Gentoo Forums
Gentoo Forums
Gentoo Forums
Quick Search: in

  FAQ | Search | Memberlist | Usergroups | Statistics | Profile | Log in to check your private messages | Log in | Register

Firewall analyzer?
 View unanswered posts
View posts from last 24 hours

 
Reply to topic    Gentoo Forums Forum Index Networking & Security
View previous topic :: View next topic  
Author Message
kmj0377
Guru
Guru


Joined: 26 Sep 2003
Posts: 397
PostPosted: Thu Jul 20, 2006 9:40 pm    Post subject: Firewall analyzer? Reply with quote
Is there any good utility to analyze traffic going through a firewall and present it in a meaningful way? I've looked and I must be searching for the wrong stuff because I can't find any. It'd be nice to have a graph of some kind describing the traffic and be able to look at summaries for traffic by IP.
Back to top
View user's profile Send private message
azuriel
Apprentice
Apprentice


Joined: 27 Feb 2005
Posts: 166
PostPosted: Thu Jul 20, 2006 9:51 pm    Post subject: Reply with quote
I don't know much about "nice graphical" ways of measuring firewall traffic, but I can point you towards a couple utilities:

-Wireshark (Ethereal): Packet sniffer, lets you record all the packets going by on the network and analyze the traffic a bit. It can do some pretty good sorts and searches, but it's not that graphical. You can definitely look at traffic by IP, though, but recording packets like that fills up disk space fast.
-Snort: IDS, probably overkill for what you want, and it has a graph generator called snortplot. I haven't used snortplot myself, but I'm guessing it works. It's not as easy as install & run, but it's not difficult either.
-You can also look around for some log parsers, they might be able to meet your requirements.

Hoped these helped a bit. What kind of firewall do you have, and what is the purpose of these statistics?
_________________
Adopt an unanswered post
TJGames.org

The folly of mistaking a torrent of verbiage for a spring of capital truths, and oneself for an oracle, is inborn in us. -Valery
Back to top
View user's profile Send private message
lkarayan
n00b
n00b


Joined: 28 Mar 2005
Posts: 14
PostPosted: Thu Jul 20, 2006 11:57 pm    Post subject: ntop? Reply with quote
ntop will tell you the bandwith you are using, and the sites that are being connected to. But it won't tell you what the firewall rejected.
Back to top
View user's profile Send private message
kmj0377
Guru
Guru


Joined: 26 Sep 2003
Posts: 397
PostPosted: Fri Jul 21, 2006 1:53 am    Post subject: Reply with quote
azuriel wrote:
I don't know much about "nice graphical" ways of measuring firewall traffic, but I can point you towards a couple utilities:

-Wireshark (Ethereal): Packet sniffer, lets you record all the packets going by on the network and analyze the traffic a bit. It can do some pretty good sorts and searches, but it's not that graphical. You can definitely look at traffic by IP, though, but recording packets like that fills up disk space fast.
-Snort: IDS, probably overkill for what you want, and it has a graph generator called snortplot. I haven't used snortplot myself, but I'm guessing it works. It's not as easy as install & run, but it's not difficult either.
-You can also look around for some log parsers, they might be able to meet your requirements.

Hoped these helped a bit. What kind of firewall do you have, and what is the purpose of these statistics?

We mostly want to see who has been connecting the most and to what and we'd also like to see what kind of bandwith usage we're using (looks like ntop might do that). We're using Shorewall to configure iptables mostly for forwarding to our servers and VPN purposes.
Back to top
View user's profile Send private message
azuriel
Apprentice
Apprentice


Joined: 27 Feb 2005
Posts: 166
PostPosted: Fri Jul 21, 2006 5:02 am    Post subject: Reply with quote
A quick google search for "iptables graph" turned up this article, Making Graphs with PostgreSQL & R. It's basically dumping the syslog entries that iptables generates into a database with some parsing tricks, and then using that to generate graphs. If you've got some experience working in higher level scripting languages and with databases, you can probably figure out how to do this using the article as a starting point. It shouldn't be too hard to adapt it to say, PHP or Python and MySQL.

I'm pretty sure you could do this with snort if you wanted, but it's almost certainty extra overhead assuming that you can do it with just iptables. The general idea would be making snort detect up and log all packets and dump it in snort's nice and fast binary log format, then using barnyard to put the log into a database, and THEN hopefully snortplot does what you want.
_________________
Adopt an unanswered post
TJGames.org

The folly of mistaking a torrent of verbiage for a spring of capital truths, and oneself for an oracle, is inborn in us. -Valery
Back to top
View user's profile Send private message
Display posts from previous:   
Reply to topic    Gentoo Forums Forum Index Networking & Security All times are GMT
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum



 Links: forums.gentoo.org | www.gentoo.org | bugs.gentoo.org | wiki.gentoo.org | forum-mods@gentoo.org

Copyright 2001-2025 Gentoo Foundation, Inc. Designed by Kyle Manna © 2003; Style derived from original subSilver theme. | Hosting by Gossamer Threads Inc. © | Powered by phpBB 2.0.23-gentoo-p11 © 2001, 2002 phpBB Group
Privacy Policy