Security Basics mailing list archives

Re: Bandwidth monitor/management

From: "Paul Halliday" <paul.halliday () gmail com>
Date: Mon, 3 Apr 2006 21:10:29 -0300

You might want to look into using NetFlow. You can export flows from a
router or mimic the flow records with an instance of something like
fprobe running on a UNIX machine:

http://fprobe.sourceforge.net/

The later is typically connected to a TAP or span port.

You can then use flow-tools to extract the data you need:

http://www.splintered.net/sw/flow-tools/

There is also a nice package that webifies the process (has graphs too):

http://ensight.eos.nasa.gov/FlowViewer/

It is trivial to maintain years of data NetFlow.

On 3/31/06, Keenan Smith <kc_smith () clark net> wrote:

Since a discussion on MRTG is ongoing, my reading of the docs indicate that
it has to be pointed at an SNMP host to work properly.

I was looking for something that simply monitored net traffic and reported
on load, utilization, etc.

Am I misunderstanding what MRTG does or just net monitoring in general?

Thanks in advance
Keenan Smith

-----Original Message-----
From: Gettin Phunky [mailto:phunkodelic () gmail com]
Sent: Friday, March 31, 2006 9:52 AM
To: craig () codestorm org
Cc: security-basics () securityfocus com
Subject: Re: Bandwidth monitor/management


We use MRTG too.  Easy to setup and opensource.  Can use it to monitor all
kinds of stuff.

On 3/29/06, Craig Van Tassle <craig () codestorm org> wrote:

On Tue, March 28, 2006 11:28 pm, anon () somefin de wrote:

I hope this is the right list to post this. we are looking for
hardware bandwidth monitoring/management solution. Has any of you
have experince with that ? Another thing i want to know is in which
sceneario a hardware bandwidth solution should be deployed? ie it
should be deployed after or before the firewall in the network or it
should be deployed in the lan ? any inputs are appreciated. Thanks
in advance.


Well it all depends on what exacly you are watching for? You are
looking to see what is going in/out from the lan to the internet or
howmuch traffic is being stopped from your firewall.  It all depends
really on waht exacly you want to do.


----------------------------------------------------------------------
-----
EARN A MASTER OF SCIENCE IN INFORMATION ASSURANCE - ONLINE
The Norwich University program offers unparalleled Infosec management
education and the case study affords you unmatched consulting experience.
Tailor your education to your own professional goals with degree
customizations including Emergency Management, Business Continuity

Planning,

Computer Emergency Response Teams, and Digital Investigations.

http://www.msia.norwich.edu/secfocus
----------------------------------------------------------------------
-----


---------------------------------------------------------------------------
EARN A MASTER OF SCIENCE IN INFORMATION ASSURANCE - ONLINE
The Norwich University program offers unparalleled Infosec management
education and the case study affords you unmatched consulting experience.
Tailor your education to your own professional goals with degree
customizations including Emergency Management, Business Continuity Planning,

Computer Emergency Response Teams, and Digital Investigations.

http://www.msia.norwich.edu/secfocus
---------------------------------------------------------------------------


---------------------------------------------------------------------------
EARN A MASTER OF SCIENCE IN INFORMATION ASSURANCE - ONLINE
The Norwich University program offers unparalleled Infosec management
education and the case study affords you unmatched consulting experience.
Tailor your education to your own professional goals with degree
customizations including Emergency Management, Business Continuity Planning,
Computer Emergency Response Teams, and Digital Investigations.

http://www.msia.norwich.edu/secfocus
---------------------------------------------------------------------------


---------------------------------------------------------------------------
EARN A MASTER OF SCIENCE IN INFORMATION ASSURANCE - ONLINE
The Norwich University program offers unparalleled Infosec management
education and the case study affords you unmatched consulting experience.
Tailor your education to your own professional goals with degree
customizations including Emergency Management, Business Continuity Planning,
Computer Emergency Response Teams, and Digital Investigations.

http://www.msia.norwich.edu/secfocus
---------------------------------------------------------------------------

Current thread:

Re: Re: Bandwidth monitor/management nedsonconde (Apr 03)
- <Possible follow-ups>
- RE: Bandwidth monitor/management Charles Hammett (Apr 03)
- RE: Bandwidth monitor/management Keenan Smith (Apr 03)
  - RE: Bandwidth monitor/management Craig Van Tassle (Apr 03)
  - RE: Bandwidth monitor/management David Gillett (Apr 03)
  - RE: Bandwidth monitor/management Burton Strauss (Apr 03)
  - Re: Bandwidth monitor/management Paul Halliday (Apr 04)
- RE: Bandwidth monitor/management Brian Bemis (Apr 03)
- Re: Re: Bandwidth monitor/management molshoop (Apr 03)
- Re: Bandwidth monitor/management Peter Morgan (Apr 03)
  - RE: Bandwidth monitor/management Jennifer Jabbusch (jj) (Apr 04)