Home > support > Knowledge Base > Questions > How to Discern Excessive Bandwidth Usage using PRTG Traffic Grapher
Knowledge Base
How to Discern Excessive Bandwidth Usage using PRTG Traffic Grapher
Diese Seite steht leider noch nicht auf Deutsch zur Verfügung. Wir bitten um Ihr Verständnis!
Beyond normal bandwidth monitoring capabilities based on SNMP, PRTG allows administrators to discern actual bandwidth usage based on multiple parameters, such as IP addresses, port numbers, protocols, etc., using either packet sniffing or Netflow collector sensors. Packet sniffing sensors generally use the host machine's network card but can be configured to use monitoring ports found on some networking devices using port mirroring / forwarding in order to monitor the overall network bandwidth utilization. Netflow collectors receive data forwarded by Netflow-capable Cisco devices using Netflow collector licenses (available as PRTG add-ons). The configuration and implementation methods are outlined below.Packet Sniffing Sensors
Using a device equipped with a "monitoring port" or "port mirroring" you can monitor all the traffic in your network. Most unmanaged switches do not have this feature, many managed switches do.
Port mirroring is used on a network switch to send a copy of all network packets seen on one switch port to a monitoring network connection on another switch port. This is commonly used for network appliances that require monitoring of network traffic, such as an intrusion-detection system. Port mirroring on a Cisco Systems switch is generally referred to as SPAN.
BTW: You can also use an old-fashioned hub. Hubs send all network packets to all ports but they are a lot slower than switches
- Configure the switch(es) to send a copy of all network packets to the IP of the machine running PRTG
- Create a new Packet Sniffer Sensor without any filtering to monitor network's total traffic
Note: If you have several switches/routers you may not see all traffic if you only monitor one device
Further information on setting up Packet Sniffer sensors can be found here.
Netflow Collector Sensors
Configure the NetFlow protocol on the router to send NetFlow packets to the computer running PRTG
- (Purchase and) install Netflow Collector License (also works with trial license)
- Configure a Netflow collector in PRTG
- Create one new NetFlow sensor for each IP or protocol to be monitored and apply a filter based on the IP or protocol for each item you want to monitor
- Or: If you do not need long term accounting data for each PC and only want to know the current and recent traffic by IP or protocol, you can create just one NetFlow sensor and enable the Toplist feature based on IP or protocol.
Note: If you have several switches/routers you may not see all traffic if you only monitor one device
Further information on setting up Netflow sensors can be found here.
Configuring relevant Top Lists
Note 1: When working with Toplists be aware that privacy issues can come up for certain configurations of this feature. Using Toplists you can track all single connections of an individual PC to the outside world and you, as the administrator, must make sure that it is legal for you to configure PRTG like this.
Note 2: Keep in mind that Toplists are also shown in the web interface. You may not want to show lists of domains used in your network to others. In this case protect your PRTG webserver using passwords.
When you set up a new NetFlow or Packet Sniffer sensor three Toplists are created automatically:
- Top Talkers
- Top Connections
- Top Protocols
This covers the most basic needs, but you can also edit the three toplists or create additional ones. Use the Add, Edit, and Delete buttons to manage your Toplists.
Further information on editing Toplists can be found here.
Configuring the system to use Top Lists in order to discern excessive usage based on IP address
- Configure the device(s) in case to send a copy of all network packets to the IP of the machine running PRTG
- Create one new Packet Sniffer / Netflow Collector sensor for each PC to be monitored and apply a filter based on the MAC address or IP of each PC you want to monitor
- Or: If you do not need long term accounting data for each PC and only want to know the current and recent traffic by IP, you can create just one Packet Sniffer sensor and enable the Toplist feature based on IP.
Note: If you have several switches/routers you may not see all traffic if you only monitor one device
Once the relevant sensors are defined, you can recognize bandwidth usage either by comparing the individual sensor data or by monitoring the top list entries. Top lists also include a trend entry allowing to determine, at a glance, what machines / users are using more / less bandwidth than in prior scans. Furthermore, top lists will include listings of visited IP addresses (optionally, DNS resolution can be turned on in the top list settings), as such allowing to determine what machine / user accessed what server / web site.
Note: PRTG can not block access to any specific IP range, domain, DNS, or website!
Note: In order to monitor network traffic by IP address or protocol used by a shared Internet connection or leased line, please select filtering to exclude LAN IP addresses.
Click on the following links for further information on filters and protocols.
Further documentation
The following knowledgebase articles can further explain how to implement more customized monitoring solutions:
What does the "Other" channel mean in PRTG (including helpful information on how to define custom filtering paraemters)
Configuration tips for Cisco routers (including Netflow configuration information)
How RAM is allocated when using top lists
Comparing SNMP-based monitoring with packet sniffing and Netflow monitoring
By Category
- PRTG Traffic Grapher V6 - Tips&Tricks (23)
- Serving Web Pages of PRTG Traffic Grapher With Other Web Servers
- Using live graphs from PRTG in other webpages using static image URLs
- How to find out OIDs for Custom SNMP sensors
- Automated License Key Installation for PRTG Traffic Grapher
- Changing the port number of a sensor in the .prtg file manually
- What does the OTHER channel mean in PRTG Traffic Grapher
- How to change the data storage drive and folder of PRTG Traffic Grapher
- How to move an installation of PRTG Traffic Grapher to another computer
- Monitoring System Parameters like Memory, CPU and Disks on Linux Systems via SNMP
- Why do I see Huge Peaks or Spikes in Graphs for SNMP Sensors?
- How can I change the colors of the sensor list in the web interface of PRTG Traffic Grapher
- Customizing Panel Layouts for Custom Graphs
- How RAM memory is allocated when using top lists in PRTG Traffic Grapher
- How to set up audible notifications for PRTG and IPCheck using speech synthesis software
- What to do if the PRTG service does not start after shutting down the GUI
- No data displayed in PRTG Live Graph
- How to update to the latest version of PRTG Traffic Grapher
- Binding historic datasets to new sensors and recalculating historic data for an individual sensor
- Changing existing PRTG custom sensors from Delta to Gauge (and vice-versa)
- How to Discern Excessive Bandwidth Usage using PRTG Traffic Grapher
- Installation of PRTG Traffic Grapher on Ubuntu with Wine
- Why we do not recommend installing software via Remote Desktop
- Command Line Parameters and Exit Codes for Paessler Setups
- PRTG Traffic Grapher V6 - Project Design and Planning (14)
- How to set up traffic monitoring with PRTG for various infrastructures
- Configuration Tips for Cisco Routers and PRTG
- Netflow 5 Filter Parameters supported by PRTG Traffic Grapher
- Planning large installations of PRTG Traffic Grapher
- Comparing PRTG's SNMP based monitoring with Netflow Monitoring and Packet Sniffer based monitoring
- Using Paessler Netflow Tester to debug NetFlow installations
- How to move an installation of PRTG Traffic Grapher to another computer
- How RAM memory is allocated when using top lists in PRTG Traffic Grapher
- Does my Cisco device (Router/Switch) support NetFlow Export?
- How to update to the latest version of PRTG Traffic Grapher
- Binding historic datasets to new sensors and recalculating historic data for an individual sensor
- Changing existing PRTG custom sensors from Delta to Gauge (and vice-versa)
- How to Discern Excessive Bandwidth Usage using PRTG Traffic Grapher
- Why we do not recommend installing software via Remote Desktop
PRTG Traffic Grapher V6
- PRTG Traffic Grapher V6 (27)
- PRTG Traffic Grapher Version History (V4-6)
- Configuration Tips for Cisco Routers and PRTG
- How PRTG Traffic Grapher stores its data
- Using live graphs from PRTG in other webpages using static image URLs
- Upgrading from PRTG Version 3 to Version 6
- Upgrading from PRTG Version 4 to Version 6
- Solving "Could not connect" or "Error 10060" Messages when using SNMP
- How can I load/import my MIB files into PRTG or IPCheck?
- Do I need the Freeware Edition or PRTG or one of the Commercial Editions?
- Do I need PRTG Traffic Grapher or IPCheck Server Monitor?
- Analyzing runtime problems of PRTG Traffic Grapher
- What does the OTHER channel mean in PRTG Traffic Grapher
- What is shown in the "Coverage" column in data tables of PRTG Traffic Grapher?
- Why do I see Huge Peaks or Spikes in Graphs for SNMP Sensors?
- How can I change the colors of the sensor list in the web interface of PRTG Traffic Grapher
- Customizing Panel Layouts for Custom Graphs
- Details about the meaning of the "Busy Sensors" value in PRTG Traffic Grapher
- Does my Cisco device (Router/Switch) support NetFlow Export?
- What to do if the PRTG service does not start after shutting down the GUI
- No data displayed in PRTG Live Graph
- How to update to the latest version of PRTG Traffic Grapher
- Binding historic datasets to new sensors and recalculating historic data for an individual sensor
- Changing existing PRTG custom sensors from Delta to Gauge (and vice-versa)
- How to Discern Excessive Bandwidth Usage using PRTG Traffic Grapher
- Issues with SNMP Helper Pro / Packet Sniffer sensors caused by DEP settings
- Installation of PRTG Traffic Grapher on Ubuntu with Wine
- Why we do not recommend installing software via Remote Desktop
Related Articles
- A short introduction to IP Addresses
- Can I monitor the bandwidth usage of different protocols?
- Can I monitor the individual bandwidth usage of each port of my router?
- Can I monitor the traffic of several computers using one leased line?
- Can I monitor the traffic of several websites running on one machine?
- Comparing PRTG's SNMP based monitoring with Netflow Monitoring and Packet Sniffer based monitoring
- Configuration Tips for Cisco Routers and PRTG
- Does my Cisco device (Router/Switch) support NetFlow Export?
- How PRTG Traffic Grapher stores its data
- How RAM memory is allocated when using top lists in PRTG Traffic Grapher
- How to set up traffic monitoring with PRTG for various infrastructures
- Netflow 5 Filter Parameters supported by PRTG Traffic Grapher
- Planning large installations of PRTG Traffic Grapher