""Johnson, Richard (NY Int)"" wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > What is everyone using for monitoring their network?
SnifferPro (from NAI) is popular, but limited in function IMO due to it's lack of stability. The Distributed SnifferPro is overpriced, but may fit what you need. However, it's more built for small, legacy Enterprise networks. It lacks scalability and stability for most of today's networks. I believe NAI is charging too much for their buggy products, but YMMV. Most people understand that NAI products run primarily on Microsoft Windows products, and therefore, are not as stable and high-performance as Unix alternatives. I would suggest at least trying to use Ethereal along with tcpdump or libpcap (Ethereal is very cool since it opens gzipped pcap-formatted files). A newish x86 machine running FreeBSD with libpcap and tcpdump installed can work really well. It's best combined with dual Intel EtherExpress Pro 10/100 NIC's in a full-duplex fast ethernet environment (Cisco or Foundry switches would be nice). Connect fxp0 to your management network and fxp1 to a mirrored port (e.g. using Cisco SPAN). Then run `tcpdump -n -X -s 65535 -i fxp1 -l | tee ' and scp the file to your computer. You can then run Ethereal or SnifferPro on the capture file. Niksun also makes a product called NetVCR which is very interesting, however I would like other suggestions of *BSD machines running web-interfaces to high-performance sniffers or anything similar. You might also be able to load-balance sniffers using products from companies like Radware or TopLayer. They have products that do "IDS Load-Balancing", I haven't seen this done with Cisco products lately, but you might be able to accomplish the same thing with similar products. There is also a very cool product made by Unispeed, the Netlogger, but it is overpriced more than any product I've ever seen in the whole networking world. There was also an interesting thread on building high-performance sniffers recently on nanog-l. -dre Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=49733&t=49712 -------------------------------------------------- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
