Hello everyone,,
I'm looking for a, preferably free, network analyzer I can use to analyze the traffic between our network and our branch mpls sites.
We do not need any in-depth analysis, what I'm mostly interested in is seeing a graphical representation of historical and live data of bandwidth being used between source and destination IPs. This analyzer can be placed in-path or take its information from data being sent to a mirror port. It's all the same to me.
We already have Nagios and Cacti for monitoring of host status and bandwidth usage but if a individual user is transferring a large file over the mpls link, we have no idea of know who it is. I'm hoping to solve this.
Thanks for any suggestions!!!
I imagine you won't get a whole lot of traction in discussing free traffic analyzers on the vendor's forum of a paid traffic analyzer tool.
Since the other tools you mention are all pretty classic Linux stuff then the most typical free Linux-centric answer these days is going to be something like sending layer 3 flow data to Greylog or ELK. With you talking about having a collector in-path or mirrored then it makes it sound like you want to do an actual packet capture, of course tcpdump and wireshark are the classic tools there, but the cool new thing lately is eBPF which is basically an efficient protocol for doing 24x7 network packet tracing from all your linux hosts. It's built into anything running linux kernel 4+ , http://www.brendangregg.com/ebpf.html
I will say, all of these have a pretty significant learning curve but once you know how to leverage them they are all capable of doing the job. Or if you have the appetite for paid software SolarWinds has really easy to learn tools. https://www.solarwinds.com/netflow-traffic-analyzer
