If you are a Unix sysadmin then running either FreeBSD or LInux should hot
scare you or be much of a challenge. Fire up a copy of either on ANY old
hardware you have laying around then go to:
http://www.opensec.com
There are so many free tools from network monitoring to sniffers to
intrusion detection, traffic shaping, router monitoring, anything under
the sun you would need to get a grip on your network. Having no budget
for the commercial tools doesn't matter.
For Redhat 6.1 just download the ISO and burn it to CD.. hell if you don't
have a burner, download the floppy images, and install via ftp.. you have
a T1 which is plenty.
good luck
Carric Dooley CNE
COM2:Interactive Media
http://www.com2usa.com
"Luck is the residue of design."
- Branch Rickey - former owner of the Brooklyn Dodger Baseball Team
On Wed, 10 Nov 1999, Stewart Dean wrote:
> I'm the Unix (AIX & Solaris) system admin in a small college whose
> strength is more in the hosts than the network, but I'm the one that
> has to deal with network problems...so this is a basic question.
> Further, it's more a network than firewall question. So my apologies
> and abasement...if there's a better list to ask this in, please direct me.
>
> OK: I am seeing intermittent network saturation: internal pings fail,
> telnet session hang or get dropped, etc. I have no sniffer, no network
> analyzer, no network management software. This is an Ethernet
> network that was figer linked to IBM/Cabletron/Synoptics hubs, but
> now has a Cisco 5500 with RSM at its center and about 1/3 of the
> network is Cisco 2900 XLs..in a year or two, it'll be all of it. It handles
> about 1000 students and 500 faculty and staff. We have a T1
> outbound out of a Cisco 2501 (which ties to the intranet with a 10Mb
> regular Ethernet); it's other serial port is a frational T1 from a
> satellite campus.
> I notice that, when network saturation happens, the T1-Out is
> pegged....the ISP, AppliedTheory/Nysernet, provides a nice web-
> based page that graphs our T1 usage. When I do a 90 day report, I
> see the first 30 days is flat at 10-15%. Then (perhaps coinceding with
> the beginning of replacing old stuff with 2900XL Cisco gear) I see the
> beginning of peaking, that grows over time. By this time, we are
> getting 100% T1 out for periods for hours...then it will break off and
> go down to 20-30% and ordinary usage resumes.
>
> About the only approach I've been able to come up with is:
> = scanning the 5500's show port for excessive errors and pulling the
> fiber to the problematic port. That hasn't yielded anything.
> = pulling the fibers to all switches/hubs one at a time and watching
> the CPU% of the Internet router. I observed a 10% drop on one fiber
> leading to a student dorm, but no great restoral of services.
>
> As you can see, I am bashing around in the dark. Yes, I would like
> some diagnostic hw/sw, but the boss has smiled at me when I've
> asked and said, 'We're buying the network gear", as if a real admin
> could sniff the wind and tell you what idiot student is running an
> MP3 website on campus (I once had the mail server freeze because a
> student used /tmp as MP3 storage!).
> Well, it's all come home now and it's roosting on MY head.
>
> The floor is open. I appreciate your suggestions for:
> = debugging with what I've got
> = what hw/sw would work to help debugging
> = books/courses
>
> There's a fine line here between convincing the management that
> network mgmnt that supervisory and debugging hw/sw is needed
> and getting fired 'cuz the network don't work.
> // Stewart Dean - [EMAIL PROTECTED]
> //
> // Machiavelli said (in essence):
> // Bad mercenaries will lose your country for you,
> // "good" ones will take it away from you....
> // Don't use mercenaries
> // Dean's corollary:
> // Hiring temps or vendor employees may be all the rage...
> // but they're the same as mercenaries:
> // You give neither loyalty nor committment;
> // the favor, if returned, should come as no surprise
> // Look to your own honor if you expect any from them.
> -
> [To unsubscribe, send mail to [EMAIL PROTECTED] with
> "unsubscribe firewalls" in the body of the message.]
>
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
