| View previous topic :: View next topic |
| Author |
Message |
detz
Apprentice
Joined: 19 Feb 2004
Posts: 175
|
 Posted: Tue Dec 07, 2004 5:26 pm Post subject: Newbie to networking but I want to monitor traffic, best? |
 |
|
| I would like to monitor traffic so I can tell if someone is access my computer. What's the best way to do all of this. I'm new to networking so the whole idea of firewalls and such are beyond me at this point. |
|
| Back to top |
|
 |
Dizzutch
Guru
Joined: 09 Nov 2004
Posts: 463
Location: Worcester, MA
|
| Posted: Tue Dec 07, 2004 5:38 pm Post subject: |
|
|
there ar a whole bunch of program out there to monitor all kinds of traffic, what i use is this
to monitor who is logged in (ssh'd) into my machine i just 'who'
to monitor how much each of the computers on my network downloads/uploads i use 'ipfm' on my router
to monitor who accesses my webserver i use 'awstats'
hope these plus other peoples replys help you make a decision
Jule |
|
| Back to top |
|
|
detz
Apprentice
Joined: 19 Feb 2004
Posts: 175
|
| Posted: Tue Dec 07, 2004 5:42 pm Post subject: |
|
|
| What's the best thing to monitor "attempt" to gain access? Right now my networking is not very secure since I have wireless on there so I want to be able to tell if someone is trying to get in. I don't care about traffic because I download all day and the only people that have access are my three computers and another family one. |
|
| Back to top |
|
|
idefix
n00b
Joined: 15 Mar 2003
Posts: 23
|
| Posted: Tue Dec 07, 2004 6:00 pm Post subject: |
|
|
Have you already looked at ntop? Its quite informative to find out who is downloading from where how much.
idefix |
|
| Back to top |
|
|
damg1nc
n00b
Joined: 04 Jan 2003
Posts: 12
Location: Michigan
|
| Posted: Tue Dec 07, 2004 8:12 pm Post subject: |
|
|
Another neat monitoring tool is iptraf... I have it running on my router, and use it pretty much as a glorified netstat. I check it every so often because one of my roommates can't seem to keep virii off his windows box... so I leave him nice messages when I see his computer trying to talk to random IP's on port 445. 
I also watch my log files. You can also set up iptables to log packets that match rules... so if you wanted to, you could log all incoming new state connections to your computer. |
|
| Back to top |
|
|
racoontje
Veteran
Joined: 19 Jul 2004
Posts: 1290
|
|
| Back to top |
|
|
Dizzutch
Guru
Joined: 09 Nov 2004
Posts: 463
Location: Worcester, MA
|
| Posted: Wed Dec 08, 2004 2:16 pm Post subject: |
|
|
| detz wrote: | | What's the best thing to monitor "attempt" to gain access? |
you can check your logs, to see failed password attempts (i know metalog keeps a log of that, not sure if syslogd does that by default)
Jule |
|
| Back to top |
|
|
d_m
Guru
Joined: 12 Jun 2003
Posts: 570
Location: Philadelphia, PA, USA
|
| Posted: Wed Dec 08, 2004 2:38 pm Post subject: |
|
|
| detz wrote: | | What's the best thing to monitor "attempt" to gain access? Right now my networking is not very secure since I have wireless on there so I want to be able to tell if someone is trying to get in. I don't care about traffic because I download all day and the only people that have access are my three computers and another family one. |
Take a look at snort. |
|
| Back to top |
|
|
Suicidal
l33t
Joined: 30 Jul 2003
Posts: 959
Location: /dev/null
|
| Posted: Thu Dec 09, 2004 7:06 am Post subject: |
|
|
Snort is real good, especially with snortsnarf or even ACID on a small network but ACID gets to slow on a large network as its database gets to big.
net-analyzer/trafshow is good for on the fly monitoring.
net-analyzer/darkstat has a nice web interface for showing which hosts are sending/reciveing the most data.
Snort will give you the most detialed information though, especially when you make your own rules. |
|
| Back to top |
|
|
|
Networking & Security
