into a network tap and see EVERYTHING going on. Ntop and Cacti will give you TONS of info. As I detailed above many of the firewalls have some of the features you may need. In the end, architecting this is entirely up to you and your budget and needs. Hope this is helpful. Have a great weekend, Joe > ---------- Forwarded message ---------- > From: Thomas Charron <[email protected]> > To: jsf <[email protected]> > Cc: GNHLUG <[email protected]> > Bcc: > Date: Wed, 9 May 2018 12:42:27 -0400 > Subject: Re: bandwidth capture question > On Fri, May 4, 2018 at 1:09 PM, jsf <[email protected]> wrote: > >> Hi friends, >> >> I am IT dir. at a small independent school in CT nowadays. I have a >> comcast modem. my firewall plugs into a wired port in the comcast modem. >> I have an old PC running windows 8.1. I have installed wireshark on the >> old PC. I have plugged the old PC's network interface into another wired >> port on the comcast modem. Ideally I would like to use wireshark to >> capture EVERYTHING going across the modem - basically everything that is >> going in and out of the connection between the modem and my firewall. I am >> at a loss w/r/t how to set this up properly. >> > > That'd be doing it wrong, and you'd be looking at a giant list of > spaghetti. > > >> I am trying to get a sense regarding the schools' bandwidth usage.. we >> have 150/25 over coax. i think performance is pretty good most of the time >> (we are a small school).. but not everyone agrees with me. If we have too >> little bandwidth (are hitting a max periodically) I'd like to know that. >> >> Thanks in advance for help with this and recommendations about anything >> else I should put on this old PC to help with this exercise. >> > > It's best to be looked at from the firewalls perspective. What are you > using for a firewall? Is it up to the task to NAT the number of sessions > it is likely having to NAT? The first place I would look would be the > firewall itself. Many times, a cheap/underpowered firewall is the cause of > crappy speeds, and not the network itself. > > Thomas > > > _______________________________________________ > gnhlug-discuss mailing list digest > [email protected] > http://mail.gnhlug.org/mailman/listinfo/gnhlug-discuss/ > > -- -------------- Joseph Guarino Evolutionary IT - Best Practice IT(tm) Website: www.evolutionaryit.com Blog: www.evolutionaryit.com/blog Social Networks: network.evolutionaryit.com 888.404.5074
_______________________________________________ gnhlug-discuss mailing list [email protected] http://mail.gnhlug.org/mailman/listinfo/gnhlug-discuss/
