Linux - NetworkingThis forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
I am using a dl380 SLES11sp1 as a central router and firewall for my network ( >300Pc`s, 120 Printer, >50 Servers).
Everything working fine so far but now i would like to add a real-time network analyser. Tought about astaro but was to expensive, looked at untagle but i do not want to set up the whole mashine from the scratch.
Isn`t there a way to add a filter to sles11 ?
I do not want a http scanner or http proxy, we already have that. I really want to analyse the traffic between my vlans on my central router/firewall.
Have you thought about using Wireshark? That has some quite complex filtering ability in there and has the advantage of being able to capture files and export to other programs, quite on VoIP as well.
From my experience, the size of your network and the amount of traffic might kill Wireshark depending on your network topology. Are you attempting to monitor everything from that one central router( I saw vlans, but are you watching EVERYTHING?)? if thats the case, you will need pretty decent hardware.
Ok, my fault, i would like to have a Intrusion-Detection like a sniffer but not like snort, as i have not enough time to configure that kind of thing.
Would like to have a software that analyses the network traffic and tells iptables to drop a session if it is doing something like trying password or transfer a virus.
You would need something like an IPS (Snort can do this) or intrusion prevention system and/or a proxy.
There are probably security appliances out there that will do what you want with little intervention, but I think your intentions while good are a bit misplaced. Having a system that does what you would like requires an understanding of these types of systems and requires dedication (your time and management's support). This isn't a plug it in and forget type security mechanism if you want to do it right.
I just tought there would be some kind of Network-Traffic-Analyser which would not need to be configured from a-z ( as snort does ) but can block traffic known as "bad" such as viruses or logon tests or ssh brute-force and so on.
As I mentioned I tried SNORT but without the resources an implemantation of such a system does not make sense just as you said.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.
