This tool monitors the network through-traffic of any of the computer's network interfaces. A list of potential uses:
- Identify if a computer has a virus
Most viruses propagate through the network. Most often they make use of email systems to transfer the data, other times they will attack weaknesses in network ports. If your desktop computer is sending out mail, but you are not using any mailing software, you may be infected with a virus.
- -identify if spyware is installed
Spyware (often called Adware) leaks information about your computer or your computer related activities to someone on the internet without you being aware of it. This info can be, what websites you use, what music you listen to etc. It can also be password and banking information. If your computer is talking to outside computers for no reason, you may have spyware on your computer.
- -Optimized network utilization
Even with a simple desktop computer it is often difficult to answer the question, what is utilizing my bandwidth. When some server type software is installed the question becomes more difficult to deal with. The knowledge of which servers, and even which hosts, are consuming bandwidth can be very useful.
All traffic passing through the 'Bind' interface (one of the network IP address on your computer) will be categorized and counted. There are counters for each of the three protocols: ICMP, UDP and TCP. In addition the user is given the ability to count the traffic for any number of ports per protocol. There is no restriction on the number of ports. The amount of data received and sent is shown per protocol and also per selected port and protocol. The rate is also shown. This is the rate of change. Rates are calculated every 3 seconds.
Hosts can also be tracked. In this case not only is there a counter for each protocol, each specified port, but also all hosts communicating with the computer. The ability to hide hosts that have not communicated for a specified period is offered. You can also select to have the host resolved to their FQDN (this depends on reverse lookup being created by the IP's 'owner').
A Bandwidth Distribution Pie Chart window is created at the same time as the Bandwidth Monitor. This window will draw a pie chart of the bandwidth distribution. The pie chart has an outer circle that shows the distribution of the protocols (ICMP, UDP and TCP). The inner pie shows the distribution of the selected ports. A legend is shown on the right of the chart. Beneath the legend the ability to select either Totals or Rates if offered. Totals is the value of the counter since the tool was started. Rate is the current throughput per second. Rates are calculated every 3 seconds.
To start the tool, select the interface you wish to monitor (in the Bind dropdown box) then click on the Go button. Once running the go button will become a stop button. Click this to stop the function. The Bandwidth Distribution Pie Chart is opened with the Bandwidth Monitor window. This window can be closed if desired. To re-open it use the View menu option, and click on 'Distribution Pie Chart'. This option is also available on the toolbar.
The 'Adv' button shows and hides the advanced options. You can select to Track Hosts, have Tracked Hosts resolved to their FQDN and to have the host removed from the list if there has been no activity in the last x period (called 'Track Hosts for'). The other advanced option allows for the modification of the ports to track. The Track Ports lists shows the ports being tracked. The Service is the 'common' use for the port and is obtained from RFC1700. If an item in the list is selected it can be deleted with the 'Del' button. Items are added by entering the port under 'Add Port' and selecting the protocol from 'Add Protocol', and then click on the 'Add' button for the item to be added to the list.
Table 10.1. Advanced Bandwidth Monitor Properties
| Track Hosts | Count bytes sent and received for each host. |
| Resolve IPs | For the hosts that are being tracked attempt to resolve their IP address to FQDN. |
| Track Host For | After what period of inactivity should the host be hidden. |
| Track Ports | A list of all ports that will have their own counters and entry in the result. |
| Add Port | The number of the port to add to the Tracking List. |
| Add Protocol | The protocol of the new port you intend to track. |
| Add | Adds the selected Port and Protocol to the Tracking Ports List |
| Del | Deletes a selected Tracking port. |