[svlug] Network monitoring tool recommendation

[David Rosenstrauch]

We've got some machine (or machines) sucking up a lot of bandwidth on 
our network.  I'm trying to pin down exactly what, but not having much 
luck so far.

The network's got about a dozen machines, behind a firewall.  What I'd 
like to see is a high-level view of the whole network's bandwidth usage 
over the span of, say, 24 hours.  I.e., which machines are using the 
most bandwidth (i.e., in Gb), and which external site connections are 
causing most of the hogging.

Clearly, micro-level tools like iftop aren't going to cut it here, as 
they only show me a) what's using bandwidth right now, and b) an 
individual machine basis.

I've tried a few other tools (darkstat, bandwidthd, ntop) but none of 
them seems to really give me what I'm looking for.  What I'd really like 
to see is:

* A list of each machine in our network, listed in descending order of 
cumulative bandwidth usage over a particular period of time.  (e.g., 
last day)

* For each of those machines, I'd then like to be able to drill down 
into them (e.g., by clicking on it in a web GUI) to see detail on each 
external host this machine connected to (again in descending order of 
bandwidth usage) and/or which network protocols were used for the 
traffic (e.g., http).


Anyone have any particular recommendations for a situation like this? 
Ntop seems to get me close, but not quite there.  (It doesn't seem to 
show hostnames of external machines connected to, for one.)

Thanks,

DR