RE: Request for info regarding tools..

From: Joe Klein (jsklein@mindspring.com)
Date: 01/17/02


From: "Joe Klein" <jsklein@mindspring.com>
To: <dovmar@starpower.net>, <focus-ms@securityfocus.com>
Date: Thu, 17 Jan 2002 10:47:11 -0500

For you traffic flow and traffic across the IP, talk a look at:

ntop - network top (http://www.ntop.org/ntop.html). "intop provides a
powerful and flexible interface to the ntop packet sniffer. Since ntop
has grown so much in functionality and it cannot be simply considered a
network-brower, the problem of capturinag and showing network usage has
been split. As of version 1.3 the ntop engine captures packets, performs
traffic analysis and information storage. intop implements a bare,
command line based interface, with an apparently spartan look and feel,
but a lot of functionality already implemented, and others planned for
future releases."

For you Active connections on an NT box, try fport
(http://www.foundstone.com/)

If you want to do network monitoring, try MRTG
(http://people.ee.ethz.ch/~oetiker/webtools/mrtg/mrtg.html) or Big
Brother (http://bb4.com/)

Joe

-----Original Message-----
From: dovmar [mailto:dovmar@starpower.net]
Sent: Thursday, January 17, 2002 8:18 AM
To: focus-ms@securityfocus.com
Subject: Request for info regarding tools..

Hi all,
Looking for some suggestions on tools to make life a bit easier when
monitoring network activity. Here's the scenario:

Win2k or NT OS, IIS, Cold Fusion, Imail.
Some .asp extensions

When we see 'too much' activity on our router (Cisco 2600, 1 wan/1lan
interface) we begin to poke around and look for where's the activity
coming
from - which site is pulling the bandwidth.We use a firewall that can
report
traffic by IP. So we have to go to several places for data.

My question is what software tools might you use (freeware or retail,
but
freeware or 'cheapware' (my phrase!!) is preferred) to collect the
following
data:

number of connections by IP address
traffic across that IP
active connections by user name
indication of traffic flow

We just bought and installed Vision from Foundstone - and whille it's
really
useful for smoe things, it lacks others.

Thanks in advance