Hello!

I am searching for a good networt monitoring tool. Not a IDS like Snort. I look for something like netshark ( AKA ethereal ) but this tool has also to offer me an overview like etherape.

I would like to use that tool on a VPN gateway to monitor the traffic.

First to see who is causing the traffic ( which etherape could do ) and second to see what is communicated ( which netshard or tcpdump could do).

But well I would like to run this tool in console or like ntop as a service.


I also tought of using ntop but it does ( AFAIK ) not support a view at the packages ?!

Does somebody have an idea what tool could help me ?

BTW the gateway is used to connect to companys via LWL 1GB WAN network.

well your demands are fairly confused, and netshark appears to be a canadian web design company... try wireshark

If you want to basically record all network traffic then you can fairly simply set up a box to use tcpdump to manage a ring buffer to log blocks of data to disk, and then interrogate the traffic with wireshark. not sure what wireshark isn't doing for you in the equation, but it depends if you want a real time view or an on demand view. of specifics.

Well sure i was talking about wireshark, sorry!

Yes, i understand what you mean. I think I will combine it with ntop and rrd just to have some graphics.

I just tought there would be a graphical all-in-one tool to have graphic like ntop+rrd+etherape and tcpdump+wireshark in one GUI.

nothing that encompassing within the open source market. there are packages like SuperAgent which quite possibly would cover your needs, but they are commerical packages with significant list prices associated with them.

iptraf can monitor packets in an attended or unattended mode. It measures on a per - ip or per - port basis. So you could use it to see what ips cause the most traffic and what the services are that most use them.