Network-Tools

Andreas Ericsson ae at op5.se
Thu May 20 18:44:53 CEST 2004

Previous message: Network-Tools
Next message: quick question about check_nt plugin
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Slade Edmonds wrote:
> Andreas Ericsson wrote:
> 
>> Steinbacher Manfred wrote:
>>
>>> We have a LAN with Cisco-Switches and some Cisco-Routers (WAN-and
>>> Partnerconnections).
>>>
>>> We have two connections to the Internet about to routers. I need a tool
>>> where I can so how many traffice (who , what traffice and so one) 
>>> goes about
>>> these both connections. And I must save this information for history 
>>> and I
>>> also need a report system where I can generate customized reports about
>>> these stored information.
>>>
>> You want snort and acid for that. Nagios is more of a problem locator 
>> than a statistics harvester.
> 
> 
> Snort is for intrusion detection.  ACID is a web-based front-end for 
> managing the alerts Snort generates.  You could call it a statistics 
> harvester I suppose, but 'malicious' statistics harvesting would better 
> describe its function.  If you are looking to detect intrusions, Snort 
> is perfect.  If you want to harvest network statistics in the form of 
> non-instrusive data flows, you are much better off with ntop.
> 

My bad. I keep confusing snort and ntop (although snort can monitor all 
traffic as easily as just some of it).

>>
>>>
>>> Another issue is what MAC-Addresses are active in the LAN. (We have some
>>> VLANs) I know arpwatch but how can I solve the problems with VLAN´s.
>>>
>>>
>>> Have anyone an idea who can I do this?
>>>
>>
>> That depends on the type of hardware you're using. Most modern 
>> switches can have one or more interfaces set to 'hub mode' (so that 
>> all traffic coming in to the switch is sent to that interface 
>> regardless of whether it's is target or not). Place your snort/acid 
>> server on one of those interfaces and make sure the traffic you want 
>> to monitor passes through that switch.
> 
> 
> If you are looking only to monitor active mac addresses (VLANs 
> included), and you aren't concerned at all about the the actual traffic 
> patterns (sniffing) etc, again Snort is probably not the best choice.  
> If you simply want to know what mac addresses are active, arpwatch will 
> do it.
> 
>>
>>> Many Thanks
>>>
>>> Manfred
>>
>>
>>
> 
> 

-- 
Sourcerer / Andreas Ericsson
OP5 AB
+46 (0)733 709032
andreas.ericsson at op5.se


-------------------------------------------------------
This SF.Net email is sponsored by: Oracle 10g
Get certified on the hottest thing ever to hit the market... Oracle 10g. 
Take an Oracle 10g class now, and we'll give you the exam FREE.
http://ads.osdn.com/?ad_id=3149&alloc_id=8166&op=click
_______________________________________________
Nagios-users mailing list
Nagios-users at lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/nagios-users
::: Please include Nagios version, plugin version (-v) and OS when reporting any issue. 
::: Messages without supporting info will risk being sent to /dev/null

Previous message: Network-Tools
Next message: quick question about check_nt plugin
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

More information about the Users mailing list