Thu Mar 31 09:47:01 GMT 2005

fred wrote:

> Hi, I have a network monitoring question that somebody may be able to  
> answer. I am running debian
>  and windows behind a smoothwall box with ADSL, with the various  
> connections hooked into a switch. I would like to monitor, from the 
> linux  box, the traffic going to the windows machine. I have googled 
> for an  answer and tried programs like iptraf, but cannot get the 
> programs to do  what I need as I am not confident with the CLI. 
> Smoothwall has a monitor,  but it shows 24 hour cycles, not real time.
> Fred

You probably need to define 'monitor'.  Are you after intrustion 
detection (someone hacking in)?  Stats and history?  Instantaneous info 
(what sessions are currently open)?

Snort is apparently pretty good at IDS at a network level (no personal 
experience).  MRTG is the standard for graphs and stuff, and is quite 
customisable to give you what you want.  Something like ntop or ethereal 
would give you instantaneous data, though you'll have to tinker to get 
the exact info you want.

At a guess your network might not want to do this without some (more) 
tinkering.  Smoothwall isn't keen on other applications being installed 
on the box (anything's possible though), and the switch is unlikely to 
duplicate your traffic destined for the Win box, to the Deb box as well.

Another option: maybe ClarkConnect would suit you better than smoothwall 
- it's easier to add more packages in, and does more out of the box 
anyway - though unlikely to be as hardened as SW

HTH you in the right direction.


