LinuxQuestions.org
Help answer threads with 0 replies.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Networking
User Name
Password
Linux - Networking This forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.

Notices

Reply
 
Search this Thread
Old 04-29-2013, 09:49 AM   #1
saavik
Member
 
Registered: Nov 2001
Location: NRW, Germany
Distribution: SLES11 / FC20/ OES / CentOS
Posts: 606

Rep: Reputation: 32
Realtime network analyser


Hello!

I am using a dl380 SLES11sp1 as a central router and firewall for my network ( >300Pc`s, 120 Printer, >50 Servers).

Everything working fine so far but now i would like to add a real-time network analyser. Tought about astaro but was to expensive, looked at untagle but i do not want to set up the whole mashine from the scratch.

Isn`t there a way to add a filter to sles11 ?

I do not want a http scanner or http proxy, we already have that. I really want to analyse the traffic between my vlans on my central router/firewall.

Any idea ?
 
Old 04-29-2013, 10:51 AM   #2
markyd
LQ Newbie
 
Registered: Dec 2011
Location: Shepperton - UK
Distribution: Lubuntu & Puppy ... mostly ;-)
Posts: 24
Blog Entries: 15

Rep: Reputation: Disabled
Have you thought about using Wireshark? That has some quite complex filtering ability in there and has the advantage of being able to capture files and export to other programs, quite on VoIP as well.

MarkyD
 
Old 04-29-2013, 06:15 PM   #3
Lantzvillian
Member
 
Registered: Oct 2007
Location: BC, Canada
Distribution: Fedora, Debian
Posts: 210

Rep: Reputation: 41
From my experience, the size of your network and the amount of traffic might kill Wireshark depending on your network topology. Are you attempting to monitor everything from that one central router( I saw vlans, but are you watching EVERYTHING?)? if thats the case, you will need pretty decent hardware.

What are you attempting to monitor? Ntop might do the job? http://www.ntop.org/products/ntop/

Have you looked at some of the commerical solutions available from Riverbed? http://www.riverbed.com/products-sol...ment-products/
 
Old 04-30-2013, 10:38 AM   #4
saavik
Member
 
Registered: Nov 2001
Location: NRW, Germany
Distribution: SLES11 / FC20/ OES / CentOS
Posts: 606

Original Poster
Rep: Reputation: 32
Ok, my fault, i would like to have a Intrusion-Detection like a sniffer but not like snort, as i have not enough time to configure that kind of thing.

Would like to have a software that analyses the network traffic and tells iptables to drop a session if it is doing something like trying password or transfer a virus.

Any idea ?
 
Old 05-02-2013, 06:12 PM   #5
Lantzvillian
Member
 
Registered: Oct 2007
Location: BC, Canada
Distribution: Fedora, Debian
Posts: 210

Rep: Reputation: 41
You would need something like an IPS (Snort can do this) or intrusion prevention system and/or a proxy.

There are probably security appliances out there that will do what you want with little intervention, but I think your intentions while good are a bit misplaced. Having a system that does what you would like requires an understanding of these types of systems and requires dedication (your time and management's support). This isn't a plug it in and forget type security mechanism if you want to do it right.
 
1 members found this post helpful.
Old 05-08-2013, 07:48 AM   #6
saavik
Member
 
Registered: Nov 2001
Location: NRW, Germany
Distribution: SLES11 / FC20/ OES / CentOS
Posts: 606

Original Poster
Rep: Reputation: 32
Yes, i agree with you.

I just tought there would be some kind of Network-Traffic-Analyser which would not need to be configured from a-z ( as snort does ) but can block traffic known as "bad" such as viruses or logon tests or ssh brute-force and so on.

As I mentioned I tried SNORT but without the resources an implemantation of such a system does not make sense just as you said.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
64Studio realtime kernel and debian lenny realtime module buid error? stratotak Linux - Newbie 0 01-30-2009 11:57 PM
Troubleshooting the Network Analyser Logs???? ajeetraina Linux - Server 0 09-04-2007 01:03 AM
How to run ethereal network analyser in GUI mode on linux - fedora 6 sandunlop Linux - Software 1 03-22-2007 02:39 PM
Error "pcap.h" not found when tried installing ethereal network analyser for redhat ssangeetha Linux - Software 1 03-21-2007 02:41 PM
Network Analyser based on tcpdump daveyroy Linux - Networking 4 11-29-2004 08:19 PM


All times are GMT -5. The time now is 02:46 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration