[Cialug] Traffic Analysis, etc
Nathan C. Smith
nathan.smith at ipmvs.com
Thu May 8 09:25:09 CDT 2008
>
> What kind of router? A Linux box or a commercial hardware router? If
> it's a Linux box I'd recommend ntop[1]. If you have a hardware router
> is capable of exporting NetFlow data I'd look at either ntop[1] or
> flow-tools[2]. If your hardware router isn't capable of exporting
> NetFlow data I'd recommend sticking a Linux box in transparent
> bridging mode in front of the router and using ntop[1].
>
> [1] http://www.ntop.org/
> [2] http://www.splintered.net/sw/flow-tools/
>
Ntop has kind of a funky take on things but I agree, easy to get going and use and it will give you some idea of what is going where and what people are doing right away.
You can also set a port on a smart switch as a tap and hook a machine with two NICs up to that. Set NTOP up on the second NIC and connect it to the port on thw switch. Various switch manufacturers call this different things and I can't think of any of the common terms right now.
-Nate
More information about the Cialug
mailing list