Options
Network flow monitoring
HELLO TECHEXAMS!!!!
I have been away for a while, just to darn busy.
Anyway I need a good netflow monitoring tool. I have all my traffic getting spanned/mirrored to a sniffing port on a linux box.
TCPDUMP works fine, but I am looking for something like NTOP. However NTOP is segfaulting constantly.
Suggestions my fellow techies?
I have been away for a while, just to darn busy.
Anyway I need a good netflow monitoring tool. I have all my traffic getting spanned/mirrored to a sniffing port on a linux box.
TCPDUMP works fine, but I am looking for something like NTOP. However NTOP is segfaulting constantly.
Suggestions my fellow techies?
encrypt the encryption, never mind my brain hurts.
Comments
-
Optionsphoeneous Member Posts: 2,333 ■■■■■■■□□□
-
OptionsChris:/* Member Posts: 658 ■■■■■■■■□□What are you loocking to do? Do you want a map of your network? Do you want a network layout or fault detection and monitoring tool? Are you willing to pay or do you want freeware?
I ask because answering these questions will garner a better suggestion.Degrees:
M.S. Information Security and Assurance
B.S. Computer Science - Summa Cum Laude
A.A.S. Electronic Systems Technology -
Optionsliven Member Posts: 918Well I need to see conversations. And how much bandwidth each one is using.
I have cacti running.
I have nagios runing.
I have zabbix running.
But I need to see the kind of data NTOP can provide.
I don't really care about cost. But I can't run windows.encrypt the encryption, never mind my brain hurts. -
OptionsTheSuperRuski Member Posts: 240Well I need to see conversations. And how much bandwidth each one is using.
I have cacti running.
I have nagios runing.
I have zabbix running.
But I need to see the kind of data NTOP can provide.
I don't really care about cost. But I can't run windows.
You could try nmap.org. It has a lot of free software for all different purposes. You can also download wireshark. Very popular for network sniffing.[CENTER][FONT=Fixedsys][SIZE=4][COLOR=red][I]Величина бандит ... Ваша сеть моя детская площадка [/I][/COLOR][/SIZE][/FONT][/CENTER]
-
Optionsliven Member Posts: 918Hey thanks.
I have wireshark already.
Check out nTOP and see what I am saying. If it was stable it is the bomb.encrypt the encryption, never mind my brain hurts. -
OptionsChris:/* Member Posts: 658 ■■■■■■■■□□Look into:
Cheops-ng
or
Groundworks Open Source with Nagios Nagvis integration
Depends on how big you want to go and how big your network is. Small and free would be Cheops-ng while GWOS is a professional tool.Degrees:
M.S. Information Security and Assurance
B.S. Computer Science - Summa Cum Laude
A.A.S. Electronic Systems Technology -
OptionsForsaken_GA Member Posts: 4,024it sounds like what you want is a netflow collector, assuming you're actually exporting netflow from your router.
If you're looking for a free linux based solution, check into nfsen. If you're willing to pay the money for it, the solarwinds netflow collector is a very good product -
Optionsliven Member Posts: 918Thanks to everyone for all of the suggestions.
I finally got NTOP working.
I compiled it from source instead of using yum/rpms.
It is stable for now. Not sure how long that will last. But it might be long enough for me to get one of these other solutions up and running.
Also I am not exporting any Netflow data. There is only one Cisco switch in this environment. It is all 3Com, Netgear (prosafe, YUCK), aruba, and Juniper (YEA!).
I have every up link spanned so I am getting all of the LAN traffic sent to my monitoring server.
Worst case I can run lots of CLI utilities on Linux to see what is going on. I just have seen NTOP work in the past and it is very nice.encrypt the encryption, never mind my brain hurts. -
Optionsphoeneous Member Posts: 2,333 ■■■■■■■□□□I have zabbix running.
Not to go off topic but what do you think of zabbix? I've had it running for a few weeks and so far I like it. -
OptionsForsaken_GA Member Posts: 4,024Worst case I can run lots of CLI utilities on Linux to see what is going on. I just have seen NTOP work in the past and it is very nice.
The problem with NTOP is that it likes to die for no good reason. You'll find that if you want to actually keep it running, you'll need to implement some form of process monitoring along with scripts to start it back up when it dies -
Optionschrisone Member Posts: 2,278 ■■■■■■■■■□I highly recommend this book. I am currently poking at it for my 2k11 studies, however this seems to be a full blown network , snmp and netflow solution, using various linux software packages like nagios, mrtg , etc etc.
I am having a bit of a difficulty with this book since my linux skills are very limited. This book assumes you know the basics of linux and intalling software. Gosh i see a Linux+/LPIC1 cert down the road.
Amazon.com: Network Flow Analysis (9781593272036): Michael W. Lucas: BooksCerts: CISSP, EnCE, OSCP, CRTP, eCTHPv2, eCPPT, eCIR, LFCS, CEH, SPLK-1002, SC-200, SC-300, AZ-900, AZ-500, VHL:Advanced+
2023 Cert Goals: SC-100, eCPTX -
OptionsForsaken_GA Member Posts: 4,024I highly recommend this book. I am currently poking at it for my 2k11 studies, however this seems to be a full blown network , snmp and netflow solution, using various linux software packages like nagios, mrtg , etc etc.
I am having a bit of a difficulty with this book since my linux skills are very limited. This book assumes you know the basics of linux and intalling software. Gosh i see a Linux+/LPIC1 cert down the road.
Amazon.com: Network Flow Analysis (9781593272036): Michael W. Lucas: Books
Ooo thank you for link, I must have missed that one. And it's a No Starch Press book, I've never disliked anything of their's that I've bought -
OptionsForsaken_GA Member Posts: 4,024so I got my copy Network Flow Analysis today, and I have to say I think I'm going to like this book after reading the Introduction. From the first paragraph:
"Network administrators share an abiding and passionate desire for just one thing: We want our users to shut up."
This guy is my kind of <bleeep>. -
Optionschrisone Member Posts: 2,278 ■■■■■■■■■□Haha yeah I like the way the author thinks. I haven't been reading the book that much, it's not a high task for me as of yet since we have two monitoring devices/softwares at work. Along with my CCDP studies i have to push this book to the side for a moment. Let me know how the rest of the book is and if you do get it all up and running, how good is the system for monitoring. Thanks. And i hope you enjoy.Certs: CISSP, EnCE, OSCP, CRTP, eCTHPv2, eCPPT, eCIR, LFCS, CEH, SPLK-1002, SC-200, SC-300, AZ-900, AZ-500, VHL:Advanced+
2023 Cert Goals: SC-100, eCPTX -
OptionsForsaken_GA Member Posts: 4,024Oh. netflow is wonderful, I've been an advocate of flow monitoring for years. It's the only real way to know what's going on within your network. I'm just reading the book to see if it can teach me something I don't already know hehe
-
OptionsAhriakin Member Posts: 1,799 ■■■■■■■■□□Plixer netflow Scrutinizer is quite good too. The only product I've tried so far that handles Cisco ASA 'Netflow' (NSel) correctly.We responded to the Year 2000 issue with "Y2K" solutions...isn't this the kind of thinking that got us into trouble in the first place?
-
Optionschrisone Member Posts: 2,278 ■■■■■■■■■□Forsaken_GA wrote: »Oh. netflow is wonderful, I've been an advocate of flow monitoring for years. It's the only real way to know what's going on within your network. I'm just reading the book to see if it can teach me something I don't already know hehe
Yeah we run netflows and scrutinzer on our network. We have a full blown network monitoring system, two of them. That is why this book is not really top priority for me at the moment.Certs: CISSP, EnCE, OSCP, CRTP, eCTHPv2, eCPPT, eCIR, LFCS, CEH, SPLK-1002, SC-200, SC-300, AZ-900, AZ-500, VHL:Advanced+
2023 Cert Goals: SC-100, eCPTX