Re: Network Monitoring tools

[Stephan Barr]

+1 nTop

On Wed, Sep 2, 2009 at 4:12 PM, Harry Singh  wrote:

> Cacti technically, out of the box, won't allow you to see who is hogging up
> all your bandwidth down to the NIC, but NTOP can.
>
> Ntop is your friend.
>
>
>
>
> On Wed, Sep 2, 2009 at 4:24 PM, Steven Peck  wrote:
>
>> I would say go with one of the Cacti virtual boxes that are
>> pre-configured before you spend money.  This will net you a few
>> things.
>>
>> A better understanding of your environment with only a few hours time
>> learning.
>> If it doesn't quite do what you want, you will have a better idea of
>> how to state what you are looking for.
>> A better general understanding of the monitoring technologies available.
>>
>> Steven
>>
>> On Wed, Sep 2, 2009 at 1:03 PM, Garcia-Moran,
>> Carlos wrote:
>> > I was going to suggest them as well for their Orion product, also look
>> > at these http://www.netmon.ca/
>> >
>> > If you are not 100% against trying something Open Source take a look at
>> > "Cacti" it's an MRTG on steroids, We use the CactiEZ Distro with Ntop
>> > and capture 100% of the traffic from all our switches which in turn
>> > helps us determine who is hogging the pipe. Setup can be done in 20
>> > minutes if you have a free box or even less if you use Vmware
>> >
>> > -Original Message-
>> > From: Christopher Bodnar [mailto:christopher_bod...@glic.com]
>> > Sent: Wednesday, September 02, 2009 3:55 PM
>> > To: NT System Admin Issues
>> > Subject: RE: Network Monitoring tools
>> >
>> > Have you looked at SolarWinds?
>> >
>> > http://www.solarwinds.com/products/toolsets/
>> >
>> >
>> >
>> > Chris Bodnar, MCSE
>> > Sr. Systems Engineer
>> > Distributed Systems Service Delivery - Intel Services
>> > Guardian Life Insurance Company of America
>> > Email: christopher_bod...@glic.com
>> > Phone: 610-807-6459
>> > Fax: 610-807-6003
>> >
>> >
>> > -Original Message-
>> > From: Fancher, William [mailto:wfanc...@invention-machine.com]
>> > Sent: Wednesday, September 02, 2009 3:46 PM
>> > To: NT System Admin Issues
>> > Subject: Network Monitoring tools
>> >
>> > We have experienced some slowing of our network recently.  I am looking
>> > for a graphical network tool which will graphically show traffic from
>> > each node (NIC) and the inside and outside ports on the firewall.
>> >
>> > Price should be reasonable  (under $1000 if possible) but we are not
>> > looking for a freebee
>> >
>> > I would hope for a short learning curve so the value can be demonstrated
>> > to mgmt quickly
>> >
>> > Thanks for your suggestions
>> >
>> > William Fancher
>> > Invention Machine Corporation
>> > Boston, MA 02199
>> >
>> > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~
>> > ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~
>> >
>> >
>> >
>> > -
>> > This message, and any attachments to it, may contain information
>> > that is privileged, confidential, and exempt from disclosure under
>> > applicable law.  If the reader of this message is not the intended
>> > recipient, you are notified that any use, dissemination,
>> > distribution, copying, or communication of this message is strictly
>> > prohibited.  If you have received this message in error, please
>> > notify the sender immediately by return e-mail and delete the
>> > message and any attachments.  Thank you.
>> >
>> > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~
>> > ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~
>> >
>> > _
>> > This e-mail, including attachments, contains information that is
>> > confidential and may be protected by attorney/client or other
>> privileges.
>> > This e-mail, including attachments, constitutes non-public information
>> > intended to be conveyed only to the designated recipient(s). If you are
>> not
>> > an intended recipient, you are hereby notified that any unauthorized
>> use,
>> > dissemination, distribution or reproduction of this e-mail, including
>> > attachments, is strictly prohibited and may be unlawful. If you have
>> > received this e-mail in error, please notify me by e-mail reply and
>> delete
>> > the original message and any attachments from your system.
>> > _
>> >
>> > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~
>> > ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~
>> >
>> >
>>
>> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~
>> ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~
>>
>>
>
>
>
>
>

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

Re: Network Monitoring tools

[Harry Singh]

Cacti technically, out of the box, won't allow you to see who is hogging up
all your bandwidth down to the NIC, but NTOP can.

Ntop is your friend.



On Wed, Sep 2, 2009 at 4:24 PM, Steven Peck  wrote:

> I would say go with one of the Cacti virtual boxes that are
> pre-configured before you spend money.  This will net you a few
> things.
>
> A better understanding of your environment with only a few hours time
> learning.
> If it doesn't quite do what you want, you will have a better idea of
> how to state what you are looking for.
> A better general understanding of the monitoring technologies available.
>
> Steven
>
> On Wed, Sep 2, 2009 at 1:03 PM, Garcia-Moran,
> Carlos wrote:
> > I was going to suggest them as well for their Orion product, also look
> > at these http://www.netmon.ca/
> >
> > If you are not 100% against trying something Open Source take a look at
> > "Cacti" it's an MRTG on steroids, We use the CactiEZ Distro with Ntop
> > and capture 100% of the traffic from all our switches which in turn
> > helps us determine who is hogging the pipe. Setup can be done in 20
> > minutes if you have a free box or even less if you use Vmware
> >
> > -Original Message-
> > From: Christopher Bodnar [mailto:christopher_bod...@glic.com]
> > Sent: Wednesday, September 02, 2009 3:55 PM
> > To: NT System Admin Issues
> > Subject: RE: Network Monitoring tools
> >
> > Have you looked at SolarWinds?
> >
> > http://www.solarwinds.com/products/toolsets/
> >
> >
> >
> > Chris Bodnar, MCSE
> > Sr. Systems Engineer
> > Distributed Systems Service Delivery - Intel Services
> > Guardian Life Insurance Company of America
> > Email: christopher_bod...@glic.com
> > Phone: 610-807-6459
> > Fax: 610-807-6003
> >
> >
> > -Original Message-
> > From: Fancher, William [mailto:wfanc...@invention-machine.com]
> > Sent: Wednesday, September 02, 2009 3:46 PM
> > To: NT System Admin Issues
> > Subject: Network Monitoring tools
> >
> > We have experienced some slowing of our network recently.  I am looking
> > for a graphical network tool which will graphically show traffic from
> > each node (NIC) and the inside and outside ports on the firewall.
> >
> > Price should be reasonable  (under $1000 if possible) but we are not
> > looking for a freebee
> >
> > I would hope for a short learning curve so the value can be demonstrated
> > to mgmt quickly
> >
> > Thanks for your suggestions
> >
> > William Fancher
> > Invention Machine Corporation
> > Boston, MA 02199
> >
> > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~
> > ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~
> >
> >
> >
> > -
> > This message, and any attachments to it, may contain information
> > that is privileged, confidential, and exempt from disclosure under
> > applicable law.  If the reader of this message is not the intended
> > recipient, you are notified that any use, dissemination,
> > distribution, copying, or communication of this message is strictly
> > prohibited.  If you have received this message in error, please
> > notify the sender immediately by return e-mail and delete the
> > message and any attachments.  Thank you.
> >
> > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~
> > ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~
> >
> > _
> > This e-mail, including attachments, contains information that is
> > confidential and may be protected by attorney/client or other privileges.
> > This e-mail, including attachments, constitutes non-public information
> > intended to be conveyed only to the designated recipient(s). If you are
> not
> > an intended recipient, you are hereby notified that any unauthorized use,
> > dissemination, distribution or reproduction of this e-mail, including
> > attachments, is strictly prohibited and may be unlawful. If you have
> > received this e-mail in error, please notify me by e-mail reply and
> delete
> > the original message and any attachments from your system.
> > _
> >
> > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~
> > ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~
> >
> >
>
> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~
> ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~
>
>

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

Re: Network Monitoring tools

[Steven Peck]

I would say go with one of the Cacti virtual boxes that are
pre-configured before you spend money.  This will net you a few
things.

A better understanding of your environment with only a few hours time
learning.
If it doesn't quite do what you want, you will have a better idea of
how to state what you are looking for.
A better general understanding of the monitoring technologies available.

Steven

On Wed, Sep 2, 2009 at 1:03 PM, Garcia-Moran,
Carlos wrote:
> I was going to suggest them as well for their Orion product, also look
> at these http://www.netmon.ca/
>
> If you are not 100% against trying something Open Source take a look at
> "Cacti" it's an MRTG on steroids, We use the CactiEZ Distro with Ntop
> and capture 100% of the traffic from all our switches which in turn
> helps us determine who is hogging the pipe. Setup can be done in 20
> minutes if you have a free box or even less if you use Vmware
>
> -Original Message-
> From: Christopher Bodnar [mailto:christopher_bod...@glic.com]
> Sent: Wednesday, September 02, 2009 3:55 PM
> To: NT System Admin Issues
> Subject: RE: Network Monitoring tools
>
> Have you looked at SolarWinds?
>
> http://www.solarwinds.com/products/toolsets/
>
>
>
> Chris Bodnar, MCSE
> Sr. Systems Engineer
> Distributed Systems Service Delivery - Intel Services
> Guardian Life Insurance Company of America
> Email: christopher_bod...@glic.com
> Phone: 610-807-6459
> Fax: 610-807-6003
>
>
> -Original Message-
> From: Fancher, William [mailto:wfanc...@invention-machine.com]
> Sent: Wednesday, September 02, 2009 3:46 PM
> To: NT System Admin Issues
> Subject: Network Monitoring tools
>
> We have experienced some slowing of our network recently.  I am looking
> for a graphical network tool which will graphically show traffic from
> each node (NIC) and the inside and outside ports on the firewall.
>
> Price should be reasonable  (under $1000 if possible) but we are not
> looking for a freebee
>
> I would hope for a short learning curve so the value can be demonstrated
> to mgmt quickly
>
> Thanks for your suggestions
>
> William Fancher
> Invention Machine Corporation
> Boston, MA 02199
>
> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~
> ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~
>
>
>
> -
> This message, and any attachments to it, may contain information
> that is privileged, confidential, and exempt from disclosure under
> applicable law.  If the reader of this message is not the intended
> recipient, you are notified that any use, dissemination,
> distribution, copying, or communication of this message is strictly
> prohibited.  If you have received this message in error, please
> notify the sender immediately by return e-mail and delete the
> message and any attachments.  Thank you.
>
> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~
> ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~
>
> _
> This e-mail, including attachments, contains information that is
> confidential and may be protected by attorney/client or other privileges.
> This e-mail, including attachments, constitutes non-public information
> intended to be conveyed only to the designated recipient(s). If you are not
> an intended recipient, you are hereby notified that any unauthorized use,
> dissemination, distribution or reproduction of this e-mail, including
> attachments, is strictly prohibited and may be unlawful. If you have
> received this e-mail in error, please notify me by e-mail reply and delete
> the original message and any attachments from your system.
> _
>
> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~
> ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~
>
>

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

RE: Network Monitoring tools

[Garcia-Moran, Carlos]

I was going to suggest them as well for their Orion product, also look
at these http://www.netmon.ca/

If you are not 100% against trying something Open Source take a look at
"Cacti" it's an MRTG on steroids, We use the CactiEZ Distro with Ntop
and capture 100% of the traffic from all our switches which in turn
helps us determine who is hogging the pipe. Setup can be done in 20
minutes if you have a free box or even less if you use Vmware

-Original Message-
From: Christopher Bodnar [mailto:christopher_bod...@glic.com] 
Sent: Wednesday, September 02, 2009 3:55 PM
To: NT System Admin Issues
Subject: RE: Network Monitoring tools

Have you looked at SolarWinds?

http://www.solarwinds.com/products/toolsets/



Chris Bodnar, MCSE
Sr. Systems Engineer
Distributed Systems Service Delivery - Intel Services
Guardian Life Insurance Company of America
Email: christopher_bod...@glic.com
Phone: 610-807-6459
Fax: 610-807-6003


-Original Message-
From: Fancher, William [mailto:wfanc...@invention-machine.com] 
Sent: Wednesday, September 02, 2009 3:46 PM
To: NT System Admin Issues
Subject: Network Monitoring tools

We have experienced some slowing of our network recently.  I am looking
for a graphical network tool which will graphically show traffic from
each node (NIC) and the inside and outside ports on the firewall.

Price should be reasonable  (under $1000 if possible) but we are not
looking for a freebee

I would hope for a short learning curve so the value can be demonstrated
to mgmt quickly

Thanks for your suggestions

William Fancher
Invention Machine Corporation
Boston, MA 02199

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~



-
This message, and any attachments to it, may contain information
that is privileged, confidential, and exempt from disclosure under
applicable law.  If the reader of this message is not the intended
recipient, you are notified that any use, dissemination,
distribution, copying, or communication of this message is strictly
prohibited.  If you have received this message in error, please
notify the sender immediately by return e-mail and delete the
message and any attachments.  Thank you.

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

_
This e-mail, including attachments, contains information that is
confidential and may be protected by attorney/client or other privileges.
This e-mail, including attachments, constitutes non-public information
intended to be conveyed only to the designated recipient(s). If you are not
an intended recipient, you are hereby notified that any unauthorized use,
dissemination, distribution or reproduction of this e-mail, including
attachments, is strictly prohibited and may be unlawful. If you have
received this e-mail in error, please notify me by e-mail reply and delete
the original message and any attachments from your system.
_

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

RE: Network Monitoring tools

[Christopher Bodnar]

Have you looked at SolarWinds?

http://www.solarwinds.com/products/toolsets/



Chris Bodnar, MCSE
Sr. Systems Engineer
Distributed Systems Service Delivery - Intel Services
Guardian Life Insurance Company of America
Email: christopher_bod...@glic.com
Phone: 610-807-6459
Fax: 610-807-6003


-Original Message-
From: Fancher, William [mailto:wfanc...@invention-machine.com] 
Sent: Wednesday, September 02, 2009 3:46 PM
To: NT System Admin Issues
Subject: Network Monitoring tools

We have experienced some slowing of our network recently.  I am looking
for a graphical network tool which will graphically show traffic from
each node (NIC) and the inside and outside ports on the firewall.

Price should be reasonable  (under $1000 if possible) but we are not
looking for a freebee

I would hope for a short learning curve so the value can be demonstrated
to mgmt quickly

Thanks for your suggestions

William Fancher
Invention Machine Corporation
Boston, MA 02199

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~



-
This message, and any attachments to it, may contain information
that is privileged, confidential, and exempt from disclosure under
applicable law.  If the reader of this message is not the intended
recipient, you are notified that any use, dissemination,
distribution, copying, or communication of this message is strictly
prohibited.  If you have received this message in error, please
notify the sender immediately by return e-mail and delete the
message and any attachments.  Thank you.

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

RE: Network monitoring tools

[Joe Heaton]

Umm, I don't necessarily, but at the moment, I don't have any tools to
monitor this stuff on the network side, which is why I asked the
question.  It's not directed towards a specific problem this time :-)

 

Joe Heaton



From: Boaz Galil [mailto:[EMAIL PROTECTED] 
Sent: Friday, January 11, 2008 5:37 AM
To: NT System Admin Issues
Subject: Re: Network monitoring tools

 

 

why do you think the problem come from the network?

maybe there is a application that huggs the cpu? memory leak? hardware
issue? why do you think the performance issue come from the network?

 

 

Best regards,

 

Boaz.

 

 

 

 



 

On 1/10/08, Joe Heaton <[EMAIL PROTECTED]> wrote: 

 

I know we have these discussions every couple of months at least, but
here goes:

 

What are you guys using to monitor your networks so that you have an
answer to the age-old user question of:

 

"Why is everything running so slow?"

 

I'm thinking of bandwidth usage first off, which I'm thinking PRTG to
monitor that.

 

I guess I could run a Wireshark capture, to see if there's a massive
spike in weird packets.

 

 

Anything else that you guys could suggest?  I know someone had mentioned
they use Nagios, but that would require me to setup a Linux box first,
which isn't that big a deal, other than piecing a box together... 

 

Any other ideas?

 

I'd like to do this without a lot of cost if possible, just because I
hate spending money...

 






 





-- 
Boaz. 






 


~ Upgrade to Next Generation Antispam/Antivirus with Ninja!~
~ <http://www.sunbelt-software.com/SunbeltMessagingNinja.cfm>  ~

Re: Network monitoring tools

[Boaz Galil]

why do you think the problem come from the network?
maybe there is a application that huggs the cpu? memory leak? hardware
issue? why do you think the performance issue come from the network?


Best regards,

Boaz.







On 1/10/08, Joe Heaton <[EMAIL PROTECTED]> wrote:
>
>
>  I know we have these discussions every couple of months at least, but
> here goes:
>
>
>
> What are you guys using to monitor your networks so that you have an
> answer to the age-old user question of:
>
>
>
> "Why is everything running so slow?"
>
>
>
> I'm thinking of bandwidth usage first off, which I'm thinking PRTG to
> monitor that.
>
>
>
> I guess I could run a Wireshark capture, to see if there's a massive spike
> in weird packets.
>
>
>
>
>
> Anything else that you guys could suggest?  I know someone had mentioned
> they use Nagios, but that would require me to setup a Linux box first, which
> isn't that big a deal, other than piecing a box together…
>
>
>
> Any other ideas?
>
>
>
> I'd like to do this without a lot of cost if possible, just because I hate
> spending money…
>
>
>
>
>


-- 
Boaz.

~ Upgrade to Next Generation Antispam/Antivirus with Ninja!~
~   ~

Re: Network monitoring tools

[Robert Cato]

VMWare lets you mount a .iso file in the virtual CD-ROM drive. It's how most
people build a virgin VM. If you want to do it with physical hardware then
you have the steps down.

On Jan 10, 2008 6:37 PM, Joe Heaton <[EMAIL PROTECTED]> wrote:

>
>  So, with OSSIM, you basically download the .iso, burn that on a CD, throw
> it into the CD drive of a virgin machine (no OS installed), and let it do
> its thing?
>
>
>
>
>
> Joe Heaton
>  --
>
> *From:* Don Ely [mailto:[EMAIL PROTECTED]
> *Sent:* Thursday, January 10, 2008 12:34 PM
>
> *To:* NT System Admin Issues
> *Subject:* Re: Network monitoring tools
>
>
>
>
> http://www.ossim.net
>
> On Jan 10, 2008 12:31 PM, Ziots, Edward <[EMAIL PROTECTED]> wrote:
>
>
>
> What is the link again, if they got a VM for ESX I definitely want to try
> this out.
>
>
>
> Z
>
>
>  --
>
> *From:* Benjamin Zachary [mailto: [EMAIL PROTECTED]
> *Sent:* Thursday, January 10, 2008 3:26 PM
>
>
> *To:* NT System Admin Issues
>
> *Subject:* RE: Network monitoring tools
>
>
>
>
>
> I saw the link and grabbed the vm and ported it over to my esx box. Runs
> pretty well, the doc had an error that the file is /etc/network/interfaces
> not networking
>
>
>
> *From:* Don Ely [mailto: [EMAIL PROTECTED]
> *Sent:* Thursday, January 10, 2008 3:06 PM
> *To:* NT System Admin Issues
> *Subject:* Re: Network monitoring tools
>
>
>
>
> Has it's own ISO which I installed in a VM, will be looking at it more
> this afternoon...
>
> On Jan 10, 2008 11:50 AM, Kurt Buff <[EMAIL PROTECTED]> wrote:
>
> OK - not in ports though.
>
> I'll download the .tgz and see how much trouble it gives me.
>
>
> On Jan 9, 2008 7:05 PM, Don Ely <[EMAIL PROTECTED]> wrote:
> >
> >
> > Main page is where I read it...
> >
> > Project Admins: dkarg, jcasal
> > Operating System: All POSIX (Linux/BSD/UNIX-like OSes)
> > License: BSD License
> > Category: Security, Monitoring
> >
> >
> >
> > On Jan 9, 2008 6:31 PM, Don Ely < [EMAIL PROTECTED]> wrote:
> >
> > >
> > >
> > > I didn't read the FAQ yet and I may be wrong could have been something
> > else I was reading on sourceforge...
> > >
> > >
> > >
> > >
> > >
> > > On Jan 9, 2008 5:27 PM, Kurt Buff <[EMAIL PROTECTED]> wrote:
> > >
> > > > I did a search on the site (which redirected me to a search page on
> > > > their wiki) for FreeBSD, and it came up with a placeholder page.
> > > >
> > > > I haven't gotten to the docs yet, but the FAQ says nothing about
> BSD.
> > > >
> > > >
> > > >
> > > >
>
> > > > On Jan 9, 2008 5:18 PM, Don Ely <[EMAIL PROTECTED]> wrote:
> > > > >
> > > > >  I'm DLing the VM.  I believe I read in the docs in can be
> installed
> > on the
> > > > > BSD's though...
> > > > >
> > > > >
> > > > >
> > > > >
> > > > > On Jan 9, 2008 5:16 PM, Kurt Buff < [EMAIL PROTECTED]> wrote:
> > > > >
> > > > > > Looks really dang cool.
> > > > > >
> > > > > > No port for FreeBSD, though. Looks like the missing bit is
> spade.
> > > > > >
> > > > > > Doesn't look as if any of the BSDs have it.
> > > > > >
> > > > > > Well, I'm downloading the install ISO - I wonder what OS it
> > installs.
> > > > > >
> > > > > >
> > > > > >
> > > > > >
> > > > > > On Jan 9, 2008 3:57 PM, Don Ely < [EMAIL PROTECTED]> wrote:
> > > > > > >
> > > > > > >  Go have a look at OSSIM...  ;o)  It has EVERYTHING
> > > > > > >
> > > > > > >
> > > > > > >
> > > > > > >
> > > > > > > On Jan 9, 2008 3:54 PM, Kurt Buff < [EMAIL PROTECTED]>
> wrote:
> > > > > > >
> > > > > > > > Another good tool for this kinda thing is ntop, but it must
> be
> > > > > > > > positioned correctly - you will most likely need a
> SPAN/mirror
> > port in
> > > > > > > > your infrastructure, or else use the netflow or sflow
> plugins to
> &g

RE: Network monitoring tools

[Joe Heaton]

So, with OSSIM, you basically download the .iso, burn that on a CD,
throw it into the CD drive of a virgin machine (no OS installed), and
let it do its thing?

 

 

Joe Heaton



From: Don Ely [mailto:[EMAIL PROTECTED] 
Sent: Thursday, January 10, 2008 12:34 PM
To: NT System Admin Issues
Subject: Re: Network monitoring tools

 


http://www.ossim.net <http://www.ossim.net/> 

On Jan 10, 2008 12:31 PM, Ziots, Edward <[EMAIL PROTECTED]> wrote:

 

What is the link again, if they got a VM for ESX I definitely want to
try this out. 

 

Z

 



From: Benjamin Zachary [mailto: [EMAIL PROTECTED] 
Sent: Thursday, January 10, 2008 3:26 PM 


To: NT System Admin Issues

Subject: RE: Network monitoring tools 

 

 

I saw the link and grabbed the vm and ported it over to my esx box. Runs
pretty well, the doc had an error that the file is
/etc/network/interfaces not networking 

 

From: Don Ely [mailto: [EMAIL PROTECTED] 
Sent: Thursday, January 10, 2008 3:06 PM
To: NT System Admin Issues 
Subject: Re: Network monitoring tools

 


Has it's own ISO which I installed in a VM, will be looking at it more
this afternoon...

On Jan 10, 2008 11:50 AM, Kurt Buff <[EMAIL PROTECTED]> wrote:

OK - not in ports though.

I'll download the .tgz and see how much trouble it gives me.


On Jan 9, 2008 7:05 PM, Don Ely <[EMAIL PROTECTED]> wrote:
>
>
> Main page is where I read it... 
>
> Project Admins: dkarg, jcasal 
> Operating System: All POSIX (Linux/BSD/UNIX-like OSes)
> License: BSD License
> Category: Security, Monitoring
>
>
>
> On Jan 9, 2008 6:31 PM, Don Ely < [EMAIL PROTECTED]> wrote:
>
> >
> >
> > I didn't read the FAQ yet and I may be wrong could have been
something
> else I was reading on sourceforge... 
> >
> > 
> >
> >
> >
> > On Jan 9, 2008 5:27 PM, Kurt Buff <[EMAIL PROTECTED]> wrote:
> >
> > > I did a search on the site (which redirected me to a search page
on 
> > > their wiki) for FreeBSD, and it came up with a placeholder page.
> > >
> > > I haven't gotten to the docs yet, but the FAQ says nothing about
BSD. 
> > >
> > > 
> > >
> > >

> > > On Jan 9, 2008 5:18 PM, Don Ely <[EMAIL PROTECTED]> wrote:
> > > > 
> > > >  I'm DLing the VM.  I believe I read in the docs in can be
installed 
> on the
> > > > BSD's though...
> > > >
> > > >
> > > > 
> > > >
> > > > On Jan 9, 2008 5:16 PM, Kurt Buff < [EMAIL PROTECTED]
<mailto:[EMAIL PROTECTED]> > wrote:
> > > >
> > > > > Looks really dang cool. 
> > > > >
> > > > > No port for FreeBSD, though. Looks like the missing bit is
spade. 
> > > > >
> > > > > Doesn't look as if any of the BSDs have it. 
> > > > >
> > > > > Well, I'm downloading the install ISO - I wonder what OS it 
> installs.
> > > > >
> > > > >
> > > > > 
> > > > >
> > > > > On Jan 9, 2008 3:57 PM, Don Ely < [EMAIL PROTECTED]
<mailto:[EMAIL PROTECTED]> > wrote:
> > > > > >
> > > > > >  Go have a look at OSSIM...  ;o)  It has EVERYTHING 
> > > > > >
> > > > > >
> > > > > > 
> > > > > >
> > > > > > On Jan 9, 2008 3:54 PM, Kurt Buff < [EMAIL PROTECTED]
<mailto:[EMAIL PROTECTED]> > wrote:
> > > > > >
> > > > > > > Another good tool for this kinda thing is ntop, but it
must be 
> > > > > > > positioned correctly - you will most likely need a
SPAN/mirror 
> port in
> > > > > > > your infrastructure, or else use the netflow or sflow
plugins to
> get
> > > > > > > reports from your routers/switches.
> > > > > > > 
> > > > > > > Either way, it's extremely useful, as it doesn't merely
measure 
> > > > > > > packets in/out of interfaces, it actually categorizes
packets
> and 
> > > > > > > keeps track of top talkers, etc.
> > > > > > > 
> > > > > > > Excellent for tracking down who is downloading that huge
iso
> file, and 
> > > > > > > where it's coming from. Lets you ask more pointed
questions, if 
> > > > > > > nothing else.
> > > > > > >
> > > > > > > Differentiates between tcp/udp/etc., and puts up some nice

RE: Network monitoring tools

[Ziots, Edward]

I got it, 

 

Thanks, didn't read far enough, they are providing an .ISO to host on
the ESX host and point the Virtual machine too it. 

 

Z

 



From: Ziots, Edward [mailto:[EMAIL PROTECTED] 
Sent: Thursday, January 10, 2008 3:43 PM
To: NT System Admin Issues
Subject: RE: Network monitoring tools

 

 

Thanks, 

 

I didn't see the VM on the downloads page, is it in either the installer
or the TGZ zipped file? I take its in the vmx format for ESX
accordingly? 

 

Z

 



From: Don Ely [mailto:[EMAIL PROTECTED] 
Sent: Thursday, January 10, 2008 3:34 PM
To: NT System Admin Issues
Subject: Re: Network monitoring tools

 


http://www.ossim.net <http://www.ossim.net/> 

On Jan 10, 2008 12:31 PM, Ziots, Edward <[EMAIL PROTECTED]> wrote:

 

What is the link again, if they got a VM for ESX I definitely want to
try this out. 

 

Z

 



From: Benjamin Zachary [mailto: [EMAIL PROTECTED] 
Sent: Thursday, January 10, 2008 3:26 PM 


To: NT System Admin Issues

Subject: RE: Network monitoring tools 

 

 

I saw the link and grabbed the vm and ported it over to my esx box. Runs
pretty well, the doc had an error that the file is
/etc/network/interfaces not networking 

 

From: Don Ely [mailto: [EMAIL PROTECTED] 
Sent: Thursday, January 10, 2008 3:06 PM
To: NT System Admin Issues 
Subject: Re: Network monitoring tools

 


Has it's own ISO which I installed in a VM, will be looking at it more
this afternoon...

On Jan 10, 2008 11:50 AM, Kurt Buff <[EMAIL PROTECTED]> wrote:

OK - not in ports though.

I'll download the .tgz and see how much trouble it gives me.


On Jan 9, 2008 7:05 PM, Don Ely <[EMAIL PROTECTED]> wrote:
>
>
> Main page is where I read it... 
>
> Project Admins: dkarg, jcasal 
> Operating System: All POSIX (Linux/BSD/UNIX-like OSes)
> License: BSD License
> Category: Security, Monitoring
>
>
>
> On Jan 9, 2008 6:31 PM, Don Ely < [EMAIL PROTECTED]> wrote:
>
> >
> >
> > I didn't read the FAQ yet and I may be wrong could have been
something
> else I was reading on sourceforge... 
> >
> > 
> >
> >
> >
> > On Jan 9, 2008 5:27 PM, Kurt Buff <[EMAIL PROTECTED]> wrote:
> >
> > > I did a search on the site (which redirected me to a search page
on 
> > > their wiki) for FreeBSD, and it came up with a placeholder page.
> > >
> > > I haven't gotten to the docs yet, but the FAQ says nothing about
BSD. 
> > >
> > > 
> > >
> > >

> > > On Jan 9, 2008 5:18 PM, Don Ely <[EMAIL PROTECTED]> wrote:
> > > > 
> > > >  I'm DLing the VM.  I believe I read in the docs in can be
installed 
> on the
> > > > BSD's though...
> > > >
> > > >
> > > > 
> > > >
> > > > On Jan 9, 2008 5:16 PM, Kurt Buff < [EMAIL PROTECTED]
<mailto:[EMAIL PROTECTED]> > wrote:
> > > >
> > > > > Looks really dang cool. 
> > > > >
> > > > > No port for FreeBSD, though. Looks like the missing bit is
spade. 
> > > > >
> > > > > Doesn't look as if any of the BSDs have it. 
> > > > >
> > > > > Well, I'm downloading the install ISO - I wonder what OS it 
> installs.
> > > > >
> > > > >
> > > > > 
> > > > >
> > > > > On Jan 9, 2008 3:57 PM, Don Ely < [EMAIL PROTECTED]
<mailto:[EMAIL PROTECTED]> > wrote:
> > > > > >
> > > > > >  Go have a look at OSSIM...  ;o)  It has EVERYTHING 
> > > > > >
> > > > > >
> > > > > > 
> > > > > >
> > > > > > On Jan 9, 2008 3:54 PM, Kurt Buff < [EMAIL PROTECTED]
<mailto:[EMAIL PROTECTED]> > wrote:
> > > > > >
> > > > > > > Another good tool for this kinda thing is ntop, but it
must be 
> > > > > > > positioned correctly - you will most likely need a
SPAN/mirror 
> port in
> > > > > > > your infrastructure, or else use the netflow or sflow
plugins to
> get
> > > > > > > reports from your routers/switches.
> > > > > > > 
> > > > > > > Either way, it's extremely useful, as it doesn't merely
measure 
> > > > > > > packets in/out of interfaces, it actually categorizes
packets
> and 
> > > > > > > keeps track of top talkers, etc.
> > > > > > > 
> > > > 

RE: Network monitoring tools

[Ziots, Edward]

Thanks, 

 

I didn't see the VM on the downloads page, is it in either the installer
or the TGZ zipped file? I take its in the vmx format for ESX
accordingly? 

 

Z

 



From: Don Ely [mailto:[EMAIL PROTECTED] 
Sent: Thursday, January 10, 2008 3:34 PM
To: NT System Admin Issues
Subject: Re: Network monitoring tools

 


http://www.ossim.net <http://www.ossim.net/> 

On Jan 10, 2008 12:31 PM, Ziots, Edward <[EMAIL PROTECTED]> wrote:

 

What is the link again, if they got a VM for ESX I definitely want to
try this out. 

 

Z

 



From: Benjamin Zachary [mailto: [EMAIL PROTECTED] 
Sent: Thursday, January 10, 2008 3:26 PM 


To: NT System Admin Issues

Subject: RE: Network monitoring tools 

 

 

I saw the link and grabbed the vm and ported it over to my esx box. Runs
pretty well, the doc had an error that the file is
/etc/network/interfaces not networking 

 

From: Don Ely [mailto: [EMAIL PROTECTED] 
Sent: Thursday, January 10, 2008 3:06 PM
To: NT System Admin Issues 
Subject: Re: Network monitoring tools

 


Has it's own ISO which I installed in a VM, will be looking at it more
this afternoon...

On Jan 10, 2008 11:50 AM, Kurt Buff <[EMAIL PROTECTED]> wrote:

OK - not in ports though.

I'll download the .tgz and see how much trouble it gives me.


On Jan 9, 2008 7:05 PM, Don Ely <[EMAIL PROTECTED]> wrote:
>
>
> Main page is where I read it... 
>
> Project Admins: dkarg, jcasal 
> Operating System: All POSIX (Linux/BSD/UNIX-like OSes)
> License: BSD License
> Category: Security, Monitoring
>
>
>
> On Jan 9, 2008 6:31 PM, Don Ely < [EMAIL PROTECTED]> wrote:
>
> >
> >
> > I didn't read the FAQ yet and I may be wrong could have been
something
> else I was reading on sourceforge... 
> >
> > 
> >
> >
> >
> > On Jan 9, 2008 5:27 PM, Kurt Buff <[EMAIL PROTECTED]> wrote:
> >
> > > I did a search on the site (which redirected me to a search page
on 
> > > their wiki) for FreeBSD, and it came up with a placeholder page.
> > >
> > > I haven't gotten to the docs yet, but the FAQ says nothing about
BSD. 
> > >
> > > 
> > >
> > >

> > > On Jan 9, 2008 5:18 PM, Don Ely <[EMAIL PROTECTED]> wrote:
> > > > 
> > > >  I'm DLing the VM.  I believe I read in the docs in can be
installed 
> on the
> > > > BSD's though...
> > > >
> > > >
> > > > 
> > > >
> > > > On Jan 9, 2008 5:16 PM, Kurt Buff < [EMAIL PROTECTED]
<mailto:[EMAIL PROTECTED]> > wrote:
> > > >
> > > > > Looks really dang cool. 
> > > > >
> > > > > No port for FreeBSD, though. Looks like the missing bit is
spade. 
> > > > >
> > > > > Doesn't look as if any of the BSDs have it. 
> > > > >
> > > > > Well, I'm downloading the install ISO - I wonder what OS it 
> installs.
> > > > >
> > > > >
> > > > > 
> > > > >
> > > > > On Jan 9, 2008 3:57 PM, Don Ely < [EMAIL PROTECTED]
<mailto:[EMAIL PROTECTED]> > wrote:
> > > > > >
> > > > > >  Go have a look at OSSIM...  ;o)  It has EVERYTHING 
> > > > > >
> > > > > >
> > > > > > 
> > > > > >
> > > > > > On Jan 9, 2008 3:54 PM, Kurt Buff < [EMAIL PROTECTED]
<mailto:[EMAIL PROTECTED]> > wrote:
> > > > > >
> > > > > > > Another good tool for this kinda thing is ntop, but it
must be 
> > > > > > > positioned correctly - you will most likely need a
SPAN/mirror 
> port in
> > > > > > > your infrastructure, or else use the netflow or sflow
plugins to
> get
> > > > > > > reports from your routers/switches.
> > > > > > > 
> > > > > > > Either way, it's extremely useful, as it doesn't merely
measure 
> > > > > > > packets in/out of interfaces, it actually categorizes
packets
> and 
> > > > > > > keeps track of top talkers, etc.
> > > > > > > 
> > > > > > > Excellent for tracking down who is downloading that huge
iso
> file, and 
> > > > > > > where it's coming from. Lets you ask more pointed
questions, if 
> > > > > > > nothing else.
> > > > > > >
> > > > > > > Differentiates between tcp/udp/etc., and puts up some 

Re: Network monitoring tools

[Don Ely]

http://www.ossim.net

On Jan 10, 2008 12:31 PM, Ziots, Edward <[EMAIL PROTECTED]> wrote:

>
>  What is the link again, if they got a VM for ESX I definitely want to try
> this out.
>
>
>
> Z
>
>
>  --
>
> *From:* Benjamin Zachary [mailto:[EMAIL PROTECTED]
> *Sent:* Thursday, January 10, 2008 3:26 PM
> *To:* NT System Admin Issues
> *Subject:* RE: Network monitoring tools
>
>
>
>
>
> I saw the link and grabbed the vm and ported it over to my esx box. Runs
> pretty well, the doc had an error that the file is /etc/network/interfaces
> not networking
>
>
>
> *From:* Don Ely [mailto:[EMAIL PROTECTED]
> *Sent:* Thursday, January 10, 2008 3:06 PM
> *To:* NT System Admin Issues
> *Subject:* Re: Network monitoring tools
>
>
>
>
> Has it's own ISO which I installed in a VM, will be looking at it more
> this afternoon...
>
> On Jan 10, 2008 11:50 AM, Kurt Buff <[EMAIL PROTECTED]> wrote:
>
> OK - not in ports though.
>
> I'll download the .tgz and see how much trouble it gives me.
>
>
> On Jan 9, 2008 7:05 PM, Don Ely <[EMAIL PROTECTED]> wrote:
> >
> >
> > Main page is where I read it...
> >
> > Project Admins: dkarg, jcasal
> > Operating System: All POSIX (Linux/BSD/UNIX-like OSes)
> > License: BSD License
> > Category: Security, Monitoring
> >
> >
> >
> > On Jan 9, 2008 6:31 PM, Don Ely < [EMAIL PROTECTED]> wrote:
> >
> > >
> > >
> > > I didn't read the FAQ yet and I may be wrong could have been something
> > else I was reading on sourceforge...
> > >
> > >
> > >
> > >
> > >
> > > On Jan 9, 2008 5:27 PM, Kurt Buff <[EMAIL PROTECTED]> wrote:
> > >
> > > > I did a search on the site (which redirected me to a search page on
> > > > their wiki) for FreeBSD, and it came up with a placeholder page.
> > > >
> > > > I haven't gotten to the docs yet, but the FAQ says nothing about
> BSD.
> > > >
> > > >
> > > >
> > > >
>
> > > > On Jan 9, 2008 5:18 PM, Don Ely <[EMAIL PROTECTED]> wrote:
> > > > >
> > > > >  I'm DLing the VM.  I believe I read in the docs in can be
> installed
> > on the
> > > > > BSD's though...
> > > > >
> > > > >
> > > > >
> > > > >
> > > > > On Jan 9, 2008 5:16 PM, Kurt Buff < [EMAIL PROTECTED]> wrote:
> > > > >
> > > > > > Looks really dang cool.
> > > > > >
> > > > > > No port for FreeBSD, though. Looks like the missing bit is
> spade.
> > > > > >
> > > > > > Doesn't look as if any of the BSDs have it.
> > > > > >
> > > > > > Well, I'm downloading the install ISO - I wonder what OS it
> > installs.
> > > > > >
> > > > > >
> > > > > >
> > > > > >
> > > > > > On Jan 9, 2008 3:57 PM, Don Ely < [EMAIL PROTECTED]> wrote:
> > > > > > >
> > > > > > >  Go have a look at OSSIM...  ;o)  It has EVERYTHING
> > > > > > >
> > > > > > >
> > > > > > >
> > > > > > >
> > > > > > > On Jan 9, 2008 3:54 PM, Kurt Buff <[EMAIL PROTECTED]> wrote:
> > > > > > >
> > > > > > > > Another good tool for this kinda thing is ntop, but it must
> be
> > > > > > > > positioned correctly - you will most likely need a
> SPAN/mirror
> > port in
> > > > > > > > your infrastructure, or else use the netflow or sflow
> plugins to
> > get
> > > > > > > > reports from your routers/switches.
> > > > > > > >
> > > > > > > > Either way, it's extremely useful, as it doesn't merely
> measure
> > > > > > > > packets in/out of interfaces, it actually categorizes
> packets
> > and
> > > > > > > > keeps track of top talkers, etc.
> > > > > > > >
> > > > > > > > Excellent for tracking down who is downloading that huge iso
> > file, and
> > > > > > > > where it's coming from. Lets you ask more pointed questions,
> if
> > > > > > > > nothing else.
> &

RE: Network monitoring tools

[Ziots, Edward]

What is the link again, if they got a VM for ESX I definitely want to
try this out. 

 

Z

 



From: Benjamin Zachary [mailto:[EMAIL PROTECTED] 
Sent: Thursday, January 10, 2008 3:26 PM
To: NT System Admin Issues
Subject: RE: Network monitoring tools

 

 

I saw the link and grabbed the vm and ported it over to my esx box. Runs
pretty well, the doc had an error that the file is
/etc/network/interfaces not networking

 

From: Don Ely [mailto:[EMAIL PROTECTED] 
Sent: Thursday, January 10, 2008 3:06 PM
To: NT System Admin Issues
Subject: Re: Network monitoring tools

 


Has it's own ISO which I installed in a VM, will be looking at it more
this afternoon...

On Jan 10, 2008 11:50 AM, Kurt Buff <[EMAIL PROTECTED]> wrote:

OK - not in ports though.

I'll download the .tgz and see how much trouble it gives me.


On Jan 9, 2008 7:05 PM, Don Ely <[EMAIL PROTECTED]> wrote:
>
>
> Main page is where I read it...
>
> Project Admins: dkarg, jcasal 
> Operating System: All POSIX (Linux/BSD/UNIX-like OSes)
> License: BSD License
> Category: Security, Monitoring
>
>
>
> On Jan 9, 2008 6:31 PM, Don Ely < [EMAIL PROTECTED]
<mailto:[EMAIL PROTECTED]> > wrote:
>
> >
> >
> > I didn't read the FAQ yet and I may be wrong could have been
something
> else I was reading on sourceforge...
> >
> > 
> >
> >
> >
> > On Jan 9, 2008 5:27 PM, Kurt Buff <[EMAIL PROTECTED]> wrote:
> >
> > > I did a search on the site (which redirected me to a search page
on 
> > > their wiki) for FreeBSD, and it came up with a placeholder page.
> > >
> > > I haven't gotten to the docs yet, but the FAQ says nothing about
BSD.
> > >
> > > 
> > >
> > >

> > > On Jan 9, 2008 5:18 PM, Don Ely <[EMAIL PROTECTED]> wrote:
> > > >
> > > >  I'm DLing the VM.  I believe I read in the docs in can be
installed 
> on the
> > > > BSD's though...
> > > >
> > > >
> > > >
> > > >
> > > > On Jan 9, 2008 5:16 PM, Kurt Buff < [EMAIL PROTECTED]
<mailto:[EMAIL PROTECTED]> > wrote:
> > > >
> > > > > Looks really dang cool.
> > > > >
> > > > > No port for FreeBSD, though. Looks like the missing bit is
spade. 
> > > > >
> > > > > Doesn't look as if any of the BSDs have it.
> > > > >
> > > > > Well, I'm downloading the install ISO - I wonder what OS it 
> installs.
> > > > >
> > > > >
> > > > >
> > > > >
> > > > > On Jan 9, 2008 3:57 PM, Don Ely < [EMAIL PROTECTED]
<mailto:[EMAIL PROTECTED]> > wrote:
> > > > > >
> > > > > >  Go have a look at OSSIM...  ;o)  It has EVERYTHING
> > > > > >
> > > > > >
> > > > > > 
> > > > > >
> > > > > > On Jan 9, 2008 3:54 PM, Kurt Buff <[EMAIL PROTECTED]>
wrote:
> > > > > >
> > > > > > > Another good tool for this kinda thing is ntop, but it
must be 
> > > > > > > positioned correctly - you will most likely need a
SPAN/mirror
> port in
> > > > > > > your infrastructure, or else use the netflow or sflow
plugins to
> get
> > > > > > > reports from your routers/switches.
> > > > > > >
> > > > > > > Either way, it's extremely useful, as it doesn't merely
measure 
> > > > > > > packets in/out of interfaces, it actually categorizes
packets
> and
> > > > > > > keeps track of top talkers, etc.
> > > > > > > 
> > > > > > > Excellent for tracking down who is downloading that huge
iso
> file, and
> > > > > > > where it's coming from. Lets you ask more pointed
questions, if 
> > > > > > > nothing else.
> > > > > > >
> > > > > > > Differentiates between tcp/udp/etc., and puts up some nice
RRD
> > > > graphics. 
> > > > > > >
> > > > > > > Kurt
> > > > > > >
> > > > > > >
> > > > > > > On Jan 9, 2008 2:28 PM, Joe Heaton < [EMAIL PROTECTED]>
wrote:
> > > > > > > >
> > > > > > > >
> > > > > > > >
> > > > > > > > 
> > > >

RE: Network monitoring tools

[Benjamin Zachary]

I saw the link and grabbed the vm and ported it over to my esx box. Runs
pretty well, the doc had an error that the file is /etc/network/interfaces
not networking

 

From: Don Ely [mailto:[EMAIL PROTECTED] 
Sent: Thursday, January 10, 2008 3:06 PM
To: NT System Admin Issues
Subject: Re: Network monitoring tools

 


Has it's own ISO which I installed in a VM, will be looking at it more this
afternoon...

On Jan 10, 2008 11:50 AM, Kurt Buff <[EMAIL PROTECTED]> wrote:

OK - not in ports though.

I'll download the .tgz and see how much trouble it gives me.


On Jan 9, 2008 7:05 PM, Don Ely <[EMAIL PROTECTED]> wrote:
>
>
> Main page is where I read it...
>
> Project Admins: dkarg, jcasal 
> Operating System: All POSIX (Linux/BSD/UNIX-like OSes)
> License: BSD License
> Category: Security, Monitoring
>
>
>
> On Jan 9, 2008 6:31 PM, Don Ely < <mailto:[EMAIL PROTECTED]>
[EMAIL PROTECTED]> wrote:
>
> >
> >
> > I didn't read the FAQ yet and I may be wrong could have been something
> else I was reading on sourceforge...
> >
> > 
> >
> >
> >
> > On Jan 9, 2008 5:27 PM, Kurt Buff <[EMAIL PROTECTED]> wrote:
> >
> > > I did a search on the site (which redirected me to a search page on 
> > > their wiki) for FreeBSD, and it came up with a placeholder page.
> > >
> > > I haven't gotten to the docs yet, but the FAQ says nothing about BSD.
> > >
> > > 
> > >
> > >

> > > On Jan 9, 2008 5:18 PM, Don Ely <[EMAIL PROTECTED]> wrote:
> > > >
> > > >  I'm DLing the VM.  I believe I read in the docs in can be installed

> on the
> > > > BSD's though...
> > > >
> > > >
> > > >
> > > >
> > > > On Jan 9, 2008 5:16 PM, Kurt Buff < [EMAIL PROTECTED]
<mailto:[EMAIL PROTECTED]> > wrote:
> > > >
> > > > > Looks really dang cool.
> > > > >
> > > > > No port for FreeBSD, though. Looks like the missing bit is spade. 
> > > > >
> > > > > Doesn't look as if any of the BSDs have it.
> > > > >
> > > > > Well, I'm downloading the install ISO - I wonder what OS it 
> installs.
> > > > >
> > > > >
> > > > >
> > > > >
> > > > > On Jan 9, 2008 3:57 PM, Don Ely < [EMAIL PROTECTED]
<mailto:[EMAIL PROTECTED]> > wrote:
> > > > > >
> > > > > >  Go have a look at OSSIM...  ;o)  It has EVERYTHING
> > > > > >
> > > > > >
> > > > > > 
> > > > > >
> > > > > > On Jan 9, 2008 3:54 PM, Kurt Buff <[EMAIL PROTECTED]> wrote:
> > > > > >
> > > > > > > Another good tool for this kinda thing is ntop, but it must be

> > > > > > > positioned correctly - you will most likely need a SPAN/mirror
> port in
> > > > > > > your infrastructure, or else use the netflow or sflow plugins
to
> get
> > > > > > > reports from your routers/switches.
> > > > > > >
> > > > > > > Either way, it's extremely useful, as it doesn't merely
measure 
> > > > > > > packets in/out of interfaces, it actually categorizes packets
> and
> > > > > > > keeps track of top talkers, etc.
> > > > > > > 
> > > > > > > Excellent for tracking down who is downloading that huge iso
> file, and
> > > > > > > where it's coming from. Lets you ask more pointed questions,
if 
> > > > > > > nothing else.
> > > > > > >
> > > > > > > Differentiates between tcp/udp/etc., and puts up some nice RRD
> > > > graphics. 
> > > > > > >
> > > > > > > Kurt
> > > > > > >
> > > > > > >
> > > > > > > On Jan 9, 2008 2:28 PM, Joe Heaton < [EMAIL PROTECTED]>
wrote:
> > > > > > > >
> > > > > > > >
> > > > > > > >
> > > > > > > > 
> > > > > > > >
> > > > > > >
> > > > > > > > I know we have these discussions every couple of months at
> least,
> > > > but 
> > > > > > here
> &g

Re: Network monitoring tools

[Don Ely]

Has it's own ISO which I installed in a VM, will be looking at it more this
afternoon...

On Jan 10, 2008 11:50 AM, Kurt Buff <[EMAIL PROTECTED]> wrote:

> OK - not in ports though.
>
> I'll download the .tgz and see how much trouble it gives me.
>
> On Jan 9, 2008 7:05 PM, Don Ely <[EMAIL PROTECTED]> wrote:
> >
> >
> > Main page is where I read it...
> >
> > Project Admins: dkarg, jcasal
> > Operating System: All POSIX (Linux/BSD/UNIX-like OSes)
> > License: BSD License
> > Category: Security, Monitoring
> >
> >
> >
> > On Jan 9, 2008 6:31 PM, Don Ely <[EMAIL PROTECTED]> wrote:
> >
> > >
> > >
> > > I didn't read the FAQ yet and I may be wrong could have been something
> > else I was reading on sourceforge...
> > >
> > >
> > >
> > >
> > >
> > > On Jan 9, 2008 5:27 PM, Kurt Buff <[EMAIL PROTECTED]> wrote:
> > >
> > > > I did a search on the site (which redirected me to a search page on
> > > > their wiki) for FreeBSD, and it came up with a placeholder page.
> > > >
> > > > I haven't gotten to the docs yet, but the FAQ says nothing about
> BSD.
> > > >
> > > >
> > > >
> > > >
>  > > > On Jan 9, 2008 5:18 PM, Don Ely <[EMAIL PROTECTED]> wrote:
> > > > >
> > > > >  I'm DLing the VM.  I believe I read in the docs in can be
> installed
> > on the
> > > > > BSD's though...
> > > > >
> > > > >
> > > > >
> > > > >
> > > > > On Jan 9, 2008 5:16 PM, Kurt Buff <[EMAIL PROTECTED]> wrote:
> > > > >
> > > > > > Looks really dang cool.
> > > > > >
> > > > > > No port for FreeBSD, though. Looks like the missing bit is
> spade.
> > > > > >
> > > > > > Doesn't look as if any of the BSDs have it.
> > > > > >
> > > > > > Well, I'm downloading the install ISO - I wonder what OS it
> > installs.
> > > > > >
> > > > > >
> > > > > >
> > > > > >
> > > > > > On Jan 9, 2008 3:57 PM, Don Ely <[EMAIL PROTECTED]> wrote:
> > > > > > >
> > > > > > >  Go have a look at OSSIM...  ;o)  It has EVERYTHING
> > > > > > >
> > > > > > >
> > > > > > >
> > > > > > >
> > > > > > > On Jan 9, 2008 3:54 PM, Kurt Buff <[EMAIL PROTECTED]> wrote:
> > > > > > >
> > > > > > > > Another good tool for this kinda thing is ntop, but it must
> be
> > > > > > > > positioned correctly - you will most likely need a
> SPAN/mirror
> > port in
> > > > > > > > your infrastructure, or else use the netflow or sflow
> plugins to
> > get
> > > > > > > > reports from your routers/switches.
> > > > > > > >
> > > > > > > > Either way, it's extremely useful, as it doesn't merely
> measure
> > > > > > > > packets in/out of interfaces, it actually categorizes
> packets
> > and
> > > > > > > > keeps track of top talkers, etc.
> > > > > > > >
> > > > > > > > Excellent for tracking down who is downloading that huge iso
> > file, and
> > > > > > > > where it's coming from. Lets you ask more pointed questions,
> if
> > > > > > > > nothing else.
> > > > > > > >
> > > > > > > > Differentiates between tcp/udp/etc., and puts up some nice
> RRD
> > > > > graphics.
> > > > > > > >
> > > > > > > > Kurt
> > > > > > > >
> > > > > > > >
> > > > > > > > On Jan 9, 2008 2:28 PM, Joe Heaton <[EMAIL PROTECTED]>
> wrote:
> > > > > > > > >
> > > > > > > > >
> > > > > > > > >
> > > > > > > > >
> > > > > > > > >
> > > > > > > >
> > > > > > > > > I know we have these discussions every couple of months at
> > least,
> > > > > but
> > > > > > > here
> > > > > > > > > goes:
> > > > > > > > >
> > > > > > > > >
> > > > > > > > >
> > > > > > > > > What are you guys using to monitor your networks so that
> you
> > have an
> > > > > > > answer
> > > > > > > > > to the age-old user question of:
> > > > > > > > >
> > > > > > > > >
> > > > > > > > >
> > > > > > > > > "Why is everything running so slow?"
> > > > > > > > >
> > > > > > > > >
> > > > > > > > >
> > > > > > > > > I'm thinking of bandwidth usage first off, which I'm
> thinking
> > PRTG
> > > > > to
> > > > > > > > > monitor that.
> > > > > > > > >
> > > > > > > > >
> > > > > > > > >
> > > > > > > > > I guess I could run a Wireshark capture, to see if there's
> a
> > massive
> > > > > > > spike
> > > > > > > > > in weird packets.
> > > > > > > > >
> > > > > > > > >
> > > > > > > > >
> > > > > > > > >
> > > > > > > > >
> > > > > > > > > Anything else that you guys could suggest?  I know someone
> had
> > > > > mentioned
> > > > > > > > > they use Nagios, but that would require me to setup a
> Linux
> > box
> > > > > first,
> > > > > > > which
> > > > > > > > > isn't that big a deal, other than piecing a box together…
> > > > > > > > >
> > > > > > > > >
> > > > > > > > >
> > > > > > > > > Any other ideas?
> > > > > > > > >
> > > > > > > > >
> > > > > > > > >
> > > > > > > > > I'd like to do this without a lot of cost if possible,
> just
> > because
> > > > > I
> > > > > > > hate
> > > > > > > >
> > > > > > > >
> > > > > > > >
> > > > > > > > > spending money…
> > > > > > > > >
> > > > > > > > >
> > > > > > > > >
> > > > > > > > >
> > > > > > > > >
> > > > > > > > >
> > > > > > > > >
> > > > > > > > >
> > > > > > > > >
> > > > > > > > >
> > > > > > > >
> > >

Re: Network monitoring tools

[Kurt Buff]

OK - not in ports though.

I'll download the .tgz and see how much trouble it gives me.

On Jan 9, 2008 7:05 PM, Don Ely <[EMAIL PROTECTED]> wrote:
>
>
> Main page is where I read it...
>
> Project Admins: dkarg, jcasal
> Operating System: All POSIX (Linux/BSD/UNIX-like OSes)
> License: BSD License
> Category: Security, Monitoring
>
>
>
> On Jan 9, 2008 6:31 PM, Don Ely <[EMAIL PROTECTED]> wrote:
>
> >
> >
> > I didn't read the FAQ yet and I may be wrong could have been something
> else I was reading on sourceforge...
> >
> >
> >
> >
> >
> > On Jan 9, 2008 5:27 PM, Kurt Buff <[EMAIL PROTECTED]> wrote:
> >
> > > I did a search on the site (which redirected me to a search page on
> > > their wiki) for FreeBSD, and it came up with a placeholder page.
> > >
> > > I haven't gotten to the docs yet, but the FAQ says nothing about BSD.
> > >
> > >
> > >
> > >
> > > On Jan 9, 2008 5:18 PM, Don Ely <[EMAIL PROTECTED]> wrote:
> > > >
> > > >  I'm DLing the VM.  I believe I read in the docs in can be installed
> on the
> > > > BSD's though...
> > > >
> > > >
> > > >
> > > >
> > > > On Jan 9, 2008 5:16 PM, Kurt Buff <[EMAIL PROTECTED]> wrote:
> > > >
> > > > > Looks really dang cool.
> > > > >
> > > > > No port for FreeBSD, though. Looks like the missing bit is spade.
> > > > >
> > > > > Doesn't look as if any of the BSDs have it.
> > > > >
> > > > > Well, I'm downloading the install ISO - I wonder what OS it
> installs.
> > > > >
> > > > >
> > > > >
> > > > >
> > > > > On Jan 9, 2008 3:57 PM, Don Ely <[EMAIL PROTECTED]> wrote:
> > > > > >
> > > > > >  Go have a look at OSSIM...  ;o)  It has EVERYTHING
> > > > > >
> > > > > >
> > > > > >
> > > > > >
> > > > > > On Jan 9, 2008 3:54 PM, Kurt Buff <[EMAIL PROTECTED]> wrote:
> > > > > >
> > > > > > > Another good tool for this kinda thing is ntop, but it must be
> > > > > > > positioned correctly - you will most likely need a SPAN/mirror
> port in
> > > > > > > your infrastructure, or else use the netflow or sflow plugins to
> get
> > > > > > > reports from your routers/switches.
> > > > > > >
> > > > > > > Either way, it's extremely useful, as it doesn't merely measure
> > > > > > > packets in/out of interfaces, it actually categorizes packets
> and
> > > > > > > keeps track of top talkers, etc.
> > > > > > >
> > > > > > > Excellent for tracking down who is downloading that huge iso
> file, and
> > > > > > > where it's coming from. Lets you ask more pointed questions, if
> > > > > > > nothing else.
> > > > > > >
> > > > > > > Differentiates between tcp/udp/etc., and puts up some nice RRD
> > > > graphics.
> > > > > > >
> > > > > > > Kurt
> > > > > > >
> > > > > > >
> > > > > > > On Jan 9, 2008 2:28 PM, Joe Heaton <[EMAIL PROTECTED]> wrote:
> > > > > > > >
> > > > > > > >
> > > > > > > >
> > > > > > > >
> > > > > > > >
> > > > > > >
> > > > > > > > I know we have these discussions every couple of months at
> least,
> > > > but
> > > > > > here
> > > > > > > > goes:
> > > > > > > >
> > > > > > > >
> > > > > > > >
> > > > > > > > What are you guys using to monitor your networks so that you
> have an
> > > > > > answer
> > > > > > > > to the age-old user question of:
> > > > > > > >
> > > > > > > >
> > > > > > > >
> > > > > > > > "Why is everything running so slow?"
> > > > > > > >
> > > > > > > >
> > > > > > > >
> > > > > > > > I'm thinking of bandwidth usage first off, which I'm thinking
> PRTG
> > > > to
> > > > > > > > monitor that.
> > > > > > > >
> > > > > > > >
> > > > > > > >
> > > > > > > > I guess I could run a Wireshark capture, to see if there's a
> massive
> > > > > > spike
> > > > > > > > in weird packets.
> > > > > > > >
> > > > > > > >
> > > > > > > >
> > > > > > > >
> > > > > > > >
> > > > > > > > Anything else that you guys could suggest?  I know someone had
> > > > mentioned
> > > > > > > > they use Nagios, but that would require me to setup a Linux
> box
> > > > first,
> > > > > > which
> > > > > > > > isn't that big a deal, other than piecing a box together…
> > > > > > > >
> > > > > > > >
> > > > > > > >
> > > > > > > > Any other ideas?
> > > > > > > >
> > > > > > > >
> > > > > > > >
> > > > > > > > I'd like to do this without a lot of cost if possible, just
> because
> > > > I
> > > > > > hate
> > > > > > >
> > > > > > >
> > > > > > >
> > > > > > > > spending money…
> > > > > > > >
> > > > > > > >
> > > > > > > >
> > > > > > > >
> > > > > > > >
> > > > > > > >
> > > > > > > >
> > > > > > > >
> > > > > > > >
> > > > > > > >
> > > > > > >
> > > > > > > ~ Upgrade to Next Generation Antispam/Antivirus with Ninja!~
> > > > > > > ~ < http://www.sunbelt-software.com/SunbeltMessagingNinja.cfm >
> ~
> > > > > > >
> > > > > >
> > > > > >
> > > > > >
> > > > > >
> > > > > >
> > > > > >
> > > > > >
> > > > > >
> > > > > >
> > > > > >
> > > > > >
> > > > >
> > > > > ~ Upgrade to Next Generation Antispam/Antivirus with Ninja!~
> > > > > ~ < http://www.sunbelt-software.com/SunbeltMessagingNinja.cfm >  ~
> > > > >
> > > >
> > > >
> > > >
> > > >
> > > >
> > > >

RE: Network monitoring tools

[René de Haas]

I read it has a BSD license, but OS is Debian.

 

From: Don Ely [mailto:[EMAIL PROTECTED] 
Sent: Thursday, January 10, 2008 2:18 AM
To: NT System Admin Issues
Subject: Re: Network monitoring tools

 


I'm DLing the VM.  I believe I read in the docs in can be installed on the 
BSD's though...

On Jan 9, 2008 5:16 PM, Kurt Buff <[EMAIL PROTECTED]> wrote:

Looks really dang cool.

No port for FreeBSD, though. Looks like the missing bit is spade.

Doesn't look as if any of the BSDs have it. 

Well, I'm downloading the install ISO - I wonder what OS it installs.


On Jan 9, 2008 3:57 PM, Don Ely <[EMAIL PROTECTED]> wrote:
>
>  Go have a look at OSSIM...  ;o)  It has EVERYTHING
>
>
>
>
> On Jan 9, 2008 3:54 PM, Kurt Buff <[EMAIL PROTECTED]> wrote:
>
> > Another good tool for this kinda thing is ntop, but it must be
> > positioned correctly - you will most likely need a SPAN/mirror port in 
> > your infrastructure, or else use the netflow or sflow plugins to get
> > reports from your routers/switches.
> >
> > Either way, it's extremely useful, as it doesn't merely measure 
> > packets in/out of interfaces, it actually categorizes packets and
> > keeps track of top talkers, etc.
> >
> > Excellent for tracking down who is downloading that huge iso file, and 
> > where it's coming from. Lets you ask more pointed questions, if
> > nothing else.
> >
> > Differentiates between tcp/udp/etc., and puts up some nice RRD graphics.
> >
> > Kurt
> >
> >
> > On Jan 9, 2008 2:28 PM, Joe Heaton <[EMAIL PROTECTED]> wrote:
> > >
> > >
> > >
> > > 
> > >
> >
> > > I know we have these discussions every couple of months at least, but
> here
> > > goes:
> > >
> > >
> > >
> > > What are you guys using to monitor your networks so that you have an 
> answer
> > > to the age-old user question of:
> > >
> > >
> > >
> > > "Why is everything running so slow?"
> > >
> > > 
> > >
> > > I'm thinking of bandwidth usage first off, which I'm thinking PRTG to
> > > monitor that.
> > >
> > >
> > >
> > > I guess I could run a Wireshark capture, to see if there's a massive 
> spike
> > > in weird packets.
> > >
> > >
> > >
> > >
> > >
> > > Anything else that you guys could suggest?  I know someone had mentioned 
> > > they use Nagios, but that would require me to setup a Linux box first,
> which
> > > isn't that big a deal, other than piecing a box together...
> > >
> > >
> > >
> > > Any other ideas?
> > >
> > >
> > >
> > > I'd like to do this without a lot of cost if possible, just because I
> hate
> > 
> >
> >
> > > spending money...
> > >
> > >
> > >
> > >
> > >
> > >
> > >
> > >
> > > 
> > >
> >
> > ~ Upgrade to Next Generation Antispam/Antivirus with Ninja!~
> > ~ < http://www.sunbelt-software.com/SunbeltMessagingNinja.cfm >  ~
> >
>
>
>
>
>
>
>
>
>
>
>

~ Upgrade to Next Generation Antispam/Antivirus with Ninja!~
~ < http://www.sunbelt-software.com/SunbeltMessagingNinja.cfm 
<http://www.sunbelt-software.com/SunbeltMessagingNinja.cfm> >  ~

 






 



***
The information in this e-mail is confidential and intended solely for the 
individual or entity to whom it is addressed.  If you have received this e-mail 
in error please notify the sender by return e-mail delete this e-mail and 
refrain from any disclosure or action based on the information.
***

~ Upgrade to Next Generation Antispam/Antivirus with Ninja!~
~ <http://www.sunbelt-software.com/SunbeltMessagingNinja.cfm>  ~

Re: Network monitoring tools

[Don Ely]

Main page is where I read it...

*Project Admins*: dkarg ,
jcasal
*Operating System*: All POSIX (Linux/BSD/UNIX-like
OSes)
*License*: BSD 
License
*Category*: 
Security,
Monitoring 

On Jan 9, 2008 6:31 PM, Don Ely <[EMAIL PROTECTED]> wrote:

>
> I didn't read the FAQ yet and I may be wrong could have been something
> else I was reading on sourceforge...
>
>   On Jan 9, 2008 5:27 PM, Kurt Buff <[EMAIL PROTECTED]> wrote:
>
> > I did a search on the site (which redirected me to a search page on
> > their wiki) for FreeBSD, and it came up with a placeholder page.
> >
> > I haven't gotten to the docs yet, but the FAQ says nothing about BSD.
> >
> > On Jan 9, 2008 5:18 PM, Don Ely <[EMAIL PROTECTED]> wrote:
> > >
> > >  I'm DLing the VM.  I believe I read in the docs in can be installed
> > on the
> > > BSD's though...
> > >
> > >
> > >
> > >
> > > On Jan 9, 2008 5:16 PM, Kurt Buff <[EMAIL PROTECTED]> wrote:
> > >
> > > > Looks really dang cool.
> > > >
> > > > No port for FreeBSD, though. Looks like the missing bit is spade.
> > > >
> > > > Doesn't look as if any of the BSDs have it.
> > > >
> > > > Well, I'm downloading the install ISO - I wonder what OS it
> > installs.
> > > >
> > > >
> > > >
> > > >
> > > > On Jan 9, 2008 3:57 PM, Don Ely <[EMAIL PROTECTED]> wrote:
> > > > >
> > > > >  Go have a look at OSSIM...  ;o)  It has EVERYTHING
> > > > >
> > > > >
> > > > >
> > > > >
> > > > > On Jan 9, 2008 3:54 PM, Kurt Buff <[EMAIL PROTECTED]> wrote:
> > > > >
> > > > > > Another good tool for this kinda thing is ntop, but it must be
> > > > > > positioned correctly - you will most likely need a SPAN/mirror
> > port in
> > > > > > your infrastructure, or else use the netflow or sflow plugins to
> > get
> > > > > > reports from your routers/switches.
> > > > > >
> > > > > > Either way, it's extremely useful, as it doesn't merely measure
> > > > > > packets in/out of interfaces, it actually categorizes packets
> > and
> > > > > > keeps track of top talkers, etc.
> > > > > >
> > > > > > Excellent for tracking down who is downloading that huge iso
> > file, and
> > > > > > where it's coming from. Lets you ask more pointed questions, if
> > > > > > nothing else.
> > > > > >
> > > > > > Differentiates between tcp/udp/etc., and puts up some nice RRD
> > > graphics.
> > > > > >
> > > > > > Kurt
> > > > > >
> > > > > >
> > > > > > On Jan 9, 2008 2:28 PM, Joe Heaton <[EMAIL PROTECTED]> wrote:
> > > > > > >
> > > > > > >
> > > > > > >
> > > > > > >
> > > > > > >
> > > > > >
> > > > > > > I know we have these discussions every couple of months at
> > least,
> > > but
> > > > > here
> > > > > > > goes:
> > > > > > >
> > > > > > >
> > > > > > >
> > > > > > > What are you guys using to monitor your networks so that you
> > have an
> > > > > answer
> > > > > > > to the age-old user question of:
> > > > > > >
> > > > > > >
> > > > > > >
> > > > > > > "Why is everything running so slow?"
> > > > > > >
> > > > > > >
> > > > > > >
> > > > > > > I'm thinking of bandwidth usage first off, which I'm thinking
> > PRTG
> > > to
> > > > > > > monitor that.
> > > > > > >
> > > > > > >
> > > > > > >
> > > > > > > I guess I could run a Wireshark capture, to see if there's a
> > massive
> > > > > spike
> > > > > > > in weird packets.
> > > > > > >
> > > > > > >
> > > > > > >
> > > > > > >
> > > > > > >
> > > > > > > Anything else that you guys could suggest?  I know someone had
> > > mentioned
> > > > > > > they use Nagios, but that would require me to setup a Linux
> > box
> > > first,
> > > > > which
> > > > > > > isn't that big a deal, other than piecing a box together…
> > > > > > >
> > > > > > >
> > > > > > >
> > > > > > > Any other ideas?
> > > > > > >
> > > > > > >
> > > > > > >
> > > > > > > I'd like to do this without a lot of cost if possible, just
> > because
> > > I
> > > > > hate
> > > > > >
> > > > > >
> > > > > >
> > > > > > > spending money…
> > > > > > >
> > > > > > >
> > > > > > >
> > > > > > >
> > > > > > >
> > > > > > >
> > > > > > >
> > > > > > >
> > > > > > >
> > > > > > >
> > > > > >
> > > > > > ~ Upgrade to Next Generation Antispam/Antivirus with Ninja!~
> >
> > > > > > ~ < http://www.sunbelt-software.com/SunbeltMessagingNinja.cfm >
> >  ~
> > > > > >
> > > > >
> > > > >
> > > > >
> > > > >
> > > > >
> > > > >
> > > > >
> > > > >
> > > > >
> > > > >
> > > > >
> > > >
> > > > ~ Upgrade to Next Generation Antispam/Antivirus with Ninja!~
> > > > ~ < http://www.sunbelt-software.com/SunbeltMessagingNinja.cfm>  ~
> > > >
> > >
> > >
> > >
> > >
> > >
> > >
> > >
> > >
> > >
> > >
> > >
> >
> > ~ Upgrade to Next Generation Antispam/Antivirus with Ninja!~
> > ~ 

Re: Network monitoring tools

[Don Ely]

I didn't read the FAQ yet and I may be wrong could have been something else
I was reading on sourceforge...

On Jan 9, 2008 5:27 PM, Kurt Buff <[EMAIL PROTECTED]> wrote:

> I did a search on the site (which redirected me to a search page on
> their wiki) for FreeBSD, and it came up with a placeholder page.
>
> I haven't gotten to the docs yet, but the FAQ says nothing about BSD.
>
> On Jan 9, 2008 5:18 PM, Don Ely <[EMAIL PROTECTED]> wrote:
> >
> >  I'm DLing the VM.  I believe I read in the docs in can be installed on
> the
> > BSD's though...
> >
> >
> >
> >
> > On Jan 9, 2008 5:16 PM, Kurt Buff <[EMAIL PROTECTED]> wrote:
> >
> > > Looks really dang cool.
> > >
> > > No port for FreeBSD, though. Looks like the missing bit is spade.
> > >
> > > Doesn't look as if any of the BSDs have it.
> > >
> > > Well, I'm downloading the install ISO - I wonder what OS it installs.
> > >
> > >
> > >
> > >
> > > On Jan 9, 2008 3:57 PM, Don Ely <[EMAIL PROTECTED]> wrote:
> > > >
> > > >  Go have a look at OSSIM...  ;o)  It has EVERYTHING
> > > >
> > > >
> > > >
> > > >
> > > > On Jan 9, 2008 3:54 PM, Kurt Buff <[EMAIL PROTECTED]> wrote:
> > > >
> > > > > Another good tool for this kinda thing is ntop, but it must be
> > > > > positioned correctly - you will most likely need a SPAN/mirror
> port in
> > > > > your infrastructure, or else use the netflow or sflow plugins to
> get
> > > > > reports from your routers/switches.
> > > > >
> > > > > Either way, it's extremely useful, as it doesn't merely measure
> > > > > packets in/out of interfaces, it actually categorizes packets and
> > > > > keeps track of top talkers, etc.
> > > > >
> > > > > Excellent for tracking down who is downloading that huge iso file,
> and
> > > > > where it's coming from. Lets you ask more pointed questions, if
> > > > > nothing else.
> > > > >
> > > > > Differentiates between tcp/udp/etc., and puts up some nice RRD
> > graphics.
> > > > >
> > > > > Kurt
> > > > >
> > > > >
> > > > > On Jan 9, 2008 2:28 PM, Joe Heaton <[EMAIL PROTECTED]> wrote:
> > > > > >
> > > > > >
> > > > > >
> > > > > >
> > > > > >
> > > > >
> > > > > > I know we have these discussions every couple of months at
> least,
> > but
> > > > here
> > > > > > goes:
> > > > > >
> > > > > >
> > > > > >
> > > > > > What are you guys using to monitor your networks so that you
> have an
> > > > answer
> > > > > > to the age-old user question of:
> > > > > >
> > > > > >
> > > > > >
> > > > > > "Why is everything running so slow?"
> > > > > >
> > > > > >
> > > > > >
> > > > > > I'm thinking of bandwidth usage first off, which I'm thinking
> PRTG
> > to
> > > > > > monitor that.
> > > > > >
> > > > > >
> > > > > >
> > > > > > I guess I could run a Wireshark capture, to see if there's a
> massive
> > > > spike
> > > > > > in weird packets.
> > > > > >
> > > > > >
> > > > > >
> > > > > >
> > > > > >
> > > > > > Anything else that you guys could suggest?  I know someone had
> > mentioned
> > > > > > they use Nagios, but that would require me to setup a Linux box
> > first,
> > > > which
> > > > > > isn't that big a deal, other than piecing a box together…
> > > > > >
> > > > > >
> > > > > >
> > > > > > Any other ideas?
> > > > > >
> > > > > >
> > > > > >
> > > > > > I'd like to do this without a lot of cost if possible, just
> because
> > I
> > > > hate
> > > > >
> > > > >
> > > > >
> > > > > > spending money…
> > > > > >
> > > > > >
> > > > > >
> > > > > >
> > > > > >
> > > > > >
> > > > > >
> > > > > >
> > > > > >
> > > > > >
> > > > >
> > > > > ~ Upgrade to Next Generation Antispam/Antivirus with Ninja!~
> > > > > ~ < http://www.sunbelt-software.com/SunbeltMessagingNinja.cfm >  ~
> > > > >
> > > >
> > > >
> > > >
> > > >
> > > >
> > > >
> > > >
> > > >
> > > >
> > > >
> > > >
> > >
> > > ~ Upgrade to Next Generation Antispam/Antivirus with Ninja!~
> > > ~ < http://www.sunbelt-software.com/SunbeltMessagingNinja.cfm>  ~
> > >
> >
> >
> >
> >
> >
> >
> >
> >
> >
> >
> >
>
> ~ Upgrade to Next Generation Antispam/Antivirus with Ninja!~
> ~   ~
>

~ Upgrade to Next Generation Antispam/Antivirus with Ninja!~
~   ~

Re: Network monitoring tools

[Kurt Buff]

I did a search on the site (which redirected me to a search page on
their wiki) for FreeBSD, and it came up with a placeholder page.

I haven't gotten to the docs yet, but the FAQ says nothing about BSD.

On Jan 9, 2008 5:18 PM, Don Ely <[EMAIL PROTECTED]> wrote:
>
>  I'm DLing the VM.  I believe I read in the docs in can be installed on the
> BSD's though...
>
>
>
>
> On Jan 9, 2008 5:16 PM, Kurt Buff <[EMAIL PROTECTED]> wrote:
>
> > Looks really dang cool.
> >
> > No port for FreeBSD, though. Looks like the missing bit is spade.
> >
> > Doesn't look as if any of the BSDs have it.
> >
> > Well, I'm downloading the install ISO - I wonder what OS it installs.
> >
> >
> >
> >
> > On Jan 9, 2008 3:57 PM, Don Ely <[EMAIL PROTECTED]> wrote:
> > >
> > >  Go have a look at OSSIM...  ;o)  It has EVERYTHING
> > >
> > >
> > >
> > >
> > > On Jan 9, 2008 3:54 PM, Kurt Buff <[EMAIL PROTECTED]> wrote:
> > >
> > > > Another good tool for this kinda thing is ntop, but it must be
> > > > positioned correctly - you will most likely need a SPAN/mirror port in
> > > > your infrastructure, or else use the netflow or sflow plugins to get
> > > > reports from your routers/switches.
> > > >
> > > > Either way, it's extremely useful, as it doesn't merely measure
> > > > packets in/out of interfaces, it actually categorizes packets and
> > > > keeps track of top talkers, etc.
> > > >
> > > > Excellent for tracking down who is downloading that huge iso file, and
> > > > where it's coming from. Lets you ask more pointed questions, if
> > > > nothing else.
> > > >
> > > > Differentiates between tcp/udp/etc., and puts up some nice RRD
> graphics.
> > > >
> > > > Kurt
> > > >
> > > >
> > > > On Jan 9, 2008 2:28 PM, Joe Heaton <[EMAIL PROTECTED]> wrote:
> > > > >
> > > > >
> > > > >
> > > > >
> > > > >
> > > >
> > > > > I know we have these discussions every couple of months at least,
> but
> > > here
> > > > > goes:
> > > > >
> > > > >
> > > > >
> > > > > What are you guys using to monitor your networks so that you have an
> > > answer
> > > > > to the age-old user question of:
> > > > >
> > > > >
> > > > >
> > > > > "Why is everything running so slow?"
> > > > >
> > > > >
> > > > >
> > > > > I'm thinking of bandwidth usage first off, which I'm thinking PRTG
> to
> > > > > monitor that.
> > > > >
> > > > >
> > > > >
> > > > > I guess I could run a Wireshark capture, to see if there's a massive
> > > spike
> > > > > in weird packets.
> > > > >
> > > > >
> > > > >
> > > > >
> > > > >
> > > > > Anything else that you guys could suggest?  I know someone had
> mentioned
> > > > > they use Nagios, but that would require me to setup a Linux box
> first,
> > > which
> > > > > isn't that big a deal, other than piecing a box together…
> > > > >
> > > > >
> > > > >
> > > > > Any other ideas?
> > > > >
> > > > >
> > > > >
> > > > > I'd like to do this without a lot of cost if possible, just because
> I
> > > hate
> > > >
> > > >
> > > >
> > > > > spending money…
> > > > >
> > > > >
> > > > >
> > > > >
> > > > >
> > > > >
> > > > >
> > > > >
> > > > >
> > > > >
> > > >
> > > > ~ Upgrade to Next Generation Antispam/Antivirus with Ninja!~
> > > > ~ < http://www.sunbelt-software.com/SunbeltMessagingNinja.cfm >  ~
> > > >
> > >
> > >
> > >
> > >
> > >
> > >
> > >
> > >
> > >
> > >
> > >
> >
> > ~ Upgrade to Next Generation Antispam/Antivirus with Ninja!~
> > ~ < http://www.sunbelt-software.com/SunbeltMessagingNinja.cfm>  ~
> >
>
>
>
>
>
>
>
>
>
>
>

~ Upgrade to Next Generation Antispam/Antivirus with Ninja!~
~   ~

Re: Network monitoring tools

[Don Ely]

I'm DLing the VM.  I believe I read in the docs in can be installed on the
BSD's though...

On Jan 9, 2008 5:16 PM, Kurt Buff <[EMAIL PROTECTED]> wrote:

> Looks really dang cool.
>
> No port for FreeBSD, though. Looks like the missing bit is spade.
>
> Doesn't look as if any of the BSDs have it.
>
> Well, I'm downloading the install ISO - I wonder what OS it installs.
>
> On Jan 9, 2008 3:57 PM, Don Ely <[EMAIL PROTECTED]> wrote:
> >
> >  Go have a look at OSSIM...  ;o)  It has EVERYTHING
> >
> >
> >
> >
> > On Jan 9, 2008 3:54 PM, Kurt Buff <[EMAIL PROTECTED]> wrote:
> >
> > > Another good tool for this kinda thing is ntop, but it must be
> > > positioned correctly - you will most likely need a SPAN/mirror port in
> > > your infrastructure, or else use the netflow or sflow plugins to get
> > > reports from your routers/switches.
> > >
> > > Either way, it's extremely useful, as it doesn't merely measure
> > > packets in/out of interfaces, it actually categorizes packets and
> > > keeps track of top talkers, etc.
> > >
> > > Excellent for tracking down who is downloading that huge iso file, and
> > > where it's coming from. Lets you ask more pointed questions, if
> > > nothing else.
> > >
> > > Differentiates between tcp/udp/etc., and puts up some nice RRD
> graphics.
> > >
> > > Kurt
> > >
> > >
> > > On Jan 9, 2008 2:28 PM, Joe Heaton <[EMAIL PROTECTED]> wrote:
> > > >
> > > >
> > > >
> > > >
> > > >
> > >
> > > > I know we have these discussions every couple of months at least,
> but
> > here
> > > > goes:
> > > >
> > > >
> > > >
> > > > What are you guys using to monitor your networks so that you have an
> > answer
> > > > to the age-old user question of:
> > > >
> > > >
> > > >
> > > > "Why is everything running so slow?"
> > > >
> > > >
> > > >
> > > > I'm thinking of bandwidth usage first off, which I'm thinking PRTG
> to
> > > > monitor that.
> > > >
> > > >
> > > >
> > > > I guess I could run a Wireshark capture, to see if there's a massive
> > spike
> > > > in weird packets.
> > > >
> > > >
> > > >
> > > >
> > > >
> > > > Anything else that you guys could suggest?  I know someone had
> mentioned
> > > > they use Nagios, but that would require me to setup a Linux box
> first,
> > which
> > > > isn't that big a deal, other than piecing a box together…
> > > >
> > > >
> > > >
> > > > Any other ideas?
> > > >
> > > >
> > > >
> > > > I'd like to do this without a lot of cost if possible, just because
> I
> > hate
> > >
> > >
> > >
> > > > spending money…
> > > >
> > > >
> > > >
> > > >
> > > >
> > > >
> > > >
> > > >
> > > >
> > > >
> > >
> > > ~ Upgrade to Next Generation Antispam/Antivirus with Ninja!~
> > > ~ < http://www.sunbelt-software.com/SunbeltMessagingNinja.cfm>  ~
> > >
> >
> >
> >
> >
> >
> >
> >
> >
> >
> >
> >
>
> ~ Upgrade to Next Generation Antispam/Antivirus with Ninja!~
> ~   ~
>

~ Upgrade to Next Generation Antispam/Antivirus with Ninja!~
~   ~

Re: Network monitoring tools

[Kurt Buff]

Looks really dang cool.

No port for FreeBSD, though. Looks like the missing bit is spade.

Doesn't look as if any of the BSDs have it.

Well, I'm downloading the install ISO - I wonder what OS it installs.

On Jan 9, 2008 3:57 PM, Don Ely <[EMAIL PROTECTED]> wrote:
>
>  Go have a look at OSSIM...  ;o)  It has EVERYTHING
>
>
>
>
> On Jan 9, 2008 3:54 PM, Kurt Buff <[EMAIL PROTECTED]> wrote:
>
> > Another good tool for this kinda thing is ntop, but it must be
> > positioned correctly - you will most likely need a SPAN/mirror port in
> > your infrastructure, or else use the netflow or sflow plugins to get
> > reports from your routers/switches.
> >
> > Either way, it's extremely useful, as it doesn't merely measure
> > packets in/out of interfaces, it actually categorizes packets and
> > keeps track of top talkers, etc.
> >
> > Excellent for tracking down who is downloading that huge iso file, and
> > where it's coming from. Lets you ask more pointed questions, if
> > nothing else.
> >
> > Differentiates between tcp/udp/etc., and puts up some nice RRD graphics.
> >
> > Kurt
> >
> >
> > On Jan 9, 2008 2:28 PM, Joe Heaton <[EMAIL PROTECTED]> wrote:
> > >
> > >
> > >
> > >
> > >
> >
> > > I know we have these discussions every couple of months at least, but
> here
> > > goes:
> > >
> > >
> > >
> > > What are you guys using to monitor your networks so that you have an
> answer
> > > to the age-old user question of:
> > >
> > >
> > >
> > > "Why is everything running so slow?"
> > >
> > >
> > >
> > > I'm thinking of bandwidth usage first off, which I'm thinking PRTG to
> > > monitor that.
> > >
> > >
> > >
> > > I guess I could run a Wireshark capture, to see if there's a massive
> spike
> > > in weird packets.
> > >
> > >
> > >
> > >
> > >
> > > Anything else that you guys could suggest?  I know someone had mentioned
> > > they use Nagios, but that would require me to setup a Linux box first,
> which
> > > isn't that big a deal, other than piecing a box together…
> > >
> > >
> > >
> > > Any other ideas?
> > >
> > >
> > >
> > > I'd like to do this without a lot of cost if possible, just because I
> hate
> >
> >
> >
> > > spending money…
> > >
> > >
> > >
> > >
> > >
> > >
> > >
> > >
> > >
> > >
> >
> > ~ Upgrade to Next Generation Antispam/Antivirus with Ninja!~
> > ~ < http://www.sunbelt-software.com/SunbeltMessagingNinja.cfm>  ~
> >
>
>
>
>
>
>
>
>
>
>
>

~ Upgrade to Next Generation Antispam/Antivirus with Ninja!~
~   ~

Re: Network monitoring tools

[Don Ely]

Go have a look at OSSIM...  ;o)  It has EVERYTHING

On Jan 9, 2008 3:54 PM, Kurt Buff <[EMAIL PROTECTED]> wrote:

> Another good tool for this kinda thing is ntop, but it must be
> positioned correctly - you will most likely need a SPAN/mirror port in
> your infrastructure, or else use the netflow or sflow plugins to get
> reports from your routers/switches.
>
> Either way, it's extremely useful, as it doesn't merely measure
> packets in/out of interfaces, it actually categorizes packets and
> keeps track of top talkers, etc.
>
> Excellent for tracking down who is downloading that huge iso file, and
> where it's coming from. Lets you ask more pointed questions, if
> nothing else.
>
> Differentiates between tcp/udp/etc., and puts up some nice RRD graphics.
>
> Kurt
>
> On Jan 9, 2008 2:28 PM, Joe Heaton <[EMAIL PROTECTED]> wrote:
> >
> >
> >
> >
> >
> > I know we have these discussions every couple of months at least, but
> here
> > goes:
> >
> >
> >
> > What are you guys using to monitor your networks so that you have an
> answer
> > to the age-old user question of:
> >
> >
> >
> > "Why is everything running so slow?"
> >
> >
> >
> > I'm thinking of bandwidth usage first off, which I'm thinking PRTG to
> > monitor that.
> >
> >
> >
> > I guess I could run a Wireshark capture, to see if there's a massive
> spike
> > in weird packets.
> >
> >
> >
> >
> >
> > Anything else that you guys could suggest?  I know someone had mentioned
> > they use Nagios, but that would require me to setup a Linux box first,
> which
> > isn't that big a deal, other than piecing a box together…
> >
> >
> >
> > Any other ideas?
> >
> >
> >
> > I'd like to do this without a lot of cost if possible, just because I
> hate
>  > spending money…
> >
> >
> >
> >
> >
> >
> >
> >
> >
> >
>
> ~ Upgrade to Next Generation Antispam/Antivirus with Ninja!~
> ~   ~
>

~ Upgrade to Next Generation Antispam/Antivirus with Ninja!~
~   ~

Re: Network monitoring tools

[Kurt Buff]

Another good tool for this kinda thing is ntop, but it must be
positioned correctly - you will most likely need a SPAN/mirror port in
your infrastructure, or else use the netflow or sflow plugins to get
reports from your routers/switches.

Either way, it's extremely useful, as it doesn't merely measure
packets in/out of interfaces, it actually categorizes packets and
keeps track of top talkers, etc.

Excellent for tracking down who is downloading that huge iso file, and
where it's coming from. Lets you ask more pointed questions, if
nothing else.

Differentiates between tcp/udp/etc., and puts up some nice RRD graphics.

Kurt

On Jan 9, 2008 2:28 PM, Joe Heaton <[EMAIL PROTECTED]> wrote:
>
>
>
>
>
> I know we have these discussions every couple of months at least, but here
> goes:
>
>
>
> What are you guys using to monitor your networks so that you have an answer
> to the age-old user question of:
>
>
>
> "Why is everything running so slow?"
>
>
>
> I'm thinking of bandwidth usage first off, which I'm thinking PRTG to
> monitor that.
>
>
>
> I guess I could run a Wireshark capture, to see if there's a massive spike
> in weird packets.
>
>
>
>
>
> Anything else that you guys could suggest?  I know someone had mentioned
> they use Nagios, but that would require me to setup a Linux box first, which
> isn't that big a deal, other than piecing a box together…
>
>
>
> Any other ideas?
>
>
>
> I'd like to do this without a lot of cost if possible, just because I hate
> spending money…
>
>
>
>
>
>
>
>
>
>

~ Upgrade to Next Generation Antispam/Antivirus with Ninja!~
~   ~

RE: Network monitoring tools

[Louis, Joe]

I know allot of people like PRTG, but MRTG has been good to me.
Solarwinds has been better (paid like Fred said, but many more tools plus
live stats). Not really a good long term solution because of the size of the
accessdb files. They do have a big buck solution (Orion IIRC that did/does
scale well long term).
 
You mentioned Wireshark, I'd start there and see the kinds of traffic that
you are seeing. 
 
Not knowing the infrastructure you are speaking of makes answering kinda
vanilla. 

  _  

From: Fred Sawyer [mailto:[EMAIL PROTECTED] 
Sent: Wednesday, January 09, 2008 5:39 PM
To: NT System Admin Issues
Subject: RE: Network monitoring tools



For bandwidth I would take a look at Cacti http://www.cacti.net/
<http://www.cacti.net/> , it's free open ended and has both Linux and
Windows base solutions.  They have an older all in one installer if you dig
around on the forums.  Cacti can also be integrated with Nagios.  Their is
also MRTG http://oss.oetiker.ch/mrtg/ <http://oss.oetiker.ch/mrtg/>  for
bandwidth monitoring, although I personally find Cacti a bit friendlier as
it will dynamically update interface changes where MRTG needs to have the
config file re-run.
 
As far as paid for solutions Solarwinds offer up some good tools for live
time bandwidth monitoring per interface, 'Bandwidth Gauges' also has the
ability to pump out a html file if you want to post it up on a webpage.
They also have another useful tool called 'Router CPU Load' which will do
live time monitoring of CPU load, although it says router I have been able
to get it to monitor our Cisco Switches as well.  
 
If you are getting down to the bare wire with packet capturing looking for
malformed packets might as well build yourself a Snort box.  It's free minus
support and can run on either Linux or Windows.
 
Hope this helps, best of luck!

Thank you,



Fred Sawyer
CCNA, MCP
Network / Systems Engineer


  _  

From: Joe Heaton [mailto:[EMAIL PROTECTED] 
Sent: Wednesday, January 09, 2008 5:28 PM
To: NT System Admin Issues
Subject: Network monitoring tools




I know we have these discussions every couple of months at least, but here
goes:

 

What are you guys using to monitor your networks so that you have an answer
to the age-old user question of:

 

"Why is everything running so slow?"

 

I'm thinking of bandwidth usage first off, which I'm thinking PRTG to
monitor that.

 

I guess I could run a Wireshark capture, to see if there's a massive spike
in weird packets.

 

 

Anything else that you guys could suggest?  I know someone had mentioned
they use Nagios, but that would require me to setup a Linux box first, which
isn't that big a deal, other than piecing a box together...

 

Any other ideas?

 

I'd like to do this without a lot of cost if possible, just because I hate
spending money...





























~ Upgrade to Next Generation Antispam/Antivirus with Ninja!~
~ <http://www.sunbelt-software.com/SunbeltMessagingNinja.cfm>  ~

RE: Network monitoring tools

[Fred Sawyer]

For bandwidth I would take a look at Cacti http://www.cacti.net/, it's free 
open ended and has both Linux and Windows base solutions.  They have an older 
all in one installer if you dig around on the forums.  Cacti can also be 
integrated with Nagios.  Their is also MRTG http://oss.oetiker.ch/mrtg/ for 
bandwidth monitoring, although I personally find Cacti a bit friendlier as it 
will dynamically update interface changes where MRTG needs to have the config 
file re-run.

As far as paid for solutions Solarwinds offer up some good tools for live time 
bandwidth monitoring per interface, 'Bandwidth Gauges' also has the ability to 
pump out a html file if you want to post it up on a webpage.  They also have 
another useful tool called 'Router CPU Load' which will do live time monitoring 
of CPU load, although it says router I have been able to get it to monitor our 
Cisco Switches as well.

If you are getting down to the bare wire with packet capturing looking for 
malformed packets might as well build yourself a Snort box.  It's free minus 
support and can run on either Linux or Windows.

Hope this helps, best of luck!

Thank you,


Fred Sawyer
CCNA, MCP
Network / Systems Engineer


From: Joe Heaton [mailto:[EMAIL PROTECTED]
Sent: Wednesday, January 09, 2008 5:28 PM
To: NT System Admin Issues
Subject: Network monitoring tools


I know we have these discussions every couple of months at least, but here goes:

What are you guys using to monitor your networks so that you have an answer to 
the age-old user question of:

"Why is everything running so slow?"

I'm thinking of bandwidth usage first off, which I'm thinking PRTG to monitor 
that.

I guess I could run a Wireshark capture, to see if there's a massive spike in 
weird packets.


Anything else that you guys could suggest?  I know someone had mentioned they 
use Nagios, but that would require me to setup a Linux box first, which isn't 
that big a deal, other than piecing a box together...

Any other ideas?

I'd like to do this without a lot of cost if possible, just because I hate 
spending money...










~ Upgrade to Next Generation Antispam/Antivirus with Ninja!~
~   ~

RE: Network monitoring tools

[Andy Shook]

... = he said as he got his tweezers and unzipped his pants. 

 

Shook



From: Don Ely [mailto:[EMAIL PROTECTED] 
Sent: Wednesday, January 09, 2008 5:32 PM
To: NT System Admin Issues
Subject: Re: Network monitoring tools

 

 

Have a look at this...

 

http://www.ossim.net/

 



 

On Jan 9, 2008 2:28 PM, Joe Heaton <[EMAIL PROTECTED]> wrote:

 

I know we have these discussions every couple of months at least, but
here goes:

 

What are you guys using to monitor your networks so that you have an
answer to the age-old user question of:

 

"Why is everything running so slow?"

 

I'm thinking of bandwidth usage first off, which I'm thinking PRTG to
monitor that.

 

I guess I could run a Wireshark capture, to see if there's a massive
spike in weird packets.

 

 

Anything else that you guys could suggest?  I know someone had mentioned
they use Nagios, but that would require me to setup a Linux box first,
which isn't that big a deal, other than piecing a box together... 

 

Any other ideas?

 

I'd like to do this without a lot of cost if possible, just because I
hate spending money...

 






 


 






 


~ Upgrade to Next Generation Antispam/Antivirus with Ninja!~
~ <http://www.sunbelt-software.com/SunbeltMessagingNinja.cfm>  ~

Re: Network monitoring tools

[Don Ely]

Oh and it also comes in a VM Appliance...

On Jan 9, 2008 2:31 PM, Don Ely <[EMAIL PROTECTED]> wrote:

> Have a look at this...
>
> http://www.ossim.net/
>
>
>
>
>  On Jan 9, 2008 2:28 PM, Joe Heaton <[EMAIL PROTECTED]> wrote:
>
> >
> >  I know we have these discussions every couple of months at least, but
> > here goes:
> >
> >
> >
> > What are you guys using to monitor your networks so that you have an
> > answer to the age-old user question of:
> >
> >
> >
> > "Why is everything running so slow?"
> >
> >
> >
> > I'm thinking of bandwidth usage first off, which I'm thinking PRTG to
> > monitor that.
> >
> >
> >
> > I guess I could run a Wireshark capture, to see if there's a massive
> > spike in weird packets.
> >
> >
> >
> >
> >
> > Anything else that you guys could suggest?  I know someone had mentioned
> > they use Nagios, but that would require me to setup a Linux box first, which
> > isn't that big a deal, other than piecing a box together…
> >
> >
> >
> > Any other ideas?
> >
> >
> >
> > I'd like to do this without a lot of cost if possible, just because I
> > hate spending money…
> >
> >
> >
> >
> >
>

~ Upgrade to Next Generation Antispam/Antivirus with Ninja!~
~   ~

Re: Network monitoring tools

[Don Ely]

Have a look at this...

http://www.ossim.net/




On Jan 9, 2008 2:28 PM, Joe Heaton <[EMAIL PROTECTED]> wrote:

>
>  I know we have these discussions every couple of months at least, but
> here goes:
>
>
>
> What are you guys using to monitor your networks so that you have an
> answer to the age-old user question of:
>
>
>
> "Why is everything running so slow?"
>
>
>
> I'm thinking of bandwidth usage first off, which I'm thinking PRTG to
> monitor that.
>
>
>
> I guess I could run a Wireshark capture, to see if there's a massive spike
> in weird packets.
>
>
>
>
>
> Anything else that you guys could suggest?  I know someone had mentioned
> they use Nagios, but that would require me to setup a Linux box first, which
> isn't that big a deal, other than piecing a box together…
>
>
>
> Any other ideas?
>
>
>
> I'd like to do this without a lot of cost if possible, just because I hate
> spending money…
>
>
>
>
>

~ Upgrade to Next Generation Antispam/Antivirus with Ninja!~
~   ~

Re: Network monitoring tools

[Steve Ens]

We had an issue here with general PC slowness...it appears that the
Trend CSM for SMB was loading a spyware scanner at startup and that
caused PC's to take an extra few minutes to proces startup items.
Once we patched that, it sped things up considerably.  For bandwidth
monitoring, we're using the Sonicwall viewpoint software.

On Jan 9, 2008 4:28 PM, Joe Heaton <[EMAIL PROTECTED]> wrote:
>
>
>
>
>
> I know we have these discussions every couple of months at least, but here
> goes:
>
>
>
> What are you guys using to monitor your networks so that you have an answer
> to the age-old user question of:
>
>
>
> "Why is everything running so slow?"
>
>
>
> I'm thinking of bandwidth usage first off, which I'm thinking PRTG to
> monitor that.
>
>
>
> I guess I could run a Wireshark capture, to see if there's a massive spike
> in weird packets.
>
>
>
>
>
> Anything else that you guys could suggest?  I know someone had mentioned
> they use Nagios, but that would require me to setup a Linux box first, which
> isn't that big a deal, other than piecing a box together…
>
>
>
> Any other ideas?
>
>
>
> I'd like to do this without a lot of cost if possible, just because I hate
> spending money…
>
>
>
>
>
>
>
>
>
>

~ Upgrade to Next Generation Antispam/Antivirus with Ninja!~
~   ~