Networking :: Proactive Versus Reactive Network Monitoring
Jun 9, 2010
Network/IT teams often look for a monitoring tool in reaction to a problem they have on the network. They know they have a problem, but they dont know specifics. They cant see, for example, who is hogging bandwidth. So they seek a free or open source point solution to solve that one problem. But if they already know one problem is happening, it's possible theres a second or third problem which could be prevented if the IT staff knew about these issues. An alternative approach to reactive monitoring would be to implement a robust network monitoring system before a problem occurs. An NMS should enable IT staffs to identify potential problems early on and solve them before end users notice them. Is your organization using a network monitoring system? If no, why not?
I have a small office network with windows machines and a Linux Internet access server (CentOS 5.4). For Internet access I use masquerade, so everione can access every Internet service. I periodicali have quite big traffic from one of the hosts, but I can't figure out which one is that?
Is there any linux command which will show me the bytes/packets (or any useful infos) going to specific hosts?
I was wondering how do you slap a packet analyzer like Wireshark somewhere between all the computers in a house and the router, so you can tell what websites are being accessed? I mean websites, specifically. I'm not trying to monitor bittorrent, IRC or other things yet - I'll get to that later. I just want to break this insanely complex task into smaller bites for now.Also, since my ISP has bandwidth caps but does not have a means for consumers to monitor total network usage, I'd like to figure out how to use Wireshark to do that as well. This, I am assuming, is easier when wireshark is running on the pipeline going into the router.
I am currently stationed overseas in Japan, and I am happy to say that I have a 100 Mbit fiber line from my service provider... I am not so happy to say that they force me to use their "CTU", which is basically a Japanese router, which limits me from receiving external connections (such as would be required to host FTP, or administer my home machines via SSH or VNC). I have tried many methods of bypassing this piece of equipment, but so far none have worked (router setup for PPPoE, DHCP, Static IP, so on). I don't think the Japanese would mind me bypassing this device, as it's really there to 'protect' me, but there's such a language barrier that I can't figure out how to tell them what I want to do.
In order to troubleshoot the problem, I would like to setup a spare computer as a hub, dumbly (Is that a word? It is for this circumstance...) passing data from one device to the other, and allowing me to watch what is being passed via Wireshark. I am pretty linux savvy, but I'm completely useless with iptables.
Here is the final product I want:
After connecting eth0 to the fiber modem and eth1 to the CTU, I want the computer to duplicate eth0's distant end MAC to eth1 and vice versa (to simulate the computer not being on the network at all), then I just want the computer to pass any data coming in on eth0 to eth1, and any data coming in on eth1 to eth0. Finally, I need to be able to read the throughput with Wireshark, but I really think that will be very simple if I can get the rest of the setup complete.
One piece of info - there is no dhcp on this link of the network, and I have no way of knowing the MAC addresses of either end before connecting them.
As an added bonus, once I've captured the handshake between the CTU and modem, if someone knows how to retransmit those packets on demand (i.e. to replace the CTU with my computer), I would be quite happy to hear about it.
Apart from the fact firef*x gets confused when my laptop is not connected to the internet... (Please click here grrr)Have you figured out a way to load a separate hosts file when booting in standalone? Presently I swap one host file for the other, usually after boot. Restart apache. Running LAMP on laptop now. It practically grinds to a halt when it isn't connected to my server
I have a home PC which connects through internet via a Zyxel ADSL router. I use Fedora 14 as my one and only operating system and sometimes I am seeing the LEDs of my modem blinking very fast which means that something is downloading. I want to know which application download what on my PC. Is there any tool in Fedora that can show which application uses my network?
I want to monitor the websites that people in my network are visiting.It's a home network with various devices (PCs, phones, Ipads), and a ubuntu headless server. I'd like to install some monitoring software on the server, which would ideally provide me a list of website the devices (attempted to) connected to.Does such a software exists?? Can I control it via Webmin. Would setting my NIC in promiscuous mode affect performance?
Any easy to install/configure network/server monitoring tool? PLease note I'm looking for something of little lightweight here (Not something like zenoss) But I'd still like to get performance graphs and event notifying alerts. Also note this is to monitor less than 50 servers and perhaps a firewall or 2.
I have a third party program (tightvnc) which I want to monitor and detect if it loses a connection with a client. I don't care if the client has the program open but isn't doing anything with it, I only want to know if the actual TCP connection is lost.
Since TCP takes forever to die on it's own I was thinking the best way to detect if a connection is lost is by bandwidth the bandwidth on the tcp port allocated to the VNC connection. Are there any tools built in to redhat (RHEL 5.2) which I could use to do this? Since I don't have full control of the operating system I would prefer to use built in tools rather then trying to get a new tool installed.
I just wanted to use a network bandwidth usage monitoring application. Scenario: I am using an EV-DO based USB broadband modem with a limited GB plan. For additional data usage they charge per MB. Currently I use either wvdial (mostly) or pon to start the connection. So if there is any network monitoring application which could log time used and data used for the session, it would be great. Actually debian has too many different network monitoring applications, But I am not sure which one suits well for this purpose.
I am currently running a 64-bit Fedora 14 server which hosts a game server, a voice server, and remote desktop functionality, each on a distinct TCP port. I am currently using the built-in firewall to deny all traffic other than ICMP ping/pong and TCP traffic on those specific ports.I am looking for a graphical application which will let me monitor any connections being made to my server in order to keep an eye out for possible security concerns. To be more specific, I'd like to be able to see the source IP addresses, TCP/UDP ports, and individual bandwidth in use by external connections being made to the server, along with any other information that might be helpful in identifying a possible intrusion attempt.
My question is simple - is there any linux app or applet which is able to show (monitor) incoming and outgoing connections assuming it's a direct internet access? I was using a firewall on a system off Redmont which was able to show every connection, listening ports of services if some were opened etc.
Is there a program that monitors and displays 'who' is on your wireless Internet signal that one may not be aware of? Like, the ability to see when someone that you don't know is accessing your locked wireless?
I use network Manager to connect to wireless broadband on Fedora 12.Are there any tools that can provide me logs about connection times, bandwidth monitoring etc.Basically, I need logs like what kppp provides with accounting.
I can use kppp to connect and get the logs I need but I want to connect to the network as soon as I plug it in - Only Network Manager allows this.
I have a box which I want to make a Samba PDC opensuse 11.3 server, but it doesn't have monitor nor keyboard during normal use. After a standard installation with keyboard and screen, I will have to remove the screen and the keyboard for lake of space. Are there ways to monitor this linux server through my laptop so it act as the screen and the keyboard of the linux server? At any times, the laptop is running desktop opensuse 11.3 or windows XP.
I was reading a magazine article today which was a discussion of internet detective work for tracking down ip addresses which attempt an ssh login to your machine. I have never really paid much attention to network security since I only run a small home network. I have WPA encryption and a firewall on my router. But while reading this article, I remembered that I myself has seen log files in the past that inidicated someone somewhere had attempted to log into my machine (attempts all failed). This had happened a few times, but I never really considered it a threat.
But, the more I read about home computers becoming "zombies" for criminals, I guess I am getting a little paranoid in my old age, particularly since my wife does quite a bit of business on the net with credit cards. I have four computers connected to the net and each other on this network, and would like to be able to easily detect attempted log ins and deal with them quickly.
So my reason for posting is to ask if someone could recommend a novice-friendly application for monitoring traffic to check this intermittently. I have read bodhi.zazen's excellent tutorial on snort, but I it appears to be written for large lan's or web servers and is over-kill for a small home network.
I setup apache server in order to gain access for the smokeping network monitoring system. I am accessing the system using [URL] But I want this page access using [URL]
My httpd.conf file looks like : Alias /smokeping/ "/usr/local/smokeping/htdocs/" <Directory /usr/local/smokeping/htdocs/> AllowOverride AuthConfig DirectoryIndex smokeping.cgi Options -Indexes ExecCGI </Directory>
We are a small company running half a dozen servers in data center.Recently we got charged heavily for over-utilizing the data transfer. So,we are looking for a way to find - uploads and downloads per ip and port basis.We have mixed environment (Win2008/Ubuntu) so the tool should be able to work for both.I am not sure if MRTG provides per port(i.e. application) based analysis.
i have some servers behind a server/router/firewall at [URL] that can be accessed using port forwarding. they are working quite well. [URL] gets you to the first server behind the server/router/firewall (the former link above).
i would want to make the server at the latter link accessible with its own domain name ie [URL]without having to add :<port> to the end of [URL] because ":" is disallowed for aliasing in the a and cname records at network solutions (my dns?). is port forwarding the best way to reach these servers behind my firewall? is it possible to assign them their own domain name? perhaps some method other than port forwarding should be used?
I have two CentOS servers on the same LAN. One is CentOS 4.7 the other 5.2 They both also have a WAN interface to the same remote network. On CentOS 4.7 I can ping the remote network through the CentOS 5.2 server. i.e. ping -I eth0 remotehost On CentOS 5.2 I can NOT force the ping to go out the CentOS 4.7 server without over riding my routing tables to make eth0 a more direct route than the eth1 route.
On 5.2 If I do the ping -I eth0 remotehost, and a tcpdump on eth0, the outbound ping will not be going out eth0, he overrides it and sends it out eth1. In fact, on CentOS 4.7 if I do not have a route to the remote network through the other server (turn proxy arp off on the 5.2 machine), I will get "Destination Host Unreachable". I would ideally like to get the 5.2 machine to behave the way the 4.7 machine does.
My real life application for this is that I have a CentOS server in a location that controls access to the Internet. There is another router on the netowrk that handles traffic back to our corporate office. the CentOS server also has the ability to get to the corporate office. I ping the corporate office through eth0 to find out if the link through the other router is indeed up and active. I want to make this a CentOS 5.2 server but alas, I can not tell if the other route is up or not.
I am renting a VPS from[URL].They do not supply a webhosting panel for restarting/shutting down or for seeing monthly bandwidth consumtion. I am running CentOS 5.3. I was wondering if theres any programs that you can install to view monthly/daily bandwidth consumption on our server?
I have a client that is using a windows based backup system called Retrospect and will be installing Linux to replace his windows server. Right now the way it works is on the XP pro workstation Norton 360 makes a backup to the server and then Retrospect make it backups every night. I want to add a linux based backup system that will give them a historical backup system that had XP pro client software that can backup open files and such I can do away with the Norton backup stuff and streamline this setup. I need it to have the capability to go back in time to restore something of an older date this historical. I was looking into:
[URL]
I have never used either one and was wondering what the linux community wold recommend between the two or if there is something better that has client software and free and does it have a GUI for my clients? I am leaning toward AMANDA after reading Jeremy's article:
I'm mentoring my local high school's IT club as they prepare to participate in a cyberdefense competition (see IT Olympics). Generally we are given four boxes and need to set up a network that provides certain services (which services change from year to year, but usually include a web server, email server, FTP server, and an application server of some sort) and support client PCs that connect from the WAN. The red team then tries to break into our network to steal "flags" from our servers and to set their own "flags" on our servers.
Generally we set up the firewall with two network interface cards (one to the WAN and one to our LAN), and connect the LAN NIC to a router, which then connects to the other three boxes. But we do have the option of installing additional NICs in the firewall and configuring it as a router. I can't shake the feeling that there is a security advantage to such a configuration, but I can't say what that advantage is. Perhaps something with configuring ipTables on the internal boxes to accept connections only from the firewall's NIC, and then only for the services we want that box to support (to prevent an intruder from connecting directly from one box to another)?
I've noticed something strange in the behavior of how Ubuntu server obtains it's IP address versus Ubuntu desktop and other versions of linux and Windows. When Ubuntu desktop obtains an IP address from my router that address is retained from one bootup to the next, same behavior as Windows, SuSE, and pretty much any other OS. Ubuntu server on the other hand grabs a different IP address everytime it boots. At first I guessed it was a difference in /etc/dhcp3/dhclient.conf so I replaced it with the dhclient.conf from Ubuntu desktop but no dice, it still grabs a new address every time.
In /etc/network/interfaces Ubuntu server defines the loopback interface and primary network interface, just as it should but Ubuntu desktop does not define the network interface, only the loopback interface. I'm guessing something else controls does this. Desktop appears to be storing previous IP lease information in /var/lib/dhcp3/dhclient.eth0.leases but server doesn't, /var/lib/dhcp3/dhclient.leases is always empty and there's no other files in /var/lib/dhcp3/.
Apparently something isn't writing old lease info there. Without setting a static IP address, how can Ubuntu server be configured to retain the same IP address between boots like Ubuntu desktop?I'm using Ubuntu server 8.04LTS, Ubuntu desktop 9.10 & 9.04, SuSE 11.0, Linux Mint, Windows XP, pfSense 1.2.2 as router.
I have both Jaunty and Windows XP installed on my laptop (dual boot), and I have successfully tethered (via Bluetooth) my cellphone in Windows, but can't get tethering to work in Jaunty.
In Windows, when I paired my phone with my laptop using Bluetooth, Windows assigned two COM ports for Bluetooth to use. Then I configured dial-up networking, and all I had to specify was the dial string (*99**1*1#). Windows treats my cellphone as if it were a modem connected via a serial port. Works great.
When I pair my phone to the laptop when running Jaunty, I don't ever see serial ports getting configured as I do in Windows. And I've read that when the Bluetooth pairing takes place in Ubuntu, the networking wizard should start, but it does not. So, I go into network connections and create a new connection under the MOBILE BROADBAND tab (I check "connect automatically"). When I'm finished creating the connection, it says "never" to the right of the connection name, but I'm not sure what that is indicating. When I left-click the network manager icon on my desktop, it does not show any connections from which I can choose. I have no Internet connectivity.
I have proved that the Bluetooth link between Jaunty and my cellphone IS working. I have been successful sending files from my phone to Jaunty, using Bluetooth.
Am I going about setting up tethering incorrectly ?
Im looking for a program to monitor the ammount of bandwidth usage per network. Ex: I have lots of networks connected to one server, and i would like to know for example how much is the average bandwitdh usage for network 172.16.2.0/24 and 172.16.5.0/24 for one hour, for example.
I am connected with LAN. We have many computers with different OS viz.linux, windows etc. Now I want to know the bandwidth every computer is getting and using. Is there any Ubuntu packages to monitor this?
dear can someone highly gui or text base/command line tool that use as "isp bandwidth monitoring tools in linux".i do have leased line,frame relay, wireless linke,dsl too. i want to monitor what is uploading and downloading.
