Exercise 12: Monitoring Bandwidth Usage

Objective

Learn how to monitor and analyze network bandwidth usage using tools like ntopng to identify top consumers and implement strategies to manage bandwidth effectively.

Scenario

You are a network administrator for a company experiencing network slowdowns. Management suspects certain devices or applications are consuming excessive bandwidth. Your task is to install and configure a network monitoring tool to analyze real-time traffic, generate detailed reports, and recommend strategies to control bandwidth usage.

⚠️ Important: This exercise should be conducted in a legal and controlled environment. Unauthorized network monitoring is illegal and unethical.

Lab Instructions

Step 1: Set Up the Lab Environment

• Monitoring Machine: A Linux system connected to the network (preferably on the gateway).
• Network Devices: Various devices connected to the same network generating traffic.

Step 2: Install ntopng

On the Monitoring Machine, install ntopng:

sudo apt update 
sudo apt install ntopng -y

Start and enable ntopng:

sudo systemctl start ntopng 
sudo systemctl enable ntopng

Step 3: Configure ntopng

Edit the configuration file to set the monitoring interface:

sudo nano /etc/ntopng/ntopng.conf

Add the following line to specify the network interface (e.g., eth0):

-i eth0

Restart ntopng to apply changes:

sudo systemctl restart ntopng

Step 4: Access the ntopng Web Interface

Open a web browser and navigate to:

http://<monitoring-machine-ip>:3000

Log in with default credentials:

Username: admin

Password: admin

Change the password when prompted for security.

Step 5: Capture and Analyze Traffic

• View the Dashboard for real-time traffic analysis.
• Navigate to:
  • Hosts: To identify devices consuming the most bandwidth.
  • Applications: To see bandwidth usage by applications (HTTP, HTTPS, etc.).
  • Flows: To analyze communication between devices.

Step 6: Generate Bandwidth Usage Reports

• Access Reports to create detailed usage summaries.
• Generate reports for:
  • Top Talkers: Devices with the highest bandwidth consumption.
  • Top Applications: Applications consuming the most bandwidth.
  • Protocol Distribution: Traffic distribution across different protocols.

Example Report Insights

• Top Talker: Device 192.168.1.25 is consuming 60% of network bandwidth.
• Top Application: Streaming services (e.g., Netflix, YouTube) are using the majority of available bandwidth.

Solution & Explanation

How ntopng Works

• Traffic Monitoring: Captures and analyzes real-time traffic from specified network interfaces.
• Data Visualization: Provides web-based dashboards for detailed traffic analysis.
• Reporting: Generates customized reports based on network usage data.

Example Analysis

• Identified the top bandwidth consumers and their applications.
• Detected unexpected traffic patterns that could indicate misuse.

Mitigation Strategies for Bandwidth Abuse

1. Implement QoS (Quality of Service):
   • Prioritize business-critical traffic over recreational or non-essential usage.
   • Example: Prioritize VoIP and block/limit video streaming during work hours.
2. Bandwidth Throttling:
   • Limit the amount of bandwidth certain devices or applications can use.
   • Use firewall or router policies to apply rate limits.
3. Access Control Lists (ACLs):
   • Restrict access to high-bandwidth applications or non-business-related websites.
   • Example: Block access to streaming services on company networks.
4. Network Segmentation:
   • Isolate high-bandwidth devices or guest networks from the main corporate network.
5. Employee Awareness:
   • Educate users on responsible internet usage and the impact of excessive bandwidth consumption.

Testing & Verification

• Before Mitigation:
  • Record bandwidth usage and identify top consumers.
• After Applying Controls:
  • Re-analyze the traffic to verify a reduction in unnecessary bandwidth usage.
  • Confirm that critical services maintain performance.

Additional Script (Optional)

Automate ntopng installation and configuration:

#!/bin/bash
# Install and configure ntopng
sudo apt update
sudo apt install ntopng -y

# Configure ntopng to monitor eth0
echo "-i eth0" | sudo tee /etc/ntopng/ntopng.conf

# Start and enable ntopng
sudo systemctl start ntopng
sudo systemctl enable ntopng

Run the script:

chmod +x setup_ntopng.sh
sudo ./setup_ntopng.sh

Conclusion

In this exercise, you installed and configured ntopng to monitor network bandwidth usage. You analyzed real-time traffic, generated detailed reports, and explored strategies to manage and mitigate bandwidth abuse. Effective network monitoring and bandwidth management are crucial for maintaining optimal network performance and preventing misuse.