Ubuntu Security :: Program - Network Traffic Monitoring
Jan 31, 2010
Is there a program that monitors and displays 'who' is on your wireless Internet signal that one may not be aware of? Like, the ability to see when someone that you don't know is accessing your locked wireless?
View 9 Replies
ADVERTISEMENT
May 9, 2010
I was reading a magazine article today which was a discussion of internet detective work for tracking down ip addresses which attempt an ssh login to your machine. I have never really paid much attention to network security since I only run a small home network. I have WPA encryption and a firewall on my router. But while reading this article, I remembered that I myself has seen log files in the past that inidicated someone somewhere had attempted to log into my machine (attempts all failed). This had happened a few times, but I never really considered it a threat.
But, the more I read about home computers becoming "zombies" for criminals, I guess I am getting a little paranoid in my old age, particularly since my wife does quite a bit of business on the net with credit cards. I have four computers connected to the net and each other on this network, and would like to be able to easily detect attempted log ins and deal with them quickly.
So my reason for posting is to ask if someone could recommend a novice-friendly application for monitoring traffic to check this intermittently. I have read bodhi.zazen's excellent tutorial on snort, but I it appears to be written for large lan's or web servers and is over-kill for a small home network.
View 8 Replies
View Related
Dec 8, 2008
Via a network traffic monitoring tool I see that my laptop is generating lots of outgoing (EDIT : incoming !!) network traffic. Although no download program is running or any other program of which I know that could be generating this much traffic. Something strange is going on and I need to know how I can find out which program( s ) are generating network traffic.
View 7 Replies
View Related
Dec 8, 2010
I have a third party program (tightvnc) which I want to monitor and detect if it loses a connection with a client. I don't care if the client has the program open but isn't doing anything with it, I only want to know if the actual TCP connection is lost.
Since TCP takes forever to die on it's own I was thinking the best way to detect if a connection is lost is by bandwidth the bandwidth on the tcp port allocated to the VNC connection. Are there any tools built in to redhat (RHEL 5.2) which I could use to do this? Since I don't have full control of the operating system I would prefer to use built in tools rather then trying to get a new tool installed.
View 3 Replies
View Related
Feb 9, 2011
I am currently running a 64-bit Fedora 14 server which hosts a game server, a voice server, and remote desktop functionality, each on a distinct TCP port. I am currently using the built-in firewall to deny all traffic other than ICMP ping/pong and TCP traffic on those specific ports.I am looking for a graphical application which will let me monitor any connections being made to my server in order to keep an eye out for possible security concerns. To be more specific, I'd like to be able to see the source IP addresses, TCP/UDP ports, and individual bandwidth in use by external connections being made to the server, along with any other information that might be helpful in identifying a possible intrusion attempt.
View 3 Replies
View Related
Jan 4, 2010
I have Ubuntu 8.04 as virtual host. On this host I have installed VirtualBox virtualization software. I have installed Windows XP as virtual machine and installed HTTP server.I would like temporally disable all network connections to host and virtual machine.So on Ubuntu host I have set firewall settings:
Code:
sudo iptables -F (to flush - delete all firewall settings)
sudo iptables -P INPUT DROP (to disable all input traffic)
[code]....
View 9 Replies
View Related
Apr 8, 2011
my servers are configured with:Ubuntu 10.10 server 64bit;Lighttpd MySQL-Server I need to make graphs for traffic (bandwidth usage) and cpu load every month. I tried to configure mrtg but after 48h, it didn't produce graphs.(I can't install apache2)
[Code]...
View 6 Replies
View Related
Jun 28, 2011
I have a UBUNTU server 10.04 LTS with 3 network interfaces (eth0,1,2) with eth0 is connected to my lan and others connected to two different ISPs , I am looking for a very flexible and complete monitoring tool which can monitor all of the traffic of incoming and outgoing of any interface and SPECIALLY can show me which local client made connection to which interface for connecting to internet in online mode not offline and it is good to have online web base interface I mean the interface shows the measured data in real time mode. I fount some tools like iftop and iptraf and many others in this url: http://www.ubuntugeek.com/bandwidth-...for-linux.html but non of them are suitable for my net I mean none of them have good web real time data and non of them shows "which local client made connection to which interface for connecting to internet".
View 2 Replies
View Related
Mar 5, 2010
I am using CentOS 5.4 and did a yum install of cacti. I installed all the necessay packages, like net-snmp, php net snmp and all that. Everything else works but I can't for the life figure out how to monitor traffic on eth0. I do not have any SNMP Interface Statistics or alike in either the Associated Graph Templates or Associated Data Queries.
Heres the output of "snmpwalk localhost -c public -v2c" , SNMPv2-MIB::sysDescr.0 = STRING: Linux xxx.xxxx.net 2.6.18-164.6.1.el5xen #1 SMP Tue Nov 3 17:53:47 EST 2009 i686
SNMPv2-MIB::sysObjectID.0 = OID: NET-SNMP-MIB::netSnmpAgentOIDs.10
DISMAN-EVENT-MIB::sysUpTimeInstance = Timeticks: (7515443) 20:52:34.43
[Code]...
I am trying to monitor the interfaces on the local computer only.
View 4 Replies
View Related
Jan 26, 2010
I have a service, which calls other services. I need to verify that my service is hitting the right end points of the other service, since the end points of the other dependent service are specified in configs, and are different for different stages - development vs production. Is there any tool which can tell me what end points are being contacted from my host?
View 1 Replies
View Related
Oct 25, 2010
Which is best server monitoring (Traffic ) tool ?
Can you provide some form of monitoring on this server or recommend any server-side applications that could monitor the status, in high detail, including traffic, etc?
View 9 Replies
View Related
Apr 13, 2010
I want to know that squid in 5 min ago and 1 hour ago how much traffic transferred for monitoring purposes?? where can I get this info from running squid? of course I get I have to note that access.log is disabled for some reasons.
View 3 Replies
View Related
Sep 2, 2010
I'm running ASSP on Ubuntu 10.04.1 it's mostly working fine. I have one problem which has been bugging me for some time. I don't want to filter outbound mail, but if I can relay (proxy) my outbound mail through ASSP, then it can automatically add to the whitelist.
As ASSP is a proxy, I need a server to send it to once ASSP receives it. I've tried my ISP, but this failed and they weren't willing to confirm if a connection attempt was received at their end.
Current setup
Inbound
mx -> router -> ASSP -> Exchange 2003
Outbound
Exchange 2003 -> mx
I'd like to setup outbound as either
Exchange 2003 -> ASSP -> <ISP> SMTP relay
Exchange 2003 -> ASSP -> <relay running on Ubuntu eg postfix>
Can anyone help me with troubleshooting steps or a better suggestion for how I can set this up. I'd love to know why my ISP setup didn't work, but I don't know a tool for monitoring IP traffic in Ubuntu SE, in windows I use Wireshark is there any equivalent I can setup for Ubuntu or a tool I can use in windows which will show all traffic, Ubuntu and windows server are on the same netgear switch, not sure it's smart enough to copy all traffic to another port for monitoring.
View 4 Replies
View Related
May 19, 2010
I've read up some of the posts on this forum, but can't seem to find an answer. I have a web service within an Apache Tomcat instance installed on a Redhat linux server. I only have shell access to the server, and need to monitor outbound network traffic from my web service. Is there a unix command that will allow me to monitor all outbound traffic? I'm thinking fiddler, but a unix version? I've heard of things like ntop and iptraf, but I don't think those will help me in this instance.
View 2 Replies
View Related
Jun 17, 2010
I'm looking for a monitoring tool like ntop, but can preserve statistics for http traffic.
View 1 Replies
View Related
Dec 18, 2009
Im looking for a program to monitor the ammount of bandwidth usage per network. Ex: I have lots of networks connected to one server, and i would like to know for example how much is the average bandwitdh usage for network 172.16.2.0/24 and 172.16.5.0/24 for one hour, for example.
View 1 Replies
View Related
Mar 18, 2011
I have a dual boot with xp and opensuse 11.4. There has been an annoying 'system fan has failed' error message that was dealt with by replacing a fan and installing speedfan and hardware monitor on the windows partition, but my opensuse installation has no such programs running, and I want to keep things cool while I'm running opensuse. Speedfan is a program that tells the fans to turn on and off. Usually according to the temperature that the sensors are reading. The program shows temperatures and fan speeds and allows you to have control.Is there a fan speed/temperature monitoring program for opensuse?
View 7 Replies
View Related
Nov 27, 2010
Can someone recommend a good app to monitor the OUTPUT of my soundcard? I don't just want to look at the VU meter of my music player - i actually want to see what the soundcard is outputting. Windows drivers for my soundcard (Audiophile 192) had this ability, but I'm not sure what software to use in Linux.
View 6 Replies
View Related
Sep 27, 2009
Recently I notice that when I'm connected to an vpn server (pptpd) and I'm using it as a default gateway my download and upload speed decreases almost to the half of the usual speed. I made a test using iptables in order to count how much GRE packets are generated (except the real traffic itself) in that way:
Code:
iptables -I INPUT -p gre -j ACCEPT
iptables -I OUTPUT -p gre -j ACCEPT
iptables -I FORWARD -s 172.16.10.101 -j ACCEPT
iptables -I FORWARD -d 172.16.10.101 -j ACCEPT
The first 2 rules match all GRE packets between the pptpd server and client, and the next rules - the traffic between the server and the client.
When I turn the counters to zero and begin to generate traffic (to browse, to download etc.) I see that the GRE packets are even more than these in the FORWARD chain.
So, my question is first of all is my test correct and is it true that so much gre traffic is being generated during the browsing (it becames clear that the traffic is double than if the pptpd wasn't used as a gateway) and if yes - can that traffic be reduced?
View 3 Replies
View Related
Oct 1, 2010
At our company we have a central server with client files. This server has a SSH server installed, and through Nautilus all employees can access the files. However, I have a few questions:
1. Most employees need access to all folders, because they might use them at some point in time. However, I want to make sure they are not accessing things they do not need. How can I do this? For instance, if somebody copies all of the folders to his/her computer, I want to be able to see this in some sort of log. Can this be done? Copying and accessing in general is what is of my concern.
2. Some employees only need access to specific folders. Can this be easily configured with SFTP?
3. Some also use SSH and type commands which I want to check every now and then (e.g. to make sure an intern is not again copying information or accessing folders they should not be in). What is a good way to do this?
View 7 Replies
View Related
Dec 15, 2010
I've firewall machine customers connect on it then connect to one of another 3 machines as root through ssh key , is there any way to know which user connect to which machine and what command that he has executed without using script command ?
View 1 Replies
View Related
Nov 30, 2010
How do I monitor who is ssh'ing into a box (SLES) as well as failed attempts? How can I log their IP addresses, even if they're not in DNS?/var/log/messages I see their hostname but no IP address
View 13 Replies
View Related
Jan 16, 2011
Were we are we are now getting dinged by the gigabyte were up till now it was just a monthly cost for unlimited use. I guess they are fishing for more profits anyways I need a program that will record/track my monthly usage is their anything available like this for ubuntu?
View 6 Replies
View Related
Oct 15, 2010
I am striving to setup OSSEC to monitor some specific files for realtime changes! Is this possible? I can't really find a lot of info from their Documentation
Some Examples:
/etc/myfile.txt is deleted. I need this to be reported.
/etc/myfile.txt is created again so I need this to be reported again!
This has to happen instantly though, because the file might be deleted and created again many times in a short period of time.. Another one...
/etc/passwd is touched (accessed) even if there is no changes! Can this be reported as well?
View 2 Replies
View Related
Sep 30, 2010
I'm going to start monitoring our Linux servers with a log management/correlation tool to take a proactive approach to the security of our systems.
Right now I'm going to search for log events that include the following:
Any other commands or logs that would be good to correlate or be alerted on when a potential breach or suspicous activity is happening on the box? Logging cleared, permission changes on accounts or particular files or directories? What would you want to see while monioring your servers?
View 3 Replies
View Related
Nov 7, 2010
have around 20-30 HP and Dell Hardware where we have attached Pen Drive. There is no Rack-lock facility. A misuse of Pen Drive is reported and it happens every alternative day that someone unplug and theft the drive attached.There is no camera facility to monitor.I have a plan to write a script which will login to every machine through ILO and watch the USB availability. In case anyone dettach the USB, a mail will be sent to the administrator and thereby the steps could be taken.Does this idea look feasible.
View 13 Replies
View Related
Sep 4, 2009
I wanted to know if i can install mrtg on a client computer in network and measure the network's router traffic.i know that it can be installed on the server.
View 5 Replies
View Related
Mar 11, 2011
has my Ubuntu machine been cracked?
machine on home lan
192.168.0.102
it is the DMZ from router
ufw on (ports open for aMule)
sshd installed
[Code].....
View 2 Replies
View Related
Sep 14, 2011
As too my question, at this time I dont control the router/firewall an I would like to block a port thats used for guild wars on my workstation for a while. The reason for blocking is children have abused it an lost it.In this case I am trying to block outgoing traffic on port 6112. I have tried setting up a proxy server on the workstation, but the game seems to ignore it an jump on. Due to the environment, I enabled the workstation SuSEFirewall2 firewall an tried setting up "lo" as a internal an configure the firewall as a router, then disable 0/0 an configured for 0/0,tcp,443 an re route port 80 traffic to proxy.
When I had my own internet, I had a transparent proxy enforcing rules for access times. So setting up a proxy on each machine would not be a bad thing, even if it took some creative thinking. I am trying, but seem to be missing something.Ideally, I would like to setup a transparent proxy, as my kids have learned alot about system administration an know to check the proxy module. If all they have to do is un check "Use Proxy" an by pass a local proxy server, then I am kinda defeated. An applications such as firefox have a proxy setting they could set to none instead of system
View 9 Replies
View Related
Feb 9, 2010
is someone can guide the best open source tools to monitor as webbase,gui,shell prompt
View 1 Replies
View Related