We are looking for a network bandwidth & services monitoring software that we intend to deploy in three different places on a particular network we are managing.
The probe points for such a network bandwidth & services monitoring software would be:
1. Outside the IPS (Intrusion Prevention System) Device
2. Inside the IPS and Outside of the Firewall
3. Inside the Firewall.
The network is configured as such:
Router -> IPS -> Firewall -> Switch
Our goal is simple:
We want to know "what" the traffic is - that is coming in and going out (Preferably in a Graphical Format). In particular we would like to know:
1. Type of Traffic? FTP, HTTP, SMTP, SSH, POP, etc.
2. Bandwidth usage (in real-time) (on the whole, on the whole for each service and individually broken down for each destination IP address)
3. Destination Address - Source Address statistics.
The software's primary usage is to be able to determine traffic types and IPs. For example if the total bandwidth for HTTP being utilized at any point in time is say 6Mbps, then the software should be able to bifurcate the following:
Destination IP Address A.B.C.D using say 3Mbps of HTTP Traffic
Destination IP Address X.Y.Z.Z using say 1.5Mbps of HTTP Traffic
Destination IP Address P.Q.W.E using say 1Mbps of HTTP Traffic
Destination IP Address H.H.W.Q using say 0.5Mbps of HTTP Traffic
We should be able to do this for all types of traffic (SSH, FTP, HTTP, POP, SMTP, HTTPS, etc.) and be able to do it in real-time and be able to find out what the traffic/service load is traversing through the probe point where we have installed this software.
I've looked around, but cannot seem to find such a software, even IBM's Tivoli (which we DO use) cannot handle this particular requirement. The software can be Open-Source or Commercial, that is inconsequential at this point in time.