<div dir="ltr"><div>Hi,</div><div><br></div><div>If your firewall supports SNMP you can use any number of tools such as Ntopng, Cacti or MRTG to see what is up with your packets. If your firewall isn't able to handle the load of this function in addition to its day to day functioning you can always separate this out to another Linux box that you attach to a SPAN port on your switch or use a tap to monitor your connection. </div><div><br></div><div>Are you using the Comcast gateway as your firewall? If so, I'd recommend upgrading to any number of great open source firewalls which can be built on commodity hardware for ~$1000 you'll get an enterprise grade firewall with supernumerary features. Proxying, malware scanning and QoS would certainly be helpful to your situation. I'd recommend looking at OpnSense or Untangle. Both are open and offer community and corporate support. Both of these vendors offer ready made firewall solutions as well. Both of these have some of the bandwidth monitoring features among their many others.</div><div><br></div><div><a href="https://opnsense.org/">https://opnsense.org/</a><br></div><div><a href="https://www.untangle.com/">https://www.untangle.com/</a><br></div><div><br></div><div>In terms of gaining insight into your traffic you'll either need a network switch that supports SPAN/port mirroring or a network TAP. Then you can use any number of tools to get VERY detailed insights into the traffic flowing on your network. Tools like NtopNg,Cacti, MRTG among others would give you LOTS of insights of what is happening with your network.</div><div><br></div><div><a href="https://www.ntop.org/products/traffic-analysis/ntop/">https://www.ntop.org/products/traffic-analysis/ntop/</a><br></div><div><a href="https://www.cacti.net/">https://www.cacti.net/</a><br></div><div><a href="https://oss.oetiker.ch/mrtg/">https://oss.oetiker.ch/mrtg/</a><br></div><div><br></div><div>Lastly, I'd not use Windows 8 for anything other than.. well nothing. =P You can take that desktop and throw just about ANY Linux desktop focused distro on it and then put Ntop, Catcti, Wireshark on it and it'll be a heck of a lot more secure, stable and performant. You can then plug that into a SPAN/port mirror or into a network tap and see EVERYTHING going on. Ntop and Cacti will give you TONS of info. As I detailed above many of the firewalls have some of the features you may need. In the end, architecting this is entirely up to you and your budget and needs. </div><div><br></div><div>Hope this is helpful.</div><div><br></div><div>Have a great weekend,</div><div>Joe</div><div><br></div><div><br></div><br><div class="gmail_extra"><div class="gmail_quote"><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex"><br>---------- Forwarded message ----------<br>From: Thomas Charron <<a href="mailto:twaffle@gmail.com">twaffle@gmail.com</a>><br>To: jsf <<a href="mailto:jfreeman@gmail.com">jfreeman@gmail.com</a>><br>Cc: GNHLUG <<a href="mailto:gnhlug-discuss@mail.gnhlug.org">gnhlug-discuss@mail.gnhlug.org</a>><br>Bcc: <br>Date: Wed, 9 May 2018 12:42:27 -0400<br>Subject: Re: bandwidth capture question<br><div dir="ltr"><div class="gmail_extra"><div class="gmail_quote">On Fri, May 4, 2018 at 1:09 PM, jsf <span dir="ltr"><<a href="mailto:jfreeman@gmail.com" target="_blank">jfreeman@gmail.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex"><div dir="ltr">Hi friends,<div><br></div><div>I am IT dir. at a small independent school in CT nowadays. I have a comcast modem. my firewall plugs into a wired port in the comcast modem. I have an old PC running windows 8.1. I have installed wireshark on the old PC. I have plugged the old PC's network interface into another wired port on the comcast modem. Ideally I would like to use wireshark to capture EVERYTHING going across the modem - basically everything that is going in and out of the connection between the modem and my firewall. I am at a loss w/r/t how to set this up properly.</div></div></blockquote><div><br></div><div> That'd be doing it wrong, and you'd be looking at a giant list of spaghetti.</div><div> </div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex"><div dir="ltr"><div>I am trying to get a sense regarding the schools' bandwidth usage.. we have 150/25 over coax. i think performance is pretty good most of the time (we are a small school).. but not everyone agrees with me. If we have too little bandwidth (are hitting a max periodically) I'd like to know that.<br></div><div><br></div><div>Thanks in advance for help with this and recommendations about anything else I should put on this old PC to help with this exercise.</div></div></blockquote><div><br></div><div> It's best to be looked at from the firewalls perspective. What are you using for a firewall? Is it up to the task to NAT the number of sessions it is likely having to NAT? The first place I would look would be the firewall itself. Many times, a cheap/underpowered firewall is the cause of crappy speeds, and not the network itself.</div><div><br></div><div> Thomas</div><div> </div></div>
</div></div>
<br>______________________________<wbr>_________________<br>
gnhlug-discuss mailing list digest<br>
<a href="mailto:gnhlug-discuss@mail.gnhlug.org">gnhlug-discuss@mail.gnhlug.org</a><br>
<a href="http://mail.gnhlug.org/mailman/listinfo/gnhlug-discuss/" rel="noreferrer" target="_blank">http://mail.gnhlug.org/<wbr>mailman/listinfo/gnhlug-<wbr>discuss/</a><br>
<br></blockquote></div><br><br clear="all"><div><br></div>-- <br><div class="gmail_signature"><div dir="ltr"><div><div dir="ltr">--------------<br>Joseph Guarino<br>Evolutionary IT - Best Practice IT(tm)<br>Website: <a href="http://www.evolutionaryit.com" target="_blank">www.evolutionaryit.com</a><br>Blog: <a href="http://www.evolutionaryit.com/blog" target="_blank">www.evolutionaryit.com/blog</a><br>Social Networks: <a href="http://network.evolutionaryit.com" target="_blank">network.evolutionaryit.com</a><br>888.404.5074 <br></div></div></div></div>
</div></div>