Network-Tools

Slade Edmonds slade at cryptoflow.net
Thu May 20 01:32:44 CEST 2004

Previous message: Network-Tools
Next message: Network-Tools
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Andreas Ericsson wrote:

> Steinbacher Manfred wrote:
>
>> We have a LAN with Cisco-Switches and some Cisco-Routers (WAN-and
>> Partnerconnections).
>>
>> We have two connections to the Internet about to routers. I need a tool
>> where I can so how many traffice (who , what traffice and so one) 
>> goes about
>> these both connections. And I must save this information for history 
>> and I
>> also need a report system where I can generate customized reports about
>> these stored information.
>>
> You want snort and acid for that. Nagios is more of a problem locator 
> than a statistics harvester.

Snort is for intrusion detection.  ACID is a web-based front-end for 
managing the alerts Snort generates.  You could call it a statistics 
harvester I suppose, but 'malicious' statistics harvesting would better 
describe its function.  If you are looking to detect intrusions, Snort 
is perfect.  If you want to harvest network statistics in the form of 
non-instrusive data flows, you are much better off with ntop.

>
>>
>> Another issue is what MAC-Addresses are active in the LAN. (We have some
>> VLANs) I know arpwatch but how can I solve the problems with VLAN´s.
>>
>>
>> Have anyone an idea who can I do this?
>>
>
> That depends on the type of hardware you're using. Most modern 
> switches can have one or more interfaces set to 'hub mode' (so that 
> all traffic coming in to the switch is sent to that interface 
> regardless of whether it's is target or not). Place your snort/acid 
> server on one of those interfaces and make sure the traffic you want 
> to monitor passes through that switch.

If you are looking only to monitor active mac addresses (VLANs 
included), and you aren't concerned at all about the the actual traffic 
patterns (sniffing) etc, again Snort is probably not the best choice.  
If you simply want to know what mac addresses are active, arpwatch will 
do it.

>
>> Many Thanks
>>
>> Manfred
>
>



-------------------------------------------------------
This SF.Net email is sponsored by: Oracle 10g
Get certified on the hottest thing ever to hit the market... Oracle 10g. 
Take an Oracle 10g class now, and we'll give you the exam FREE.
http://ads.osdn.com/?ad_id=3149&alloc_id=8166&op=click
_______________________________________________
Nagios-users mailing list
Nagios-users at lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/nagios-users
::: Please include Nagios version, plugin version (-v) and OS when reporting any issue. 
::: Messages without supporting info will risk being sent to /dev/null

Previous message: Network-Tools
Next message: Network-Tools
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

More information about the Users mailing list