RE: Request for info regarding tools..

From: Joe Klein (jsklein@mindspring.com)
Date: 01/17/02


From: "Joe Klein" <jsklein@mindspring.com>
To: <dovmar@starpower.net>, <focus-ms@securityfocus.com>
Date: Thu, 17 Jan 2002 10:47:11 -0500

For you traffic flow and traffic across the IP, talk a look at:

ntop - network top (http://www.ntop.org/ntop.html). "intop provides a
powerful and flexible interface to the ntop packet sniffer. Since ntop
has grown so much in functionality and it cannot be simply considered a
network-brower, the problem of capturinag and showing network usage has
been split. As of version 1.3 the ntop engine captures packets, performs
traffic analysis and information storage. intop implements a bare,
command line based interface, with an apparently spartan look and feel,
but a lot of functionality already implemented, and others planned for
future releases."

For you Active connections on an NT box, try fport
(http://www.foundstone.com/)

If you want to do network monitoring, try MRTG
(http://people.ee.ethz.ch/~oetiker/webtools/mrtg/mrtg.html) or Big
Brother (http://bb4.com/)

Joe

-----Original Message-----
From: dovmar [mailto:dovmar@starpower.net]
Sent: Thursday, January 17, 2002 8:18 AM
To: focus-ms@securityfocus.com
Subject: Request for info regarding tools..

Hi all,
Looking for some suggestions on tools to make life a bit easier when
monitoring network activity. Here's the scenario:

Win2k or NT OS, IIS, Cold Fusion, Imail.
Some .asp extensions

When we see 'too much' activity on our router (Cisco 2600, 1 wan/1lan
interface) we begin to poke around and look for where's the activity
coming
from - which site is pulling the bandwidth.We use a firewall that can
report
traffic by IP. So we have to go to several places for data.

My question is what software tools might you use (freeware or retail,
but
freeware or 'cheapware' (my phrase!!) is preferred) to collect the
following
data:

number of connections by IP address
traffic across that IP
active connections by user name
indication of traffic flow

We just bought and installed Vision from Foundstone - and whille it's
really
useful for smoe things, it lacks others.

Thanks in advance



Relevant Pages

  • Re: Stats on connections
    ... traffic on an interface including ssh traffic. ... The only thing is that I've had several problems compiling ntop so it ... Subject: Stats on connections ... > network packets? ...
    (SSH)
  • [PATCH 1/1] IPN: Inter Process Networking
    ... +IPN is an Inter Process Communication service. ... +interface and protocols used for networking. ... +to a "network". ... +creates a communication socket. ...
    (Linux-Kernel)
  • Re: [PATCH 1/1] IPN: Inter Process Networking
    ... +IPN is an Inter Process Communication service. ... +interface and protocols used for networking. ... +to a "network". ... +creates a communication socket. ...
    (Linux-Kernel)
  • Re: Publish Web Server behind SBS 2003 Standard
    ... Microsoft CSS Online Newsgroup Support ... When opening a new thread via the web interface, ... |> Method 2: Different ports ... |> "Network Connection". ...
    (microsoft.public.windows.server.sbs)
  • RE: VPN Error 800
    ... In SBS network, we only support one or two interfaces. ... We have a workaround for your condition: disable perimeter interface, ... then enable perimeter interface. ...
    (microsoft.public.windows.server.sbs)