LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Linux - Networking (https://www.linuxquestions.org/questions/linux-networking-3/)
-   -   Traffic monitoring and port mirroring (https://www.linuxquestions.org/questions/linux-networking-3/traffic-monitoring-and-port-mirroring-918484/)

reeaver 12-13-2011 05:46 AM
Traffic monitoring and port mirroring
 
Hi,

I'm looking for some solution that helps me with traffic monitoring in some small network.

I need to log all visited sites and connections made by network users.
Currently in this network there is some simple router but it doesn't allow to log such data. I'm not able to change this router, it has to stay.

This router is connected to some smart switch which has a mirroring port feature.
I was thinking about use this feature and forward copy of all thaffic that flows to current router to some linux machine which will be able to analyse traffic.

But how to analyse traffic on such machine, what should I use?
Or maybe there is some better solution?

Thanks for all suggestions

kbp 12-13-2011 07:15 AM
A proxy might be a better option as it already inspects the traffic and will do reporting

reeaver 12-13-2011 07:29 AM
Ok but this will solve only a part of problem.
What about logging other traffic?

kbp 12-13-2011 07:39 AM
If this is for IDS you could probably start with snort.


All times are GMT -5. The time now is 03:16 PM.