Re: Network monitoring PC.

["WALI" <hkhasgiwale () gmail com>]

I use OpenSuse linux built where most if the things that you mentioned, 
wireshark, ntop, nmap etc, comes as inbuilt and only needs to be selected 
from the Yast,
rest of the rpm packages are also easy to install and run.
Give a try..you might not be disappointed and anyways, no windows should be 
a platform of choice for all monitoring and logging needs. Gives you an 
extra secure choice in casd all else fails.

Regards
----- Original Message ----- 
From: "Kurt Buff" <kurt.buff () gmail com>
To: "Nick Vaernhoej" <nick.vaernhoej () capitalcardservices com>
Cc: <security-basics () securityfocus com>
Sent: Saturday, November 03, 2007 3:01 AM
Subject: Re: Network monitoring PC.


> On 11/2/07, Nick Vaernhoej <nick.vaernhoej () capitalcardservices com> wrote:
> > Good afternoon,
> >
> > I am looking for ideas for software ideal for installation on a PC which
> > will be used for monitoring our LAN/WAN.
> > The WAN is over a MPLS circuit so nothing out of the ordinary needed for
> > monitoring.
> > The PC will be plugged into a mirrored port when needed, so what I am
> > thinking is a Linux build with ntop, wireshark/tcpdump and what else?
> > I am not opposed to a Windows install at all.
> > Just looking for ideas.
> > Single workstation, mirrored port, only monitoring, not mitigating or
> > actively scanning.
> >
> > Thank you and have a great weekend!
> >
> > Nick Vaernhoej
> > "Quidquid latine dictum sit, altum sonatur."
>
> This really depends on what set of things/conditions you're looking to 
> monitor.
>
> Bandwidth utilization/network health? ntop you've mentioned, but
> smokeping also comes to mind, though that is not a packet monitoring
> tool, per se, so doesn't need to sit on a span/mirror port.
>
> What else are you looking to get out of it?
>
> Intrusion detection? snort is useful