Full Disclosure mailing list archives
Re: Considering nSight, any opinions?
From: Jason Heschel <jason.heschel () gmail com>
Date: Thu, 28 Jul 2005 11:18:44 -0400
Jon, Actually ntop is what we're trying to move off of. It's a great tool, but we needed more data and more flexibility. We looked at Q1Labs QRadar as well, but couldn't afford it. nSight appears to be somewhere in the middle. On 7/28/05, Jon Dossey <JDossey () deltahealthgroup com> wrote:
Hi list, I tried sending this to a SecurityFocus list but I think everyone's at Blackhat or something. :) We've spent the last few weeks evaluating nSight (www.intrusense.com). It's been very helpful in identifying exactly what, when and who is eatting up all of our internal network bandwdith as well expose some 'strange' internal network behavior which was causing some intermittent problems with our Windows hosts. Anyways, we're now considering making a purchase. I'm curious to hear any opinions, problems or praise people have for this software. Does it scale well? It seems to collect a lot of information. How does it perform after collecting several months worth of data? -jasonI'm a big fan of NTOP (http://www.ntop.org) personally. Just span some ports on a core switch, setup your netflows, and watch the fireworks. Great piece of software. Just need to remember the PF_RING kernel patch if you're capturing a significant amount of traffic. .jon
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- Considering nSight, any opinions? Jason Heschel (Jul 28)
- Re: Considering nSight, any opinions? J.A. Terranson (Jul 28)
- <Possible follow-ups>
- Re: Considering nSight, any opinions? Jason Heschel (Jul 28)
- RE: Considering nSight, any opinions? Darrin Maidlow (Jul 29)