Examples

The system used to perform these measurements

Mainboard Asus CUR-DLS

Processor Intel Pentium III @ 1GHz

Memory 512 MB SDRAM (reg.)

NICs Gigabit Intel PRO/1000T
(measurements)

10/100Mbit Intel 82259, onboard
('normal' connectivity)

OS Linux (2.4.5-ac13 kernel)
Debian distribution

Mainboard	Asus CUR-DLS
Processor	Intel Pentium III @ 1GHz
Memory	512 MB SDRAM (reg.)
NICs	Gigabit Intel PRO/1000T (measurements)
10/100Mbit Intel 82259, onboard ('normal' connectivity)
OS	Linux (2.4.5-ac13 kernel) Debian distribution

A few 'MRTG' like graphs.

In all graphs, 'out' means going from the local network to the internet.

The bit rate over a 24 hour period; both inbound & outbound traffic (& combined).

The packet rate over the same 24 hour period. Note the 'flood-attack' (peak in the graph)

System load

The system load over (again) the same 24 hour period.
Note that the load graph has exactly the same shape as the packet-rate graph,
since matching to a rule set is done per-packet.
The size of the packet (and linked to that: the bit rate) has little influence on the system load.

Determining the MAX

The maximum packet rate a measurement system can handle can be guesstimated by plotting the system load versus the packet rate.
The mark at (51 kpps, 100%) equals the flood-attack seen in the previous graphs.
A linear approximation reaches 100% load at 57 kpps; the actual limit of 51 kpps is 10% lower.

Weighing packets

By combining the info on packetrate and bitrate the average packet size can be determined.
(and yes, an average packet size of 1000 bytes is large)

Where is that packet going?

The previous examples could also have been accomplished by reading the standard counters present in switches and routers.

Those counters will tell you, for example, how many packets were sent or received on an interface.
What those counters cannot tell you is where those packets were going.
By feeding NeTraMet the appropriate rulesets; it can tell you just that.
The example below shows the traffic, as seen by the meter PC, classified into four different flows.

Traffic going to/coming from outside the local network (external)
Traffic staying within the network (local)
Traffic going to/coming from users connected via Cable modems (cable)
Traffic going to/coming from users connected via ADSL (ADSL)

Hey, big spender!

Another example is classifying traffic based on the 'local' address, producing a flow for every IP address (host) on the network.
This will show the top talkers on the network.

In this case it shows that host 10.0.0.7 sent and received a total of appr. 150 Gigabyte of traffic in one week.
The major part was traffic from that host to external hosts ('external out').
About 15 GBytes of traffic followed the reverse direction ('external in').
The local traffic to/from was relatively small ('internal out' and 'internal in')

This page was last updated January 1, 1970.
For questions please contact Remco Poortinga