Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations strongm on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Monitoring the Well known Ports ? 2

Status
Not open for further replies.
jkeeper

jkeeper

MIS
Jul 19, 2000
69
US
Hello All,

I have been asked to go to a remote site and set up Sniffer
to monitor many of the well known ports such as port 80 and port 23. Can someone tell me how to do that?

I will be connecting to a switch that is connected to a router. I will span the Router's port. Now, The Router feeds
the network and if I capture all the ports traffic want I be doing the same as sniffing port specific? If I capuure all traffic coming from the PDC to that Router port, want I still be doing the same thing? Would you please give me an example as how to configuer sniffer to do port monitoring.


Is there some software utility other than a snifer that will tell me what apps are using what ports? And to be honest, what ports am I looking for....Router, switch or server port or apps ports.

I think and I shall get more information.
we removed one of two T1's and now they want to know
how much traffic and what is using the bandwith.? On that remote site. We can monitor the T1 coming into Central where the PDC is because we do not have an ATM Sniffer.

Hope I gave you enough information

Thanks for any help
 
Sort by date Sort by votes
The Sniffer is too low a level tool for the monitoring you want to do. While it can capture the packets and see a protocol distribution, it won't really give you the type of information you mentioned.

Some of the tools I have worked with that provide exactly the information you are looking for are Packeteer and Compuware's EcoScope. Both of these tools are designed to be put inline between the router and the rest of the network.

The Packeteer will begin monitoring the traffic going across the circuit and develop graphs to show the utilization. As well as being able to see how much of what traffic is going across your link, you will be able to see the top talkers.

Once you get an idea of what traffic is going across, the box allows you to begin shaping the traffic to meet the requirements of you organization. You can limit HTTP traffic and give more bandwidth to mission critical applications.

I am a big believer in using the right tool for the right job. The Sniffer is a GREAT tool for doing packet analysis. In fact I've used it to make a living for the last 7 years, but for characterizing traffic across a WAN link and reporting on it, not so good...

Hope this helps!
 
Upvote 0 Downvote
Hi.

If you want to do some port monitoring, you could do so in different ways even if you are not sure what ports are being used on that link.
- Standard ports: you could capture all traffic and then using Matrix post-analysis tab you could filter the stations using ports you want, once identified those ports, you could build and apply Data Pattern filters in order to see utilization in a port by port basis.
- If only need statistics of Response Time, you can use ART to see it, setting up ports you need.
- No-standard ports ? use TOOLS>OPTIONS>PROTOCOLS to set up new TCP, UDP and IPX ports. Now they will appear on ART tool.
- With captured data, you can build a Display Data Pattern filter like this:
"tcp dest port 80 OR source port 80" or "Dest port 23 OR source port 23" ( boolean operators ), etc.

I'm sure you can do it in many ways, with Monitor Filters Capture Filters and Display Filters, I've done it before, and client was very happy !


 
Upvote 0 Downvote
Thank you, mpennac and AlexTovar!
I am will use your advice today. I allso have another utility that I will try. "Performance Monitor".

Jkeeper
 
Upvote 0 Downvote
I agree with AlexTovar. Documenting under Tools, Options, Protocols gives you the ability to define all the other protocols that aren't already defined as standard in Sniffer. We have been using this feature to identify the amount of bandwidth that is being used by apps like Kazza, Morpheus, and other peer sharing programs. I have quite a few protocols listed in my Sniffer. Then you can use the graph it produces for exports to supply management with the nice GUI they like to see showing statistics.

The only downside to it is, you have to enter these in by hand one by one (one protocol and one port number). So, if you have protocols that use a range of port numbers, you need to enter in each port number you want to capture/monitor.


Good Luck!
DTMan
 
Upvote 0 Downvote
just questions

If an app uses random port numbers, how to simplify this setting?
And I found that Protocol Dist. does not display Voice (RTP, RTCP,..) separating from Others protocol. Also Report generated by Reporter is not distinguishing. how to work around.

BAR
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

Oleg11
  • Locked
  • Question
remote access to the computer
Replies
0
Views
112
Oleg11
Oleg11
hunt3rxhunt3r
  • Locked
  • Question
Desktop/Network Hardware monitoring
Replies
1
Views
130
MikeHalloran
MikeHalloran
jromlop
  • Locked
  • Question
ports SniffView
Replies
0
Views
56
jromlop
jromlop
arvindai
  • Locked
  • Question
ports question
Replies
2
Views
84
NFI
NFI
ir1shm1ike
  • Locked
  • Question
Mirror 2 Ports for Traffic??
Replies
1
Views
68
jdeisenm
jdeisenm

Part and Inventory Search

Sponsor

Back
Top