Re: Sniffers [7:49712]

2002-07-25 Thread dre 

""Johnson, Richard (NY Int)""  wrote in message
[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
> What is everyone using for monitoring their network?

SnifferPro (from NAI) is popular, but limited in function IMO due to it's
lack of stability.
The Distributed SnifferPro is overpriced, but may fit what you need.
However, it's more
built for small, legacy Enterprise networks.  It lacks scalability and
stability for most of today's
networks.  I believe NAI is charging too much for their buggy products, but
YMMV.  Most
people understand that NAI products run primarily on Microsoft Windows
products, and
therefore, are not as stable and high-performance as Unix alternatives.

I would suggest at least trying to use Ethereal along with tcpdump or
libpcap (Ethereal
is very cool since it opens gzipped pcap-formatted files).  A newish x86
machine running
FreeBSD with libpcap and tcpdump installed can work really well.  It's best
combined with
dual Intel EtherExpress Pro 10/100 NIC's in a full-duplex fast ethernet
environment (Cisco
or Foundry switches would be nice).  Connect fxp0 to your management network
and fxp1
to a mirrored port (e.g. using Cisco SPAN).  Then run `tcpdump -n -X -s
65535 -i fxp1 -l | tee '
and scp the file to your computer.  You can then run Ethereal or SnifferPro
on the capture file.

Niksun also makes a product called NetVCR which is very interesting, however
I would like other
suggestions of *BSD machines running web-interfaces to high-performance
sniffers or anything
similar.  You might also be able to load-balance sniffers using products
from companies like
Radware or TopLayer.  They have products that do "IDS Load-Balancing", I
haven't seen this
done with Cisco products lately, but you might be able to accomplish the
same thing with similar
products.  There is also a very cool product made by Unispeed, the
Netlogger, but it is overpriced
more than any product I've ever seen in the whole networking world.

There was also an interesting thread on building high-performance sniffers
recently on nanog-l.

-dre




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=49733&t=49712
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: Sniffers [7:49712]

2002-07-25 Thread Peter van Oene 

For packet capture I use ethereal (www.ethereal.com) They keep about the 
most updated decodes on the market.

At 09:43 PM 7/25/2002 +, Johnson, Richard (NY Int) wrote:
>Hi all,
>
>What is everyone using for monitoring their network?
>
>Thanks,
>
>Rich




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=49731&t=49712
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: Sniffers [7:49712]

2002-07-25 Thread Johnny Routin 

What do you want to monitor?


JR

--
Johnny Routin




""Johnson, Richard (NY Int)""  wrote in message
[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
> Hi all,
>
> What is everyone using for monitoring their network?
>
> Thanks,
>
> Rich




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=49722&t=49712
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Sniffers [7:49712]

2002-07-25 Thread Johnson, Richard (NY Int) 

Hi all,

What is everyone using for monitoring their network?

Thanks,

Rich




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=49712&t=49712
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]