-
January 25th, 2005, 12:17 PM
#1
Senior Member
Traffic Analyzer
Hi all. I need to know which kind of traffic goes/come to/from internet in my company. I was thinking to put some kind of linux machine with two NIC bridge mode between the firewall and the internet router with some software analyzer... Any idea or advice before I begin?
Thank you!
-
January 25th, 2005, 01:27 PM
#2
What do you mean "Which kind of traffic" Like which ports so you can distinguish that? Or something more like a traffic sniffer?
-
January 25th, 2005, 01:27 PM
#3
guru@linux:~> who I grep -i blonde I talk; cd ~; wine; talk; touch; unzip; touch; strip; gasp; finger; mount; fsck; more; yes; gasp; umount; make clean; sleep;
-
January 25th, 2005, 01:56 PM
#4
Senior Member
Sorry, I was not clear enough...
That I would like is capture the traffic with something like tcpdump and then analyze it at protocol/application level, I mean, know how many percent is http, smtp, etc... and origin destination of the traffic. I can't do it "by hand" or better "by eye" because is a gateway for a 500+ workstations, need some help in analysis or to do it at once if there is some software that makes it.
Hope I ecplain myself better....
Thank you.
-
January 25th, 2005, 02:13 PM
#5
Got an old hub lying around? Put it inline and attach any box capable of running Ethereal efficiently and there you go.
Or try this... It works quite well for getting a quick picture.
Don\'t SYN us.... We\'ll SYN you.....
\"A nation that draws too broad a difference between its scholars and its warriors will have its thinking done by cowards, and its fighting done by fools.\" - Thucydides
-
January 25th, 2005, 02:17 PM
#6
Senior Member
Is a switched network That's why I wanted to put a box between firewall and router.
I woul be ok if I was able to run the soft in the router or firewall, but none of them are windows.
I think that i need kind of high level traffic analyzer which works with tcpdump files for example...
-
January 25th, 2005, 02:30 PM
#7
ethereal is fine enuff....you can have a look at statistic from ethereal.
Moreove tethereal is ethereal CLI version.
Ethereal is also capable of understaning tcpdump files very well.
Hope Ethereal helps you.
guru@linux:~> who I grep -i blonde I talk; cd ~; wine; talk; touch; unzip; touch; strip; gasp; finger; mount; fsck; more; yes; gasp; umount; make clean; sleep;
-
January 25th, 2005, 02:34 PM
#8
Probably you will also love to have a look at IPTraf
http://iptraf.seul.org/
This one is good if you dont want to dump the traffic, but just see the stats.
guru@linux:~> who I grep -i blonde I talk; cd ~; wine; talk; touch; unzip; touch; strip; gasp; finger; mount; fsck; more; yes; gasp; umount; make clean; sleep;
-
January 25th, 2005, 02:35 PM
#9
Senior Member
Ok, if I'm using ethereal in a two nic box... How can I configure a bridge having the two nics in the same network???
-
January 25th, 2005, 02:53 PM
#10
You didn't say, but you really should be proficient in using Linux before tackling something like this. You could bring your network to a halt or open up holes.
How much have you read about Linux and Bridging?
How can I configure a bridge having the two nics in the same network???
The nics would not have addresses, the box would be transparent to the network passing everything in then out.
Depending on the amount of traffic and connections of your host, you may want to consider something like a TAP instead of bridging? ( BTW, Tiger Shark's hub idea can be placed between the router and firewall like a TAP )
Have you checked out SNORT ?
Although it was designed as an IDS, you can pretty much make your own rules to have it do whatever you want. You can have it save the traffic to be read by something like tcpdump or Ethereal ( binary mode ), send it to a database, whatever. Very flexible.
You'll have to do a lot of reading and experimenting before putting it into production, even then you'll have to fine tune it to your needs. There are also programs such as Barnyard and BASE to support it. ( I'm using BASE with MySQL right now but I am no expert on this, I'm still playing! )
" And maddest of all, to see life as it is and not as it should be" --Miguel Cervantes
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
|
|