[Discuss] Network monitoring tool recommendation
David Rosenstrauch
darose at darose.net
Wed Feb 6 18:29:51 EST 2013
On 02/06/2013 02:00 PM, David Rosenstrauch wrote:
> On 02/06/2013 12:34 PM, Matt Shields wrote:
>> Also try ntop. Set it up on a standalone computer. 2 network ports, one
>> for management, one where you mirror all your traffic at the
>> switchport to
>> it and have the interface in promiscuous mode. Then it'll give you nice
>> charts to show you who is talking to what (ie. User1 is streaming content
>> from Youtube, etc).
>>
>> Matt
>
> Will check that out - thanks!
>
> DR
Great suggestion on ntop! Looks like what I need.
Just one thing I'm not sure about with it, though:
It seems like the intention is that you would run ntop on your gateway
machine (which all traffic on the network passes through) and that way
get full stats for the entire network.
However, that's not the setup I have. I do have a gateway, but it's our
firewall box, which I can't run ntop on. The machine I am running it on
is our ssh entrypoint into the network. But the other machines on the
network can initiate connections directly to the Internet through
firewall without going through the ssh entrypoint. So I'm thinking that
by running ntop on the ssh entrypoint box, it's not going to actually be
seeing all the incoming or outgoing traffic for the network, and so
won't be able to report on it accurately.
Am I right on this? And if so, how best to work around this? (Without
having to run an instance of ntop on every machine in the network.)
Thanks,
DR
More information about the Discuss
mailing list