Network flow monitoring

livenliven Member Posts: 918
HELLO TECHEXAMS!!!!


I have been away for a while, just to darn busy.

Anyway I need a good netflow monitoring tool. I have all my traffic getting spanned/mirrored to a sniffing port on a linux box.

TCPDUMP works fine, but I am looking for something like NTOP. However NTOP is segfaulting constantly.

Suggestions my fellow techies?
encrypt the encryption, never mind my brain hurts.

Comments

  • Chris:/*Chris:/* Member Posts: 658 ■■■■■■■■□□
    What are you loocking to do? Do you want a map of your network? Do you want a network layout or fault detection and monitoring tool? Are you willing to pay or do you want freeware?

    I ask because answering these questions will garner a better suggestion.
    Degrees:
    M.S. Information Security and Assurance
    B.S. Computer Science - Summa Cum Laude
    A.A.S. Electronic Systems Technology
  • livenliven Member Posts: 918
    Well I need to see conversations. And how much bandwidth each one is using.

    I have cacti running.

    I have nagios runing.

    I have zabbix running.


    But I need to see the kind of data NTOP can provide.


    I don't really care about cost. But I can't run windows.
    encrypt the encryption, never mind my brain hurts.
  • TheSuperRuskiTheSuperRuski Member Posts: 240
    liven wrote: »
    Well I need to see conversations. And how much bandwidth each one is using.

    I have cacti running.

    I have nagios runing.

    I have zabbix running.


    But I need to see the kind of data NTOP can provide.


    I don't really care about cost. But I can't run windows.

    You could try nmap.org. It has a lot of free software for all different purposes. You can also download wireshark. Very popular for network sniffing.
    [CENTER][FONT=Fixedsys][SIZE=4][COLOR=red][I]Величина бандит ... Ваша сеть моя детская площадка [/I][/COLOR][/SIZE][/FONT][/CENTER]
    
  • livenliven Member Posts: 918
    Hey thanks.

    I have wireshark already.

    Check out nTOP and see what I am saying. If it was stable it is the bomb.
    encrypt the encryption, never mind my brain hurts.
  • Chris:/*Chris:/* Member Posts: 658 ■■■■■■■■□□
    Look into:

    Cheops-ng
    or
    Groundworks Open Source with Nagios Nagvis integration

    Depends on how big you want to go and how big your network is. Small and free would be Cheops-ng while GWOS is a professional tool.
    Degrees:
    M.S. Information Security and Assurance
    B.S. Computer Science - Summa Cum Laude
    A.A.S. Electronic Systems Technology
  • Forsaken_GAForsaken_GA Member Posts: 4,024
    it sounds like what you want is a netflow collector, assuming you're actually exporting netflow from your router.

    If you're looking for a free linux based solution, check into nfsen. If you're willing to pay the money for it, the solarwinds netflow collector is a very good product
  • livenliven Member Posts: 918
    Thanks to everyone for all of the suggestions.

    I finally got NTOP working.

    I compiled it from source instead of using yum/rpms.

    It is stable for now. Not sure how long that will last. But it might be long enough for me to get one of these other solutions up and running.


    Also I am not exporting any Netflow data. There is only one Cisco switch in this environment. It is all 3Com, Netgear (prosafe, YUCK), aruba, and Juniper (YEA!).

    I have every up link spanned so I am getting all of the LAN traffic sent to my monitoring server.

    Worst case I can run lots of CLI utilities on Linux to see what is going on. I just have seen NTOP work in the past and it is very nice.
    encrypt the encryption, never mind my brain hurts.
  • phoeneousphoeneous Member Posts: 2,333 ■■■■■■■□□□
    liven wrote: »
    I have zabbix running.

    Not to go off topic but what do you think of zabbix? I've had it running for a few weeks and so far I like it.
  • Forsaken_GAForsaken_GA Member Posts: 4,024
    liven wrote: »
    Worst case I can run lots of CLI utilities on Linux to see what is going on. I just have seen NTOP work in the past and it is very nice.

    The problem with NTOP is that it likes to die for no good reason. You'll find that if you want to actually keep it running, you'll need to implement some form of process monitoring along with scripts to start it back up when it dies
  • chrisonechrisone Member Posts: 2,278 ■■■■■■■■■□
    I highly recommend this book. I am currently poking at it for my 2k11 studies, however this seems to be a full blown network , snmp and netflow solution, using various linux software packages like nagios, mrtg , etc etc.

    I am having a bit of a difficulty with this book since my linux skills are very limited. This book assumes you know the basics of linux and intalling software. Gosh i see a Linux+/LPIC1 cert down the road. icon_rolleyes.gif

    Amazon.com: Network Flow Analysis (9781593272036): Michael W. Lucas: Books
    Certs: CISSP, EnCE, OSCP, CRTP, eCTHPv2, eCPPT, eCIR, LFCS, CEH, SPLK-1002, SC-200, SC-300, AZ-900, AZ-500, VHL:Advanced+
    2023 Cert Goals: SC-100, eCPTX
  • Forsaken_GAForsaken_GA Member Posts: 4,024
    chrisone wrote: »
    I highly recommend this book. I am currently poking at it for my 2k11 studies, however this seems to be a full blown network , snmp and netflow solution, using various linux software packages like nagios, mrtg , etc etc.

    I am having a bit of a difficulty with this book since my linux skills are very limited. This book assumes you know the basics of linux and intalling software. Gosh i see a Linux+/LPIC1 cert down the road. icon_rolleyes.gif

    Amazon.com: Network Flow Analysis (9781593272036): Michael W. Lucas: Books

    Ooo thank you for link, I must have missed that one. And it's a No Starch Press book, I've never disliked anything of their's that I've bought
  • Forsaken_GAForsaken_GA Member Posts: 4,024
    so I got my copy Network Flow Analysis today, and I have to say I think I'm going to like this book after reading the Introduction. From the first paragraph:

    "Network administrators share an abiding and passionate desire for just one thing: We want our users to shut up."

    This guy is my kind of <bleeep>.
  • chrisonechrisone Member Posts: 2,278 ■■■■■■■■■□
    Haha yeah I like the way the author thinks. I haven't been reading the book that much, it's not a high task for me as of yet since we have two monitoring devices/softwares at work. Along with my CCDP studies i have to push this book to the side for a moment. Let me know how the rest of the book is and if you do get it all up and running, how good is the system for monitoring. Thanks. And i hope you enjoy.
    Certs: CISSP, EnCE, OSCP, CRTP, eCTHPv2, eCPPT, eCIR, LFCS, CEH, SPLK-1002, SC-200, SC-300, AZ-900, AZ-500, VHL:Advanced+
    2023 Cert Goals: SC-100, eCPTX
  • Forsaken_GAForsaken_GA Member Posts: 4,024
    Oh. netflow is wonderful, I've been an advocate of flow monitoring for years. It's the only real way to know what's going on within your network. I'm just reading the book to see if it can teach me something I don't already know hehe
  • AhriakinAhriakin Member Posts: 1,799 ■■■■■■■■□□
    Plixer netflow Scrutinizer is quite good too. The only product I've tried so far that handles Cisco ASA 'Netflow' (NSel) correctly.
    We responded to the Year 2000 issue with "Y2K" solutions...isn't this the kind of thinking that got us into trouble in the first place?
  • chrisonechrisone Member Posts: 2,278 ■■■■■■■■■□
    Oh. netflow is wonderful, I've been an advocate of flow monitoring for years. It's the only real way to know what's going on within your network. I'm just reading the book to see if it can teach me something I don't already know hehe

    Yeah we run netflows and scrutinzer on our network. We have a full blown network monitoring system, two of them. That is why this book is not really top priority for me at the moment.
    Certs: CISSP, EnCE, OSCP, CRTP, eCTHPv2, eCPPT, eCIR, LFCS, CEH, SPLK-1002, SC-200, SC-300, AZ-900, AZ-500, VHL:Advanced+
    2023 Cert Goals: SC-100, eCPTX
Sign In or Register to comment.