[clug] Net traffic
Tony and Robyn Lewis
beakysnugger at yahoo.co.uk
Thu Mar 31 09:47:01 GMT 2005
> Hi, I have a network monitoring question that somebody may be able to
> answer. I am running debian
> and windows behind a smoothwall box with ADSL, with the various
> connections hooked into a switch. I would like to monitor, from the
> linux box, the traffic going to the windows machine. I have googled
> for an answer and tried programs like iptraf, but cannot get the
> programs to do what I need as I am not confident with the CLI.
> Smoothwall has a monitor, but it shows 24 hour cycles, not real time.
You probably need to define 'monitor'. Are you after intrustion
detection (someone hacking in)? Stats and history? Instantaneous info
(what sessions are currently open)?
Snort is apparently pretty good at IDS at a network level (no personal
experience). MRTG is the standard for graphs and stuff, and is quite
customisable to give you what you want. Something like ntop or ethereal
would give you instantaneous data, though you'll have to tinker to get
the exact info you want.
At a guess your network might not want to do this without some (more)
tinkering. Smoothwall isn't keen on other applications being installed
on the box (anything's possible though), and the switch is unlikely to
duplicate your traffic destined for the Win box, to the Deb box as well.
Another option: maybe ClarkConnect would suit you better than smoothwall
- it's easier to add more packages in, and does more out of the box
anyway - though unlikely to be as hardened as SW
HTH you in the right direction.
More information about the linux