One of the most critical aspects of your network infrastructure is how well it’s performing. The question that I often get asked as a provider of infrastructure services is, “Am I getting the most out of my local network and my internet bandwidth?” This is the one question that I have to know an answer for, because a LOT of the businesses I support rely on their network being available and being fast.
When I’m asked to manage network infrastructure, one of the first tools we install is ntop. Ntop stands for network top, where top is a Unix utility to show real-time statistics about your operating system. This utility monitors your network in real-time and provides a wealth of information which you can use to answer that simple question I asked earlier. So why use ntop? Well, here’s 5 good reasons why:
1. View real-time traffic stats and network utilization
With a couple of clicks on your local ntop installation, you can quickly determine how much traffic is in use right now. If someone complains that the internet is slow, you can quickly find out what and/or who is your top traffic user. The information is presented in a nice, easy-to-read table format, which you can sort based on traffic stats to quickly track down the bandwidth hog!
2. Detect and stop viruses/worms
Recently, we had a user who had their computer infected with a spam worm, and their machine was sending hundreds of emails an hour. Subsequently, they got blacklisted as a spam site, and email halted for them. The problem was, they had no idea that their machine was sending out the spam! Using ntop, we were able to filter by SMTP traffic and found one machine sending a large amount of SMTP packets outbound. I placed a firewall rule in place on their machine, the SMTP traffic stopped and I subsequently cleaned up the worm on their machine.
3. Prevent inbound attacks on your network
Ntop can show you inbound traffic as well as outbound traffic, so if you believe that your web site is being hit with denial of service attack, you can quickly bring up ntop and find out where the traffic is coming from and then work to block that traffic. This can invaluable for keeping your website online and operational and is really useful if your business relies on that website being available for business!
4. Monitor a wide variety of protocols
If your internal network uses different protocols than TCP/IP, such as Appletalk, DECNET, NetBIOS, or IPX, you can keep an eye on them as well. When you have a mixed network with different protocols, it’s wise to monitor them separately. Fortunately, ntop can handle them all on a single machine as long as that machine has access to those networks and protocols.
5. Find network abuse or company policy violations quickly
You can use ntop to monitor traffic and quickly identify those situations where network traffic does not comply with specified company policies or when it exceeds some defined thresholds. In general, network administrators specify policies that prevent abuse of the network (such as visiting illegal websites, downloading of pornography, or internet gambling). Nevertheless, it is possible that some hosts will not comply with company policy, and ntop can be used to find those violations. However, sometimes a user is abusing the network without knowing so, either by a misconfigured operating system, network interface, network appliance, or a software application. In any case, ntop makes it very easy to track down who’s doing what.
Summary
Network management is becoming an increasingly complex task due to the different types of networks, and the integration of mobile devices within a corporate network. As these networks become larger, more complex, and different devices are accessing it, the cost of network management rises. Automated tools like ntop can really save a lot of time and headaches for a network administrator. As I mentioned earlier, it’s one of the standard tools we at SPK & Associates use when we manage a client’s network infrastructure.
In a future blog post, I’ll go into how to set up ntop in a few easy steps, and you’ll be able to take advantage of this powerful tool! If you have any questions about this topic, feel free to comment! I’m happy to respond to anything related.
Next Steps:
- Contact SPK and Associates to see how we can help your organization with our ALM, PLM, and Engineering Tools Support services.
- Read our White Papers & Case Studies for examples of how SPK leverages technology to advance engineering and business for our clients.
Bradley Tinder, Systems Integrator, SPK & Associates