Re: [CentOS] NTOP alternatives?
I would like to know on which host should I install it on LAN? My plan for today is to install darkstar on a separate physical host with dual nic's, and tell the switch to copy all traffic on the VLAN's that I wish to monitor to one port which will then be connected to one of the NIC's on the darkstar host. This feature is called port mirroring on ProCurve switches but most professional switches have similar features, although they might be called differently. I think This is an URL for it. Where it shows with a picture. http://community.spiceworks.com/how_to/show/1261 The same thing for bandwidthd software. * Pls assume*, My Network Monitoring Server has *2 Ethernets and also I have port mirroring capable switch. * if one Ethernet of Netwrok monitoring Sever connects to usual port in the switch, Other LAN PCs also connects to the usual ports of the same switch . Then, remaining Ethernet of the Monitoring Server should connect to a mirrored port. *Then, to which port , Should I connect my router ??? * to a usual port or mirrored port of that same switch? if Router should be connected to a mirrored port , We need 2 mirrored port of the same switch.. Pls let me know since I would like to learn.. gateway Machine, proxy Server or any host on that LAN? Alternatively, if you have a gateway machine that all traffic passes through, this would also be a good candidate unless traffic is so high that the additional load from darkstat impacts performance - or any bug in darkstat that just might interrupt regular operations. IF my Gateway is running squid But NOT in transparent mode, just a usual way with configurations of users' browsers, Can I install darkstar or bandwidthd on that gateway box? I really like to hear from you? -- Thank you Indunil Jayasooriya ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] NTOP alternatives?
On Wed, Aug 29, 2012 at 10:59 AM, Morgan Cox morganco...@gmail.com wrote: Have you tried Darkstat - it's a nice very very lightweight alternative http://unix4lyfe.org/darkstat/ Hi. Darkstat worked like a charm on my laptop yesterday, for traffic to/from the laptop. So this morning I've been trying to make it work in the serverroom. I've set up a monitoring port on the switch and mirrored a vlan to it. To this monitoring switch port, I've connected the second nic on a spare server. But I can't make it see the traffic: *Running for* 38 secs*, since* 2012-08-30 08:27:12 UTC+*.* *Total* 0 *bytes, in* 0 *packets.* (2,512,454 *captured,* 2,494,741 * dropped) *And so the graphs are blank :-( I've tried several incantations to no avail: usr/local/sbin/darkstat -i eth1 -p 5001 --no-daemon --no-dns -l 0.0.0.0/0.0.0.0 --local-only /usr/local/sbin/darkstat -i eth1 -p 5001 --no-daemon --no-dns -l 0.0.0.0/0.0.0.0 /usr/local/sbin/darkstat -i eth1 -p 5001 --no-daemon --no-dns I've even tried assigning a bogus ip address on the monitored subnet to eth1, but that doesn't help either. Any suggestions? with kind regards, Bent ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] NTOP alternatives?
On 30.08.2012 03:28, Net Foss wrote: On Wed, Aug 29, 2012 at 4:52 PM, Rafał Radecki radecki.ra...@gmail.com wrote: After some search I think I will use ntop ;) Does anyone know a repo which contains ntop for centos 6.x? I have been using ntop for 5.x from rpmforge, but coundn't find RPMS for 6.x there. -- net foss ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos http://li.nux.ro/download/nux/misc/el6/x86_64/ntop-4.1.0-3.el6.nux.x86_64.rpm backported from Fedora, untested. -- Sent from the Delta quadrant using Borg technology! Nux! www.nux.ro ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] NTOP alternatives?
After some search I think I will use ntop ;) Thanks for all help. Best regards, Rafał. 2012/8/28 Lamar Owen lo...@pari.edu On Tuesday, August 28, 2012 02:35:25 AM Rafał Radecki wrote: Hi all. I have currently a task to implement a network traffic analyzer. Some years ago I've used NTOP for that purpose, I would also like to test some alternatives. Which alternatives can you recommend and why? As a package, either the Fedora-based NetworkSecurityToolkit (NST) or the loosly-based-on-ubuntu BackTrack are nice. NST has some very cool features, and a web UI that allows some nice options. NST runs best on a dedicated piece of hardware; slap a couple of GigE NIC's in a good box with dual procs, put one GigE on a SPAN port or a hardware tap, install NST on it and configure to your liking. If you want prepackaged updates that you don't have to built yourself, subscribe to the NSTPro service. www.networksecuritytoolkit.org I'm using it here, and coupled with the power and configurability of Cisco's SPAN it works really well for troubleshooting. I'm using it enough that I set up my own builder on Fedora 16, and have been building my own updates out of NST's SVN, which has been interesting ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] NTOP alternatives?
On Wed, Aug 29, 2012 at 9:52 AM, Rafał Radecki radecki.ra...@gmail.comwrote: After some search I think I will use ntop ;) Having lurked in this thread, I think I'll start using ntop as well. Did a quick test today on my laptop and got it up and running in no time. But to answer the question people at the office keeps asking me, I need to dump Network Load data with a 1-second granularity. Does anoybody know how to do that? Basic question is, do we have large fluctuations on our internet connection usage. Thanks in advance! with kind regards, Bent Terp ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] NTOP alternatives?
On 29/08/2012 09:29, Bent Terp wrote: On Wed, Aug 29, 2012 at 9:52 AM, Rafał Radecki radecki.ra...@gmail.comwrote: After some search I think I will use ntop ;) Having lurked in this thread, I think I'll start using ntop as well. Did a quick test today on my laptop and got it up and running in no time. But to answer the question people at the office keeps asking me, I need to dump Network Load data with a 1-second granularity. Does anoybody know how to do that? Basic question is, do we have large fluctuations on our internet connection usage. Thanks in advance! I know it's a Windows utility (WINE??), but we used STG traffic grapher in a previous ISP environment. Graphing at a 1s interval is possible, looks very much like MRTG. http://leonidvm.chat.ru/ -- Regards, Giles Coochey, CCNA, CCNAS NetSecSpec Ltd +44 (0) 7983 877438 http://www.coochey.net http://www.netsecspec.co.uk gi...@coochey.net ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] NTOP alternatives?
Have you tried Darkstat - it's a nice very very lightweight alternative http://unix4lyfe.org/darkstat/ ntop has more info though. regards Keep rocking the free (opensource) world On 29 August 2012 09:56, Giles Coochey gi...@coochey.net wrote: On 29/08/2012 09:29, Bent Terp wrote: On Wed, Aug 29, 2012 at 9:52 AM, Rafał Radecki radecki.ra...@gmail.comwrote: After some search I think I will use ntop ;) Having lurked in this thread, I think I'll start using ntop as well. Did a quick test today on my laptop and got it up and running in no time. But to answer the question people at the office keeps asking me, I need to dump Network Load data with a 1-second granularity. Does anoybody know how to do that? Basic question is, do we have large fluctuations on our internet connection usage. Thanks in advance! I know it's a Windows utility (WINE??), but we used STG traffic grapher in a previous ISP environment. Graphing at a 1s interval is possible, looks very much like MRTG. http://leonidvm.chat.ru/ -- Regards, Giles Coochey, CCNA, CCNAS NetSecSpec Ltd +44 (0) 7983 877438 http://www.coochey.net http://www.netsecspec.co.uk gi...@coochey.net ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] NTOP alternatives?
- Bent Terp b...@terp.se escreveu: De: Bent Terp b...@terp.se Para: CentOS mailing list centos@centos.org Enviadas: Quarta-feira, 29 de Agosto de 2012 5:29:07 (GMT-0300) Auto-Detected Assunto: Re: [CentOS] NTOP alternatives? On Wed, Aug 29, 2012 at 9:52 AM, Rafał Radecki radecki.ra...@gmail.comwrote: After some search I think I will use ntop ;) Having lurked in this thread, I think I'll start using ntop as well. Did a quick test today on my laptop and got it up and running in no time. But to answer the question people at the office keeps asking me, I need to dump Network Load data with a 1-second granularity. Does anoybody know how to do that? Basic question is, do we have large fluctuations on our internet connection usage. Hi Bent, Give a try to Collectd: www.collectd.org is a RRDTOOL data collect system. I use it on various systems without impacts on performance. Antonio. -- +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Antonio S. Martins Jr. - Support Analyst | Only The Shadow Knows | | Universidade Estadual de Maringá - Brasil| what evil lurks in the | | NPD - Núcleo de Processamento de Dados | Heart of Men! | | E-Mail: asmart...@uem.br / sha...@uem.br | !!! Linux User: 52392 !!! | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ Real Programmers don’t need comments — the code is obvious. -- Esta mensagem foi verificada pelo sistema de antivirus e acredita-se estar livre de perigo. ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] NTOP alternatives?
Am 29.08.2012 um 12:24 schrieb Antonio da Silva Martins Junior: - Bent Terp b...@terp.se escreveu: De: Bent Terp b...@terp.se Para: CentOS mailing list centos@centos.org Enviadas: Quarta-feira, 29 de Agosto de 2012 5:29:07 (GMT-0300) Auto-Detected Assunto: Re: [CentOS] NTOP alternatives? On Wed, Aug 29, 2012 at 9:52 AM, Rafał Radecki radecki.ra...@gmail.comwrote: After some search I think I will use ntop ;) Having lurked in this thread, I think I'll start using ntop as well. Did a quick test today on my laptop and got it up and running in no time. But to answer the question people at the office keeps asking me, I need to dump Network Load data with a 1-second granularity. Does anoybody know how to do that? Basic question is, do we have large fluctuations on our internet connection usage. Hi Bent, Give a try to Collectd: www.collectd.org is a RRDTOOL data collect system. +1 i use collectd to keep tracked system offloaded and send all data via network (encrypted) to a central system. I use it on various systems without impacts on performance. The central system has a continuous data stream onto the storage (my case saving 64 incoming samples/minute). Not a penalty but i would run only the logging service on this central system. -- LF ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] NTOP alternatives?
On Wed, Aug 29, 2012 at 4:52 PM, Rafał Radecki radecki.ra...@gmail.com wrote: After some search I think I will use ntop ;) Does anyone know a repo which contains ntop for centos 6.x? I have been using ntop for 5.x from rpmforge, but coundn't find RPMS for 6.x there. -- net foss ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] NTOP alternatives?
Have you tried Darkstat - it's a nice very very lightweight alternative http://unix4lyfe.org/darkstat/ I installed it on Centos 6.2 (64 bit VM). It is pretty light. I would like to know on which host should I install it on LAN? gateway Machine, proxy Server or any host on that LAN? I just installed on a host On a LAN. But, It does NOT show All the host on the LAN. It does NOT show my mail gateway. It is on the same LAN. Then, How can get actual traffic on my LAN ? Anyway, If clicked host link, It shows in , out , total traffic? It is bytes? I think it is in byte? ntop has more info though. I have used this since long time. many options. very difficult to understand. what about bandwidthd ? I have tried twice. On which host, Should I install it to see network traffic my lan? really like to hear from you. r -- Thank you Indunil Jayasooriya ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] NTOP alternatives?
On Thu, Aug 30, 2012 at 4:32 AM, Indunil Jayasooriya induni...@gmail.comwrote: Have you tried Darkstat - it's a nice very very lightweight alternative http://unix4lyfe.org/darkstat/ I installed it on Centos 6.2 (64 bit VM). It is pretty light. I would like to know on which host should I install it on LAN? If you want it to be able to see all traffic on the local network, then you have to make sure all the traffic actually shows up on that interface - which is not usually the case on a switched network :-) My plan for today is to install darkstar on a separate physical host with dual nic's, and tell the switch to copy all traffic on the VLAN's that I wish to monitor to one port which will then be connected to one of the NIC's on the darkstar host. This feature is called port mirroring on ProCurve switches but most professional switches have similar features, although they might be called differently. gateway Machine, proxy Server or any host on that LAN? Alternatively, if you have a gateway machine that all traffic passes through, this would also be a good candidate unless traffic is so high that the additional load from darkstat impacts performance - or any bug in darkstat that just might interrupt regular operations. BR Bent ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] NTOP alternatives?
On 28/08/2012 07:35, Rafał Radecki wrote: Hi all. I have currently a task to implement a network traffic analyzer. Some years ago I've used NTOP for that purpose, I would also like to test some alternatives. Which alternatives can you recommend and why? Thanks ;) If you looking at just a netflow web-frontend netflow processing I quite like nfsen / nfdump -- Regards, Giles Coochey, CCNA, CCNAS NetSecSpec Ltd +44 (0) 7983 877438 http://www.coochey.net http://www.netsecspec.co.uk gi...@coochey.net ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] NTOP alternatives?
On Tue, Aug 28, 2012 at 10:23 AM, Giles Coochey gi...@coochey.net wrote: On 28/08/2012 07:35, Rafał Radecki wrote: Hi all. I have currently a task to implement a network traffic analyzer. Some years ago I've used NTOP for that purpose, I would also like to test some alternatives. Which alternatives can you recommend and why? Thanks ;) If you looking at just a netflow web-frontend netflow processing I quite like nfsen / nfdump Or for one-off capture/analysis runs, wireshark is pretty good. I doubt if anything will match ntop for continuous captures with the ability to summarize in a large variety of ways. -- Les Mikesell lesmikes...@gmail.com ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] NTOP alternatives?
On Tuesday, August 28, 2012 02:35:25 AM Rafał Radecki wrote: Hi all. I have currently a task to implement a network traffic analyzer. Some years ago I've used NTOP for that purpose, I would also like to test some alternatives. Which alternatives can you recommend and why? As a package, either the Fedora-based NetworkSecurityToolkit (NST) or the loosly-based-on-ubuntu BackTrack are nice. NST has some very cool features, and a web UI that allows some nice options. NST runs best on a dedicated piece of hardware; slap a couple of GigE NIC's in a good box with dual procs, put one GigE on a SPAN port or a hardware tap, install NST on it and configure to your liking. If you want prepackaged updates that you don't have to built yourself, subscribe to the NSTPro service. www.networksecuritytoolkit.org I'm using it here, and coupled with the power and configurability of Cisco's SPAN it works really well for troubleshooting. I'm using it enough that I set up my own builder on Fedora 16, and have been building my own updates out of NST's SVN, which has been interesting ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos