LinuxQuestions.org
Help answer threads with 0 replies.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Networking
User Name
Password
Linux - Networking This forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.

Notices


Reply
  Search this Thread
Old 05-06-2010, 12:28 AM   #1
gubak
Member
 
Registered: Jul 2004
Posts: 332

Rep: Reputation: 30
How to monitoring network hosts?


Hi!

I have a small office network with windows machines and a Linux internet access server (CentOS 5.4). For internet acces I use masquerade, so everione can access every internet service.
I periodicali have quite big traffic from one of the hosts, but I can't figure out which one is that?

Is there any linux command which will show me the bytes/packets (or any usefull infos) going to specific hosts?


Thanks
 
Old 05-06-2010, 03:05 AM   #2
mazinoz
Member
 
Registered: Mar 2003
Location: Mansfield Queensland Australia
Distribution: Linux Mint - Tara
Posts: 497

Rep: Reputation: 35
How do you monitor the network now?

You could throw a live DVD (I recommend Knoppix as it has tools like rkhunter chkrootkit and unhide on the DVD)into a machine and look at using network monitoring tools on the DVD and ssh to look at different machines on the network. Use your distributions repositories to see what they include in the way of network monitoring tools. There are SEVERAL. eg: Knoppix as root or sudo su: synaptic (opens up package manager). Browse the network section of manager and read descriptions.

It seems to me that you could improve your security by turning your Centos machine into a proxy server and restricting access to only http. No ftp,telnet or whatever else. I do not know enough about your network to comment further, however I would advise if you have Windows machines accessing the internet you disable file sharing, microsoft client, print sharing and telnet for starters and only allow tcp. Please start reading Security and Network related sections of linuxquestions.org
 
Old 05-06-2010, 08:42 PM   #3
LVsFINEST
Member
 
Registered: Aug 2006
Posts: 99

Rep: Reputation: 21
Not sure of a linux command that will do that, but if you can install applications on that box, install Ntop. It does what you're looking for, and plenty more. It's the sh*t. Really.

http://www.ntop.org

On a side note, I also agree that you should restrict your rules a bit. Allowing every Internet service is scary!
 
Old 05-09-2010, 11:34 PM   #4
mazinoz
Member
 
Registered: Mar 2003
Location: Mansfield Queensland Australia
Distribution: Linux Mint - Tara
Posts: 497

Rep: Reputation: 35
Yes I agree, ntop is a CLI program you can install with your package manager eg: YaST, Yum,aptitude etc. But there were a few things the OP said that really concerned me and I was trying to point them towards more tools for monitoring networks and security.

Cheers
 
Old 05-10-2010, 03:43 AM   #5
SuperJediWombat!
Member
 
Registered: Apr 2009
Location: Perth, Australia
Distribution: Ubuntu/CentOS
Posts: 208

Rep: Reputation: 51
Also, tcpdump comes installed with CentOS.
Code:
tcpdump
 
Old 05-11-2010, 04:04 AM   #6
jclynadms
LQ Newbie
 
Registered: May 2010
Posts: 3

Rep: Reputation: 0
MazinOz has given a very nice way to monitor network traffic,it will be a nice option of having proxy sever and having only http access, it will surely work out. I was just wondering that is http and https will more good and in this s means security. It comes directly or we have to add this.
 
Old 05-11-2010, 03:18 PM   #7
mpapet
Member
 
Registered: Nov 2003
Location: Los Angeles
Distribution: debian
Posts: 548

Rep: Reputation: 72
iptables is the way to go. The option "-m state state NEW" would just log new connections.

There's more to it than that, but search on iptables and logging. Then be sure your syslog is configured to dump firewall messages into your firewall log. Then be sure you are rotating that log...
 
Old 05-25-2010, 06:03 PM   #8
mazinoz
Member
 
Registered: Mar 2003
Location: Mansfield Queensland Australia
Distribution: Linux Mint - Tara
Posts: 497

Rep: Reputation: 35
"I was just wondering that is http and https will more good and in this s means security".

You need to configure /etc/squid.conf and designate http (80 or 8080 or 3128) and https (445) as ports to use. Most of the essential configuration is at the start of the file, or use Centos to setup proxy server. The network machines need to have the browser settings set up to go through the proxy server.

Hope this helps
 
Old 05-26-2010, 02:27 AM   #9
selestin Mathew
LQ Newbie
 
Registered: Nov 2007
Posts: 11

Rep: Reputation: 0
Hi,

You can use SARG Squid Analysis Report Generator for monitoring Squid traffic. It gives daily, weekly and Monthly reports and provides many informations about Squid users activities: times, bytes, sites, etc...

I have used this one for managing my squid server monitoring.
 
Old 05-26-2010, 03:08 PM   #10
mpapet
Member
 
Registered: Nov 2003
Location: Los Angeles
Distribution: debian
Posts: 548

Rep: Reputation: 72
Squid

If you don't want to work with the kernel, squid is a good alternative. But that means a big change to your current setup.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
How to add hosts into Zabbix monitoring tool rawand Linux - Software 1 06-03-2010 12:33 AM
Monitoring which hosts is traffic being sent to. parikpol Linux - Software 1 01-26-2010 12:41 AM
network monitoring:unable to launch nagios network monitoring system oladapo1980 Linux - Newbie 0 07-21-2009 01:45 PM
IP/Hosts monitoring roopunix Linux - Networking 2 09-27-2006 03:22 AM
monitoring hosts activites on a network? Singist Linux - Networking 1 03-09-2006 06:10 AM

LinuxQuestions.org > Forums > Linux Forums > Linux - Networking

All times are GMT -5. The time now is 04:58 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration