• Traffic control software. Review of the best programs for monitoring traffic on a PC

    Any administrator sooner or later receives instructions from management: “count who goes online and how much they download.” For providers, it is complemented by the tasks of “letting whoever needs it in, taking payment, limiting access.” What to count? How? Where? There is a lot of fragmentary information, it is not structured. We will save the novice admin from tedious searches by providing him with general knowledge and useful links to hardware.
    In this article I will try to describe the principles of organizing the collection, accounting and control of traffic on the network. We will look at the issue and list possible ways to retrieve information from network devices.

    This is the first theoretical article in a series of articles devoted to the collection, accounting, management and billing of traffic and IT resources.

    Internet access structure

    In general, the network access structure looks like this:
    • External resources - the Internet, with all sites, servers, addresses and other things that do not belong to the network that you control.
    • Access device – router (hardware or PC-based), switch, VPN server or concentrator.
    • Internal resources are a set of computers, subnets, subscribers whose operation on the network must be taken into account or controlled.
    • A management or accounting server is a device on which specialized software runs. Can be functionally combined with a software router.
    In this structure, network traffic passes from external resources to internal ones, and back, through the access device. It transmits traffic information to the management server. The control server processes this information, stores it in the database, displays it, and issues blocking commands. However, not all combinations of access devices (methods) and collection and control methods are compatible. The various options will be discussed below.

    Network traffic

    First, you need to define what is meant by “network traffic” and what useful statistical information can be extracted from the stream of user data.
    The dominant internetworking protocol is still IP version 4. The IP protocol corresponds to layer 3 of the OSI model (L3). Information (data) between the sender and the recipient is packaged into packets - having a header and a “payload”. The header determines where the packet is coming from and to (sender and recipient IP addresses), packet size, and payload type. The bulk of network traffic consists of packets with UDP and TCP payloads - these are Layer 4 (L4) protocols. In addition to addresses, the header of these two protocols contains port numbers, which determine the type of service (application) transmitting data.

    To transmit an IP packet over wires (or radio), network devices are forced to “wrap” (encapsulate) it in a Layer 2 (L2) protocol packet. The most common protocol of this type is Ethernet. The actual transmission “to the wire” occurs at the 1st level. Typically, the access device (router) does not analyze packet headers at levels higher than level 4 (exception is intelligent firewalls).
    Information from the fields of addresses, ports, protocols and length counters from the L3 and L4 headers of data packets constitutes the “raw material” that is used in traffic accounting and management. The actual amount of information transmitted is found in the Length field of the IP header (including the length of the header itself). By the way, due to packet fragmentation due to the MTU mechanism, the total amount of data transmitted is always greater than the payload size.

    The total length of the IP and TCP/UDP fields of the packet that are interesting to us in this context is 2...10% of the total length of the packet. If you process and store all this information batch by batch, there will not be enough resources. Fortunately, the vast majority of traffic is structured to consist of a series of “conversations” between external and internal network devices, called “flows.” For example, as part of one operation of sending an email (SMTP protocol), a TCP session is opened between the client and the server. It is characterized by a constant set of parameters (source IP address, source TCP port, destination IP address, destination TCP port). Instead of processing and storing information packet by packet, it is much more convenient to store flow parameters (addresses and ports), as well as additional information - the number and sum of lengths of packets transmitted in each direction, optionally session duration, router interface indexes, ToS field value, etc. This approach is beneficial for connection-oriented protocols (TCP), where it is possible to explicitly intercept the termination of a session. However, even for non-session-oriented protocols, it is possible to perform aggregation and logical completion of a flow record based on, for example, a timeout. Below is an excerpt from the SQL database of our own billing system, which logs information about traffic flows:

    It is necessary to note the case when the access device performs address translation (NAT, masquerading) to organize Internet access for computers on the local network using one, external, public IP address. In this case, a special mechanism replaces IP addresses and TCP/UDP ports of traffic packets, replacing internal (not routable on the Internet) addresses according to its dynamic translation table. In this configuration, it is necessary to remember that in order to correctly record data on internal network hosts, statistics must be collected in a way and in a place where the translation result does not yet “anonymize” internal addresses.

    Methods for collecting traffic/statistics information

    You can capture and process information about passing traffic directly on the access device itself (PC router, VPN server), transferring it from this device to a separate server (NetFlow, SNMP), or “from the wire” (tap, SPAN). Let's look at all the options in order.
    PC router
    Let's consider the simplest case - an access device (router) based on a PC running Linux.

    How to set up such a server, address translation and routing, a lot has been written. We are interested in the next logical step - information on how to obtain information about the traffic passing through such a server. There are three common methods:

    • intercepting (copying) packets passing through the server’s network card using the libpcap library
    • intercepting packets passing through the built-in firewall
    • using third-party tools for converting packet-by-packet statistics (obtained by one of the two previous methods) into a netflow aggregated information stream
    Libpcap


    In the first case, a copy of the packet passing through the interface, after passing the filter (man pcap-filter), can be requested by a client program on the server written using this library. The packet arrives with a layer 2 header (Ethernet). It is possible to limit the length of the information captured (if we are only interested in information from its header). Examples of such programs are tcpdump and Wireshark. There is an implementation of libpcap for Windows. If address translation is used on a PC router, such interception can only be carried out on its internal interface connected to local users. On the external interface, after translation, IP packets do not contain information about the internal hosts of the network. However, with this method it is impossible to take into account the traffic generated by the server itself on the Internet (which is important if it runs a web or email service).

    libpcap requires support from the operating system, which currently amounts to installing a single library. In this case, the application (user) program that collects packages must:

    • open the required interface
    • specify the filter through which to pass received packets, the size of the captured part (snaplen), the buffer size,
    • set the promisc parameter, which puts the network interface into capture mode for all packets passing by, and not just those addressed to the MAC address of this interface
    • set a function (callback) called on each received packet.

    When a packet is transmitted through the selected interface, after passing the filter, this function receives a buffer containing Ethernet, (VLAN), IP, etc. headers, total size up to snaplen. Since the libcap library copies packets, it cannot be used to block their passage. In this case, the traffic collection and processing program will have to use alternative methods, such as calling a script to place a given IP address in a traffic blocking rule.

    Firewall


    Capturing data passing through the firewall allows you to take into account both the traffic of the server itself and the traffic of network users, even when address translation is running. The main thing in this case is to correctly formulate the capture rule and put it in the right place. This rule activates the transfer of the packet towards the system library, from where the traffic accounting and management application can receive it. For Linux OS, iptables is used as a firewall, and interception tools are ipq, netfliter_queue or ulog. For OC FreeBSD – ipfw with rules like tee or divert. In any case, the firewall mechanism is complemented by the ability to work with a user program in the following way:
    • A user program - a traffic handler - registers itself in the system using a system call or a library.
    • A user program or external script installs a rule in the firewall, “wrapping” the selected traffic (according to the rule) inside the handler.
    • For each passing packet, the handler receives its contents in the form of a memory buffer (with IP headers, etc. After processing (accounting), the program must also tell the operating system kernel what to do next with such a packet - discard it or pass it on. Alternatively, it is possible pass the modified packet to the kernel.

    Since the IP packet is not copied, but sent to the software for analysis, it becomes possible to “eject” it, and therefore, completely or partially restrict traffic of a certain type (for example, to a selected local network subscriber). However, if the application program stops responding to the kernel about its decision (hung, for example), traffic through the server is simply blocked.
    It should be noted that the described mechanisms, with significant volumes of transmitted traffic, create excessive load on the server, which is associated with the constant copying of data from the kernel to the user program. The method of collecting statistics at the OS kernel level, with the output of aggregated statistics to the application program via the NetFlow protocol, does not have this drawback.

    Netflow
    This protocol was developed by Cisco Systems to export traffic information from routers for the purpose of traffic accounting and analysis. The most popular version 5 now provides the recipient with a stream of structured data in the form of UDP packets containing information about past traffic in the form of so-called flow records:

    The amount of information about traffic is several orders of magnitude smaller than the traffic itself, which is especially important in large and distributed networks. Of course, it is impossible to block the transfer of information when collecting statistics via netflow (unless additional mechanisms are used).
    Currently, a further development of this protocol is becoming popular - version 9, based on the template flow record structure, implementation for devices from other manufacturers (sFlow). Recently, the IPFIX standard was adopted, which allows statistics to be transmitted via protocols at deeper levels (for example, by application type).
    The implementation of netflow sources (agents, probes) is available for PC routers, both in the form of utilities working according to the mechanisms described above (flowprobe, softflowd), and directly built into the OS kernel (FreeBSD: ng_netgraph, Linux:). For software routers, the netflow statistics stream can be received and processed locally on the router itself, or sent over the network (transfer protocol - over UDP) to the receiving device (collector).


    The collector program can collect information from many sources at once, being able to distinguish their traffic even with overlapping address spaces. Using additional tools such as nprobe, it is also possible to carry out additional data aggregation, stream bifurcation or protocol conversion, which is important when managing a large and distributed network with dozens of routers.

    Netflow export functions support routers from Cisco Systems, Mikrotik, and some others. Similar functionality (with other export protocols) is supported by all major network equipment manufacturers.

    Libpcap “outside”
    Let's complicate the task a little. What if your access device is a hardware router from another manufacturer? For example, D-Link, ASUS, Trendnet, etc. It is most likely impossible to install additional data acquisition software on it. Alternatively, you have a smart access device, but it is not possible to configure it (you don’t have rights, or it is controlled by your provider). In this case, you can collect information about traffic directly at the point where the access device meets the internal network, using “hardware” packet copying tools. In this case, you will definitely need a separate server with a dedicated network card to receive copies of Ethernet packets.
    The server must use the packet collection mechanism using the libpcap method described above, and our task is to submit a data stream identical to that coming from the access server to the input of the network card dedicated for this purpose. For this you can use:
    • Ethernet - hub: a device that simply forwards packets between all its ports indiscriminately. In modern realities, it can be found somewhere in a dusty warehouse, and using this method is not recommended: unreliable, low speed (there are no hubs with a speed of 1 Gbit/s)
    • Ethernet is a switch with the ability to mirror (mirroring, SPAN ports. Modern smart (and expensive) switches allow you to copy all traffic (incoming, outgoing, both) of another physical interface, VLAN, including remote (RSPAN) to a specified port.
    • Hardware splitter, which may require installation of two network cards instead of one to collect - and this is in addition to the main, system one.


    Naturally, you can configure a SPAN port on the access device itself (router), if it allows it - Cisco Catalyst 6500, Cisco ASA. Here is an example of such a configuration for a Cisco switch:
    monitor session 1 source vlan 100 ! where do we get the packages from?
    monitor session 1 destination interface Gi6/3! where do we issue packages?

    SNMP
    What if we don’t have a router under our control, we don’t want to contact netflow, we’re not interested in the details of our users’ traffic. They are simply connected to the network through a managed switch, and we just need to roughly estimate the amount of traffic going to each of its ports. As you know, network devices with remote control support and can display counters of packets (bytes) passing through network interfaces. To poll them, it would be correct to use the standardized remote management protocol SNMP. Using it, you can quite easily obtain not only the values ​​of the specified counters, but also other parameters, such as the name and description of the interface, MAC addresses visible through it, and other useful information. This is done both by command line utilities (snmpwalk), graphical SNMP browsers, and more complex network monitoring programs (rrdtools, cacti, zabbix, whats up gold, etc.). However, this method has two significant drawbacks:
    • blocking traffic can only be done by completely disabling the interface, using the same SNMP
    • traffic counters taken via SNMP refer to the sum of the lengths of Ethernet packets (unicast, broadcast and multicast separately), while the rest of the previously described tools give values ​​relative to IP packets. This creates a noticeable discrepancy (especially on short packets) due to the overhead caused by the length of the Ethernet header (however, this can be approximately combated: L3_byte = L2_byte - L2_packets * 38).
    VPN
    Separately, it is worth considering the case of user access to the network by explicitly establishing a connection to the access server. A classic example is the good old dial-up, the analogue of which in the modern world is VPN remote access services (PPTP, PPPoE, L2TP, OpenVPN, IPSEC)


    The access device not only routes user IP traffic, but also acts as a specialized VPN server and terminates logical tunnels (often encrypted) within which user traffic is transmitted.
    To account for such traffic, you can use all the tools described above (and they are well suited for deep analysis by ports/protocols), as well as additional mechanisms that provide VPN access control tools. First of all, we will talk about the RADIUS protocol. His work is a rather complex topic. We will briefly mention that the control (authorization) of access to the VPN server (RADIUS client) is controlled by a special application (RADIUS server), which has a database (text file, SQL, Active Directory) of allowed users with their attributes (restrictions on connection speeds, assigned IP addresses). In addition to the authorization process, the client periodically transmits accounting messages to the server, information about the state of each currently running VPN session, including counters of bytes and packets transferred.

    Conclusion

    Let's bring all the methods for collecting traffic information described above together:

    Let's summarize. In practice, there are a large number of methods for connecting the network you manage (with clients or office subscribers) to an external network infrastructure, using a number of access tools - software and hardware routers, switches, VPN servers. However, in almost any case, you can come up with a scheme where information about traffic transmitted over the network can be sent to a software or hardware tool for its analysis and management. It is also possible that this tool will allow feedback to the access device, using intelligent access restriction algorithms for individual clients, protocols, and other things.
    This is where I will finish the analysis of the materiel. The remaining unanswered topics are:

    • how and where the collected traffic data goes
    • traffic accounting software
    • What is the difference between billing and a simple “counter”
    • How can you impose traffic restrictions?
    • accounting and restriction of visited websites

    Tags: Add tags

    Traffic counter useful thing. Especially if you have limited access to the network in terms of time or the amount of megabytes used. Not everyone has unlimited, right? Many people have unlimited access at home, but use 3G connections or mobile Internet outside the home for their laptops, like me, for example. And this type of communication is usually limited. You need to monitor your traffic consumption so as not to lose money if you overspend.

    I suggest you use NetWorx — a free program for recording Internet traffic and monitoring Internet connection speed. This small, necessary program will help you monitor the speed (traffic cops don’t sleep!) of movement on the network, and will also show how many kilograms of the Internet have been downloaded in a certain time.

    By using NetWorx You can set a time or megabyte limit. And when this threshold is reached, a notification will appear on the screen saying that your song has been sung and it’s time to wind down. You can also set it to automatically disconnect from the network or launch certain programs. Convenient, useful, easy.

    Download and install NetWorx: 1.7MB



    When you right-click on the tray icon, the following menu will appear...

    • Easy to set up!
    • Real-time consumption graphs.
    • Control all devices from one PC.
    • Notification when the limit is exceeded.
    • Supports WMI, SNMPv1/2c/3 and 64-bit counters.
    • Determine who is downloading and from where.
    • Check your provider!

    "10-Strike: Traffic Accounting" is a simple program for monitoring traffic consumption on computers, switches, servers on the network at the enterprise and even at home (3 sensors can be monitored for free in the trial version even after the 30-day trial period has expired). Monitor volumes incoming and outgoing consumed traffic on computers throughout your local network, incl. when accessing the Internet.

    The program constantly collects statistics from network hosts on incoming and outgoing traffic and displays in real time the dynamics of changes in data transfer speed on network interfaces in the form of graphs and tables.

    With our accounting program you can detect unscrupulous users who consume a lot of Internet traffic in your organization. Violation of labor discipline by employees leads to decreased labor productivity. A simple analysis of traffic consumption on employee computers will allow you to identify the most active network users. When using WMI sensors, you don’t even need to install anything on network computers, you just need an administrator password.

    Unfortunately, in our country Internet traffic for legal entities is not yet cheap everywhere. It often happens that excessive Internet activity of users (often unrelated to the work process) leads to cost overruns organizations to pay for connection. Using our program will help prevent your business from receiving unexpectedly high Internet bills. You can customize notification for consumption of a certain amount of traffic computers on the network over a period of time.

    You can observe speed graphs of incoming and outgoing traffic computers and network devices on the screen in real time. Can be done promptly determine who spends the most traffic and clogs the channel.

    The program constantly monitors traffic consumption on network computers and can notify you when certain conditions are met, which you can ask. For example, if the amount of traffic consumed by any computer exceeds a specified value, or the average information transfer rate for a certain period is above/below a threshold value. When the specified condition is met, the program will notify you in one of the following ways:

    • displaying a message on the computer screen;
    • sound signal;
    • sending e-mail messages;
    • writing to the program log file;
    • entry into the Event Log of the system.

    In addition, the traffic accounting program can execute certain actions when conditions are met: run the program, execute a VB or JS script, restart the service, restart the computer, etc.

    As the monitoring program works accumulates traffic consumption statistics network computers. You can find out at any time who and how much traffic was consumed at any given time, and what data transfer speeds were achieved. Traffic download/upload speed graphs, as well as traffic consumption tables, can be built for any time period or date.

    Awards

    In February 2015, the English version of the program earned an award - a finalist in the "Network Computing Awards 2015" competition of the popular British magazine "Network Computing" in the category "IT Optimization Product of The Year".

    When you purchase a license, you will receive a subscription to free program and technical updates. support for one year.

    Download the free 30-day version now and try it out! Windows XP/2003/Vista/2008/7/8.1/2012/10/2016 are supported.

    05/23/16 45K

    Many network administrators often encounter problems that can be resolved by analyzing network traffic. And here we come across such a concept as a traffic analyzer. So what is it?

    NetFlow analyzers and collectors are tools that help you monitor and analyze network traffic data. Network process analyzers allow you to accurately identify devices that are reducing channel throughput. They know how to find problem areas in your system and improve the overall efficiency of the network.

    The term " NetFlow" refers to a Cisco protocol designed to collect IP traffic information and monitor network traffic. NetFlow has been adopted as the standard protocol for streaming technologies.

    NetFlow software collects and analyzes flow data generated by routers and presents it in a user-friendly format.

    Several other network equipment vendors have their own protocols for monitoring and data collection. For example, Juniper, another highly respected network device vendor, calls its protocol " J-Flow". HP and Fortinet use the term " s-Flow". Although the protocols are called differently, they all work in a similar way. In this article, we'll look at 10 free network traffic analyzers and NetFlow collectors for Windows.

    SolarWinds Real-Time NetFlow Traffic Analyzer

    Free NetFlow Traffic Analyzer is one of the most popular tools available for free download. It gives you the ability to sort, tag, and display data in a variety of ways. This allows you to conveniently visualize and analyze network traffic. The tool is great for monitoring network traffic by type and time period. As well as running tests to determine how much traffic various applications consume.

    This free tool is limited to one NetFlow monitoring interface and only stores 60 minutes of data. This Netflow analyzer is a powerful tool that is worth using.

    Colasoft Capsa Free

    This free LAN traffic analyzer identifies and monitors over 300 network protocols and allows you to create custom reports. It includes email monitoring and sequence charts TCP synchronization, all of this is collected in one customizable panel.

    Other features include network security analysis. For example, tracking DoS/DDoS attacks, worm activity and ARP attack detection. As well as packet decoding and information display, statistical data about each host on the network, packet exchange control and flow reconstruction. Capsa Free supports all 32-bit and 64-bit versions of Windows XP.

    Minimum system requirements for installation: 2 GB of RAM and a 2.8 GHz processor. You must also have an Ethernet connection to the Internet ( NDIS 3 compliant or higher), Fast Ethernet or Gigabit with mixed mode driver. It allows you to passively capture all packets transmitted over an Ethernet cable.

    Angry IP Scanner

    It is an open source Windows traffic analyzer that is fast and easy to use. It does not require installation and can be used on Linux, Windows and Mac OSX. This tool works by simply pinging each IP address and can determine MAC addresses, scan ports, provide NetBIOS information, determine the authorized user on Windows systems, discover web servers, and much more. Its capabilities are expanded using Java plugins. Scan data can be saved to CSV, TXT, XML files.

    ManageEngine NetFlow Analyzer Professional

    A fully featured version of ManageEngines' NetFlow software. This is a powerful software with a full set of functions for analysis and data collection: monitoring of channel throughput in real time and alerts when threshold values ​​are reached, which allows you to quickly administer processes. In addition, it provides summary data on resource usage, monitoring of applications and protocols, and much more.

    The free version of the Linux traffic analyzer allows unlimited use of the product for 30 days, after which you can monitor only two interfaces. System requirements for NetFlow Analyzer ManageEngine depend on the flow rate. Recommended requirements for a minimum flow rate of 0 to 3000 threads per second are a 2.4 GHz dual-core processor, 2 GB of RAM, and 250 GB of available hard drive space. As the speed of the flow to be monitored increases, the requirements also increase.

    The Dude

    This application is a popular network monitor developed by MikroTik. It automatically scans all devices and recreates a network map. The Dude monitors servers running on various devices and alerts you if problems arise. Other features include automatic discovery and display of new devices, the ability to create custom maps, access to tools for remote device management, and more. It runs on Windows, Linux Wine and MacOS Darwine.

    JDSU Network Analyzer Fast Ethernet

    This traffic analyzer program allows you to quickly collect and view network data. The tool provides the ability to view registered users, determine the level of network bandwidth usage by individual devices, and quickly find and fix errors. And also capture data in real time and analyze it.

    The application supports the creation of highly detailed graphs and tables that allow administrators to monitor traffic anomalies, filter data to sift through large volumes of data, and much more. This tool for entry-level professionals, as well as experienced administrators, allows you to take complete control of your network.

    Plixer Scrutinizer

    This network traffic analyzer allows you to collect and comprehensively analyze network traffic, and quickly find and fix errors. With Scrutinizer, you can sort your data in a variety of ways, including by time interval, host, application, protocol, and more. The free version allows you to control an unlimited number of interfaces and store data for 24 hours of activity.

    Wireshark

    Wireshark is a powerful network analyzer that can run on Linux, Windows, MacOS X, Solaris and other platforms. Wireshark allows you to view captured data using a GUI, or use the TTY-mode TShark utilities. Its features include VoIP traffic collection and analysis, real-time display of Ethernet, IEEE 802.11, Bluetooth, USB, Frame Relay data, XML, PostScript, CSV data output, decryption support, and more.

    System requirements: Windows XP and higher, any modern 64/32-bit processor, 400 Mb of RAM and 300 Mb of free disk space. Wireshark NetFlow Analyzer is a powerful tool that can greatly simplify the work of any network administrator.

    Paessler PRTG

    This traffic analyzer provides users with many useful features: support for monitoring LAN, WAN, VPN, applications, virtual server, QoS and environment. Multi-site monitoring is also supported. PRTG uses SNMP, WMI, NetFlow, SFlow, JFlow and packet analysis, as well as uptime/downtime monitoring and IPv6 support.

    The free version allows you to use an unlimited number of sensors for 30 days, after which you can only use up to 100 for free.

    nProbe

    It is a full-featured open source NetFlow tracking and analysis application.

    nProbe supports IPv4 and IPv6, Cisco NetFlow v9 / IPFIX, NetFlow-Lite, contains functions for VoIP traffic analysis, flow and packet sampling, log generation, MySQL/Oracle and DNS activity, and much more. The application is free if you download and compile the traffic analyzer on Linux or Windows. The installation executable limits the capture size to 2000 packets. nProbe is completely free for educational institutions, as well as non-profit and scientific organizations. This tool will work on 64-bit versions of Linux and Windows operating systems.

    This list of 10 free NetFlow traffic analyzers and collectors will help you get started monitoring and troubleshooting a small office network or a large, multi-site enterprise WAN.

    Each application presented in this article makes it possible to monitor and analyze network traffic, detect minor failures, and identify bandwidth anomalies that may indicate security threats. And also visualize information about the network, traffic and much more. Network administrators must have such tools in their arsenal.

    This publication is a translation of the article “ Top 10 Best Free Netflow Analyzers and Collectors for Windows", prepared by the friendly project team

    Good Bad

    A program for tracking incoming and outgoing traffic on your computer. It will help you not to exceed the traffic limit and not end up without the Internet at all.

    ATTENTION: Starting from version 6, the program has become paid, so in order to avoid misunderstandings, do not update it. Here is the latest free version 5.5.5.

    Anyone who used the Internet five years ago probably remembers the most important problem for a user - constantly monitoring the amount of traffic. After all, there were no unlimited packages back then, and Dial-Up connections required money for every megabyte of information downloaded.

    As a result, if you don’t control traffic consumption, you could end up costing a pretty penny :). But the people are inventive and they came up with many programs for measuring and limiting the flow. Today, the need for such utilities has decreased a little, but they are still in use, because during their existence they have acquired many additional useful functions.

    Thanks to such programs, today you can measure the speed of your Internet connection, check all processes that have access to the Internet, measure traffic usage in corporate networks, and much more.

    A small program has all the above functions - NetWorx. In addition, it has a number of additional features that will be useful to both the system administrator and the average user. An equally simple but powerful tool can be called a paid program - DU Meter.

    Comparison of the free traffic metering program NetWorx with the paid analogue DU Meter

    In addition, in NetWorx you can impose a quota on the amount of traffic, as well as launch various applications on a schedule. The program itself comes in two versions: portable and installation. I think it's easiest to use the "portable" version, although if you're a fan of installers, you can easily install NetWorx using the standard installation wizard.

    Installing NetWorx

    I will assume that you downloaded the portable version. To get started, you need to unpack the archive with the program and run the executable exe file. Before directly launching NetWorx, we’ll make a couple of settings. First, you will need to specify the program language, and second, you will need to enable or disable checking for new versions. That's all :).

    After this, a program icon will appear in the tray (a place next to the system clock), with which we will manage it.

    NetWorx will be controlled through a right-click context menu.

    Here in this menu all the functions of the program are listed, but before use you can make some settings. To do this, click on the menu section of the same name.

    NetWorx Settings

    “Settings” consists of several tabs. In “General” we can configure the speed units, the information displayed in the tray, and also (most importantly!) which connection to monitor (by default, all traffic is counted).

    The “Graph” and “Graph Colors” sections allow us to customize the appearance of the graph of incoming/outgoing information packets. In “Notifications” you can enable and configure service messages from the program, and in “Additional” we have the opportunity to configure the collection of statistics.

    The very last tab, Dial-up, allows you to set the default connection and add applications that will run with NetWorx.

    After the settings are made, first click the “Apply” button for them to take effect, and then “Ok” to exit the settings.

    Traffic Monitor

    Now let's go directly through the NetWorx tools. The first and main one is a traffic monitor. It is presented in the form of a graph, which is called by the “Show graph” button.

    The graph can be presented in the form of a histogram (in my opinion, this is the most convenient), curved lines, or simply numbers. In this case, there will always be two numbers at the bottom. The number with the index “D” (blue by default) shows the amount of incoming traffic (from the English download), and “U” (green) respectively outgoing traffic (from the English upload).

    Velocity change curves are drawn in the corresponding colors on the graph, the numerical value of which can be correlated with the scale on the left.

    Speed ​​measurement

    The next button - “Speed ​​measurement” - unfortunately, does not measure the overall speed of your Internet connection, but only the current speed of background packet transmission. This may be needed to compare (saving is available) the results under full load on the channel (for example, downloading a file) and at rest.

    To start the test, just click the “Start” button and mark a certain period of time. The result can then be saved to a text file, and then compared with the new data obtained when “loading” the channel.

    Statistics

    System administrators will like this feature most of all, since it is possible to keep both a general count of traffic and display detailed statistics for each of the network users. The results can be exported to xls format (Excel spreadsheets) and saved on a computer.

    There are also tools for backup statistics and their further restoration (for example, if you need to save all the data after reinstalling the system).

    Traffic quota

    Moving on, we move on to the “Quota” section. This function is most suitable for users with a Dial-up connection or limited traffic (for example, mobile Internet). It allows you to set the maximum amount of information received or sent and will always warn the user if the specified limit is exceeded.

    By default, the quota is set to 0.00 KB, so if you want to use this function, you will need to “Configure” it first :).

    In the settings, we specify the type of quota (daily, weekly, monthly, last 24 hours) and the type of traffic (incoming, outgoing or all). You can leave the clock as is, and then specify the units of measurement and the quota itself.

    To save the settings, click “Ok”, and in the quota monitoring window, do not forget to check the box “Notify when the quota is used by %” in order to receive timely information about overexpenditure.

    Route tracing

    We have already looked at the “Settings” item, so let’s move on to the next one – “Route tracing”. If you suddenly lost access to any Internet resource or you need to find out what path you take before you get to this or that site, try tracing this path. This can be done using standard Windows capabilities, but with NetWorx it is much easier and more visual.

    To start tracing, enter the name of the site (remote computer) or its IP address. Now you can set the response time (although often the standard value is more than enough) and you can click “Start”. In this case, we traced the site yandex.ru and saw that to access it you need to go through 11 intermediate servers, and the total time to travel this path is 31 ms.

    Ping

    The next option is “Ping”. The window interface of this function is very similar to the previous one, but its purpose is somewhat different. Ping, simply put, is the speed at which a remote computer responds to a request you send. The built-in NetWorx ping is inferior in capabilities to the standard one (it is not possible to set your own keys to change parameters), but it copes with the main task.

    The disadvantage of the function is that you cannot directly enter the Internet address of the site - you need to know its exact IP (you can find out from the previous utility). Now specifically about use: enter the address of the remote PC, select the waiting time and the number of echo requests and click “Start”.

    In our example, the site was pinged vkontakte.ru. The average response time is not calculated automatically, but it can be calculated in your head by adding all the obtained values ​​and dividing by three :).

    It turned out to be about 45 ms, which in principle is good (ping up to 50 ms ± 10 ms is considered good). The TTL value is the “lifetime” of the echo packet. The number 64 means that the sent packet of information can pass through 64 intermediate servers.

    Connections

    The last tool is Connections. It allows you to monitor all applications that require an Internet connection.

    I immediately advise you to enable the “Convert addresses to names” option. This way you can see where this or that application is going and stop its attempt to connect to a suspicious resource. Pay special attention to “established” connections (ESTABLISHED) and listening ports (LISTENING), as they can pose a hidden threat.

    If a suspicious connection is detected, you can immediately terminate the application that installs it by right-clicking on it and selecting “End Application”.

    Conclusions

    Thus, we can summarize all of the above. NetWorx is not just a program for monitoring your Internet connection, but also a complex for ensuring security and comprehensive network diagnostics.

    Therefore, if you suspect that some application is using traffic irrationally or even transmitting confidential information, try monitoring your network with the NetWorx program and you can easily identify the “spy” :).

    P.S. Permission is granted to freely copy and quote this article, provided that an open active link to the source is indicated and the authorship of Ruslan Tertyshny is preserved.

    Read more: