Hi all.

I have currently a task to implement a network traffic analyzer. Some years
ago I've used NTOP for that purpose, I would also like to test some
alternatives.
Which alternatives can you recommend and why?

Thanks

Best regards,
Rafał Radecki.
_______________________________________________
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

On 28/08/2012 07:35, Rafał Radecki wrote:

Hi all.

I have currently a task to implement a network traffic analyzer. Some years
ago I've used NTOP for that purpose, I would also like to test some
alternatives.
Which alternatives can you recommend and why?

Thanks

If you looking at just a netflow web-frontend & netflow processing I
quite like nfsen / nfdump


--
Regards,

Giles Coochey, CCNA, CCNAS
NetSecSpec Ltd
+44 (0) 7983 877438
http://www.coochey.net
http://www.netsecspec.co.uk
giles@coochey.net


_______________________________________________
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

On Tue, Aug 28, 2012 at 10:23 AM, Giles Coochey <giles@coochey.net> wrote:
> On 28/08/2012 07:35, Rafał Radecki wrote:
>>
>> Hi all.
>>
>> I have currently a task to implement a network traffic analyzer. Some
>> years
>> ago I've used NTOP for that purpose, I would also like to test some
>> alternatives.
>> Which alternatives can you recommend and why?
>>
>> Thanks
>>
> If you looking at just a netflow web-frontend & netflow processing I quite
> like nfsen / nfdump

Or for one-off capture/analysis runs, wireshark is pretty good. I
doubt if anything will match ntop for continuous captures with the
ability to summarize in a large variety of ways.

--
Les Mikesell
lesmikesell@gmail.com
_______________________________________________
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

On Tuesday, August 28, 2012 02:35:25 AM Rafał Radecki wrote:
> Hi all.
>
> I have currently a task to implement a network traffic analyzer. Some years
> ago I've used NTOP for that purpose, I would also like to test some
> alternatives.
> Which alternatives can you recommend and why?

As a package, either the Fedora-based NetworkSecurityToolkit (NST) or the loosly-based-on-ubuntu BackTrack are nice. NST has some very cool features, and a web UI that allows some nice options.

NST runs best on a dedicated piece of hardware; slap a couple of GigE NIC's in a good box with dual procs, put one GigE on a SPAN port or a hardware tap, install NST on it and configure to your liking. If you want prepackaged updates that you don't have to built yourself, subscribe to the NSTPro service.

www.networksecuritytoolkit.org

I'm using it here, and coupled with the power and configurability of Cisco's SPAN it works really well for troubleshooting. I'm using it enough that I set up my own builder on Fedora 16, and have been building my own updates out of NST's SVN, which has been interesting....

_______________________________________________
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

After some search I think I will use ntop
Thanks for all help.

Best regards,
Rafał.

2012/8/28 Lamar Owen <lowen@pari.edu>

> On Tuesday, August 28, 2012 02:35:25 AM Rafał Radecki wrote:
> > Hi all.
> >
> > I have currently a task to implement a network traffic analyzer. Some
> years
> > ago I've used NTOP for that purpose, I would also like to test some
> > alternatives.
> > Which alternatives can you recommend and why?
>
> As a package, either the Fedora-based NetworkSecurityToolkit (NST) or the
> loosly-based-on-ubuntu BackTrack are nice. NST has some very cool
> features, and a web UI that allows some nice options.
>
> NST runs best on a dedicated piece of hardware; slap a couple of GigE
> NIC's in a good box with dual procs, put one GigE on a SPAN port or a
> hardware tap, install NST on it and configure to your liking. If you want
> prepackaged updates that you don't have to built yourself, subscribe to the
> NSTPro service.
>
> www.networksecuritytoolkit.org
>
> I'm using it here, and coupled with the power and configurability of
> Cisco's SPAN it works really well for troubleshooting. I'm using it enough
> that I set up my own builder on Fedora 16, and have been building my own
> updates out of NST's SVN, which has been interesting....
>
> _______________________________________________
> CentOS mailing list
> CentOS@centos.org
> http://lists.centos.org/mailman/listinfo/centos
>
_______________________________________________
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

On Wed, Aug 29, 2012 at 9:52 AM, Rafał Radecki <radecki.rafal@gmail.com>wrote:

> After some search I think I will use ntop
>

Having lurked in this thread, I think I'll start using ntop as well. Did a
quick test today on my laptop and got it up and running in no time.

But to answer the question people at the office keeps asking me, I need to
dump Network Load data with a 1-second granularity. Does anoybody know how
to do that? Basic question is, do we have large fluctuations on our
internet connection usage.

Thanks in advance!

with kind regards,
Bent Terp
_______________________________________________
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

On 29/08/2012 09:29, Bent Terp wrote:

On Wed, Aug 29, 2012 at 9:52 AM, Rafał Radecki <radecki.rafal@gmail.com>wrote:


After some search I think I will use ntop


Having lurked in this thread, I think I'll start using ntop as well. Did a
quick test today on my laptop and got it up and running in no time.

But to answer the question people at the office keeps asking me, I need to
dump Network Load data with a 1-second granularity. Does anoybody know how
to do that? Basic question is, do we have large fluctuations on our
internet connection usage.

Thanks in advance!

I know it's a Windows utility (WINE??), but we used STG traffic grapher
in a previous ISP environment. Graphing at a 1s interval is possible,
looks very much like MRTG.


http://leonidvm.chat.ru/

--
Regards,

Giles Coochey, CCNA, CCNAS
NetSecSpec Ltd
+44 (0) 7983 877438
http://www.coochey.net
http://www.netsecspec.co.uk
giles@coochey.net


_______________________________________________
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Have you tried Darkstat - it's a nice very very lightweight alternative

http://unix4lyfe.org/darkstat/

ntop has more info though.

regards

Keep rocking the free (opensource) world



On 29 August 2012 09:56, Giles Coochey <giles@coochey.net> wrote:
> On 29/08/2012 09:29, Bent Terp wrote:
>>
>> On Wed, Aug 29, 2012 at 9:52 AM, Rafał Radecki
>> <radecki.rafal@gmail.com>wrote:
>>
>>> After some search I think I will use ntop
>>>
>> Having lurked in this thread, I think I'll start using ntop as well. Did a
>> quick test today on my laptop and got it up and running in no time.
>>
>> But to answer the question people at the office keeps asking me, I need to
>> dump Network Load data with a 1-second granularity. Does anoybody know how
>> to do that? Basic question is, do we have large fluctuations on our
>> internet connection usage.
>>
>> Thanks in advance!
>>
> I know it's a Windows utility (WINE??), but we used STG traffic grapher in a
> previous ISP environment. Graphing at a 1s interval is possible, looks very
> much like MRTG.
>
> http://leonidvm.chat.ru/
>
>
> --
> Regards,
>
> Giles Coochey, CCNA, CCNAS
> NetSecSpec Ltd
> +44 (0) 7983 877438
> http://www.coochey.net
> http://www.netsecspec.co.uk
> giles@coochey.net
>
>
>
> _______________________________________________
> CentOS mailing list
> CentOS@centos.org
> http://lists.centos.org/mailman/listinfo/centos
>
_______________________________________________
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

----- "Bent Terp" <bent@terp.se> escreveu:

> De: "Bent Terp" <bent@terp.se>
> Para: "CentOS mailing list" <centos@centos.org>
> Enviadas: Quarta-feira, 29 de Agosto de 2012 5:29:07 (GMT-0300) Auto-Detected
> Assunto: Re: [CentOS] NTOP alternatives?
>
> On Wed, Aug 29, 2012 at 9:52 AM, Rafał Radecki
> <radecki.rafal@gmail.com>wrote:
>
> > After some search I think I will use ntop
> >
>
> Having lurked in this thread, I think I'll start using ntop as well.
> Did a quick test today on my laptop and got it up and running in no time.
>
> But to answer the question people at the office keeps asking me, I
> need to dump Network Load data with a 1-second granularity. Does anoybody know
> how to do that? Basic question is, do we have large fluctuations on our
> internet connection usage.
>

Hi Bent,

Give a try to Collectd: www.collectd.org is a RRDTOOL data collect system.

I use it on various systems without impacts on performance.

Antonio.

--
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Antonio S. Martins Jr. - Support Analyst | "Only The Shadow Knows |
| Universidade Estadual de Maringá - Brasil| what evil lurks in the |
| NPD - Núcleo de Processamento de Dados | Heart of Men!" |
| E-Mail: asmartins@uem.br / shadow@uem.br | !!! Linux User: 52392 !!! |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
"Real Programmers don’t need comments — the code is obvious."

--
Esta mensagem foi verificada pelo sistema de antivirus e
acredita-se estar livre de perigo.

_______________________________________________
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Am 29.08.2012 um 12:24 schrieb Antonio da Silva Martins Junior:
> ----- "Bent Terp" <bent@terp.se> escreveu:
>
>> De: "Bent Terp" <bent@terp.se>
>> Para: "CentOS mailing list" <centos@centos.org>
>> Enviadas: Quarta-feira, 29 de Agosto de 2012 5:29:07 (GMT-0300) Auto-Detected
>> Assunto: Re: [CentOS] NTOP alternatives?
>>
>> On Wed, Aug 29, 2012 at 9:52 AM, Rafał Radecki
>> <radecki.rafal@gmail.com>wrote:
>>
>>> After some search I think I will use ntop
>>>
>>
>> Having lurked in this thread, I think I'll start using ntop as well.
>> Did a quick test today on my laptop and got it up and running in no time.
>>
>> But to answer the question people at the office keeps asking me, I
>> need to dump Network Load data with a 1-second granularity. Does anoybody know
>> how to do that? Basic question is, do we have large fluctuations on our
>> internet connection usage.
>>
>
> Hi Bent,
>
> Give a try to Collectd: www.collectd.org is a RRDTOOL data collect system.


+1

i use collectd to keep tracked system offloaded and send all data via network (encrypted) to a central system.


> I use it on various systems without impacts on performance.

The central system has a continuous data stream onto the storage (my case saving >64 incoming samples/minute).
Not a penalty but i would run only the logging service on this central system.

--
LF





_______________________________________________
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos