1. You wonder which service (HTTP, POP3, etc) uses the most bandwidth
with your Internet connection.
2. You would like to see a graphical display of which sites (remote
IP addresses) are most heavily accessed.
Step 1: Acquire Data
We first need to acquire connection log data using IPNetSentryX.
To do this open the IPNetSentryX Preferences window and:
- check the "Connection Logging"
checkbox to to begin connection logging.
Once this setting has been made, let IPNetSentryX acquire a few
hours worth of data. You can be using the machine at the time or
just let it sit idle (but it should not go to sleep).
Step 2: Analyze the Data
Open one of your "Connection Log"
files. This data will be displayed in a slightly different format
than the Bandwidth Log file:
From the popup menus in the lower right hand
side of the window you can determine how you want the data summarized.
There are four principal summaries available:
Connections by Site sorted by Total Bytes
Connections by Site sorted by Number of Connections
Connections by Service sorted by Total Bytes
Connections by Service sorted by Number of Connections
In addtion to these four principal summaries,
each summary plotsTotal Bytes (or Connections), Bytes In (or Connections
In) and Bytes Out (or Connections Out). For example, here is a plot
of Connections by Site sorted by Total Bytes:
The pie charts display the top 25 items in each
list (in this case, representing the top 25 sites visited).
If we view the same data based on number of
connections (instead of bytes) we get:
What we see here is that our Mac OS X system
is issuing many more small datagrams for the "Server Location"
service than any other service. These datagrams are sent to IP address
188.8.131.52. Looking at the data itself, we can see that these
datagrams are only 320 bytes in length. Should we be concerned?
Not in this case, since the datagrams are small enough not to interfere
with the normal upstream behavior of our network connection.
One group of connections worth watching are
the connections to "ads.web.aol.com". These are banner
graphics which are loaded when we connect to the CNN web site. These
connections comprise 5% of our outgoing bandwidth (based on bytes),
and almost 2.5% of our outgoing connections. Depending upon the
traffic at the "ads.web.aol.com" we may experience some
unnecessary delay, and hence may wish to block the receipt of such
ads with IPNetSentryX.
Looking at the same data based on services and
bytes used for each service we see:
Not surprising, almost 75% of our bandwidth
is used for HTTP type connections and 22% is used for POP3 email
When viewed by number of connections we see:
Again, the number of web server (HTTP) connections
is the leader, but this is closely followed by the number of Server
There is one additional feature which can be
used to adjust the data being plotted. This is the "Exclude
DNS" checkbox in the Connection List window. The reason for
this is that in the process of doing remote IP address lookups,
the IBA will make connections to your ISP's default name server
in order to perform the reverse name lookups. As you might expect,
the number of such connections could be substantial, and hence skew
the results being plotted. For this reason you may want to exclude
Domain Name Server (DNS) connections from being included in the
Bandwidth usage analysis was once the domain of large corporate
network administrators. With the popularity of broadband connections,
it can be beneficial for each of us to occasionally perform our
own bandwidth usage and connection analysis. Not only do such analyses
point out what services we most often use and remote sites we visit,
but subsequent actions might also help increase the overall performance
of our network connections.
The IPNetSentryX Bandwidth Analyzer is one tool which will signficantly
aid the lay person in performing bandwidth analysis.
Please send questions, comments, or suggestions using our general
Back to IPNetSentryX Application