Network traffic measurement

From Wikipedia, the free encyclopedia
Jump to: navigation, search

In computer networks, network traffic measurement is the process of measuring the amount and type of traffic on a particular network. This is especially important with regard to effective bandwidth management.


Network performance could be measured using either active or passive techniques. Active techniques (e.g. Iperf) are more intrusive but are arguably more accurate. Passive techniques are of less network overhead and hence can run in the background to be used to trigger network management actions.

Measurement Studies[edit]

A range of studies have been performed from various points on the Internet. The AMS-IX (Amsterdam Internet Exchange) is one of the world's largest Internet exchanges. It produces a constant supply of simple Internet statistics. There are also numerous academic studies that have produced a range of measurement studies[1] [2] [3] on frame size distributions, TCP/UDP ratios and TCP/IP options.


Various software tools are available to measure network traffic. Some tools measure traffic by sniffing and others use SNMP, WMI or other local agents to measure bandwidth use on individual machines and routers. However, the latter generally do not detect the type of traffic, nor do they work for machines which are not running the necessary agent software, such as rogue machines on the network, or machines for which no compatible agent is available. In the latter case, inline appliances are preferred. These would generally 'sit' between the LAN and the LAN's exit point, generally the WAN or Internet router, and all packets leaving and entering the network would go through them. In most cases the appliance would operate as a bridge on the network so that it is undetectable by users.

Functions and features[edit]

Measurement tools generally have these functions and features:

  • User interface (web, graphical, console)
  • Real-time traffic graphs
  • Network activity is often reported against pre-configured traffic matching rules to show:
    • Local IP address
    • Remote IP address
    • Port number or protocol
    • Logged in user name
  • Bandwidth quotas
  • Support for traffic shaping or rate limiting (overlapping with the network traffic control page)
  • Support website blocking and content filtering
  • Alarms to notify the administrator of excessive usage (by IP address or in total)

Some available tools[edit]

Some of the available tools include:

  • Argus processes packets into detailed network flow audit data for operations, performance and security management.
  • Cacti allows a user to poll services at predetermined intervals and graph the resulting data.
  • cFosSpeed performs traffic classification and lets the user display, shape, tag or rate-limit protocols or programs under Windows.
  • FlowMon is a complete solution for NetFlow monitoring and analysis including probes up to 10 Gbit/s, collectors and other supervision systems.
  • InterMapper Originally developed for the Macintosh Classic in 1994 by the network manager of Dartmouth College this application uses SNMP, Ping and Netflow to build a graphical network map similar to HP Openview which shows bandwidth usage by port information and protocol. VLAN aware. Supported platforms: Mac OS X, Linux and Windows.
  • LiveAction provides real-time routing layer visualizations that allow the user to see and troubleshoot routes and implement policy-based routing.
  • MRTG.
  • NetBeez is an active network performance solution that uses hardware agents to perform end-to-end measurements.
  • NetLimiter is a traffic monitoring and shaping software for Windows.
  • ntopng is an open-source, real-time, web-based traffic monitoring for Unix (Linux, Mac OS X, FreeBSD) and Window systems.
  • SolarWinds Orion NPM is a network monitoring system that polls devices on a regular interval using ICMP, SNMP, and/or WMI as well as receive SNMP Traps and Syslog messages in real time. It then processes and presents this data in an easy to use and fully customizable web console. Out-of-the box the program can be configured to scan and start monitoring your entire network without much setup or customization time. However, its real strength is in its ability to be customized to fit your needs including customized web views, reports, thresholds, alerts (email, SMS, run a script, etc...). They also make other modules like SAM for Application Monitoring, NTA for Netflow Traffic Analysis, NCM for device configuration backups and batch editing, and many many more modules, most of which fully integrate into the NPM web console or can be used as stand-alone products. Their core customer is small to large businesses and they offer full support as well as one of the best and most active help websites at
  • OmniPeek is an end-to-end network monitoring solution, offering support for many packet adapters and remote collectors.
  • Observium is an autodiscovering network monitoring application focusing on extensive data collection and graphing of network infrastructure.
  • PRTG runs on Windows, with graphical and web interfaces. It captures packets using Cisco Netflow or packet sniffing or uses SNMP to monitor bandwidth usages.
  • Wireshark network packet logger, visualizer, inspector, some analyses.
  • PacketTrap Networks - Traffic and Traffic Flow Analyzer
  • Scrutinizer NetFlow and sFlow Analyzer provides deep visibility into network traffic behavior and trends. Leveraging NetFlow, J-Flow, and sFlow data, NetFlow Traffic Analyzer identifies which users and applications are consuming the most bandwidth.
  • Sparrowiq Packet-based network traffic monitoring and analytics.
  • Sandvine Intelligent Network Solutions measure and manage network traffic using Policy Traffic Switches
  • SevOne Network Performance Monitoring System.

The Netflow article also lists devices which generate and applications which analyse Cisco Netflow records.

  • Streamcore StreamGroomer features an integrated tap mechanism by means of which a copy of the actual network traffic is made and performance analysis is carried out on this replicated traffic. Regulates and measures the traffic exchanged between LAN and WAN networks.

See also[edit]

External links[edit]


  1. ^ Murray, David; Terry Koziniec (2012). "The State of Enterprise Network Traffic in 2012". 18th Asia-Pacific Conference on Communications (APCC 2012). 
  2. ^ Zhang, Min; Maurizio Dusi, Wolfgang John, and Changjia Chen, (2009). "Analysis of udp traffic usage on internet backbone links". In Proceedings of the 2009 Ninth Annual International Symposium on Applications and the Internet. 
  3. ^ Wolfgang, John; Sven Tafvelin (2007). "Analysis of internet backbone traffic and header anomalies observed". in Proceedings of the 7th ACM SIGCOMM conference on Internet measurement.