For most of us in the SMB segment, clients predominantly use either DSL or cable connections to the internet. Why? It’s inexpensive for one… and in general it seems to meet or exceed their needs. But how do you know when it ceases to meet those needs? Do you know how much bandwidth they’re utilizing on a daily (or hourly) basis? What about traffic spikes- how often do they occur? Have you considered the upstream limitations?
All of these things require data. As IT service providers, we make data-based recommendations to our clients – we use measurements, and performance metrics to justify these recommendations – and we proactively notify clients when things change about their network. We don't talk about how fast or slow things subjectively feel.
Great… so how do you go about getting this data?
Well, they are lots of different ways to approach this… We like to use ntop. Why? It’s pretty straightforward to install, configure, and get working – even for those new to Linux (apparently W32 binaries do exist). It’s also open-source, and free. Most importantly though, it produces graphs depicting bandwidth utilization over time. And graphs are great for visualizing problems. It does lots of other things too… it eanbles you to track down the biggest bandwidth users at a client site, it helps identify broadcast traffic where it shouldn’t be, and it enables you track down things like unexpected p2p traffic.
Of course, there are lots of other options to getting at bandwidth data… MRTG comes to mind, as does GFI Web Monitor for those looking for an ISA-based solution. You can even do some neat stuff with LogParser, ISA, and IIS. All that being said, ntop is convenient, free, and it produces results that your clients can clearly envision when you discuss utilization with them.