New on LowEndTalk? Please Register and read our Community Rules.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
[Suspect traffic] OpenSource Network Monitoring Tools
Hello Internet,
i would like to know what Networkmonitoring-Tools you like as most. I did already test many many years ago Nagios and want to start with with monitoring on all my machines again.
What do you think? What is the most efficent way to monitor all you machines for suspect traffic at the moment?
I think i will try one from this here:
Icinga 2,
Nagios,
Observium
or Zabbix
and on Windows maybe Spiceworks...
Comments
Please elaborate. Unless you setup port mirroring on your switches you won't be able to tell what kind of traffic your servers are sending/receiving. If you're just looking for bandwidth/network statistics then I recommend Observium hands down. If you need to monitor the type of traffic on your servers then I don't really have any recommendation besides manually reviewing the traffic with something like Wireshark or tcpdump.
If you don't need to keep the history of flow data take a look at ntopng. It can do netflow, real time capture via port mirroring and other nifty things.
Haven't used it but snort seems to be something to look into if you want to automatically detect suspicious traffic. Beyond that i can only second tcpdump and maybe iftop to get a general overview of whats going on.
Problem with snort is the current stable version isn't multi-threaded and if you have a lot of traffic to analyze then it will overload a core fast. Besides, doing traffic analysis for several gbps isn't currently an easy task (with snort at least).
This or flow export and some good analyser.
As first and will buy a switch with port mirroing for my homenetwork. After that i will connect this port to the monitoring server.
What LowEnd-Router does have the best build in monitoring features checking suspect traffic? The cheapest are TP-Link and Netgear devices, but i am a bit sceptic about this brands.
As far as low end is concerned why not build your own. Not sure how that scales but you can run as much monitoring on it as you like.
I don't know of any routers that have built in DPI. The only solution I know of that includes that would be the Ubiquiti switches with a Ubiquiti UniFi Security Gateway for about $200.
Pfsense does dpi and can run on fairly low muscle systems. But you need to bring your own hardware and wifi support is meh.
Yup and Cisco does it on their Meraki brand. But it's pretty expensive
OpenWRT has port mirroring
do you know ntop alternative? with focus&emphasis on network , i really like it since pre ng and dual license
zabbix&nagios seems overkill for me (only want to monitor the traffic, not server,service,etc)
i just know that, do you mean this?
https://github.com/mmaraya/port-mirroring
seems on some ath only
"port-mirroring runs on all hardware platforms supported by OpenWrt."
you need to compile it
Nothing free, sorry. The others I used are SolarWinds and Ubiquiti stuff.
Mikrotik RouterOS can do active port mirroring. Mirror to a machine with ntopng and you've got yourself a great, cheap solution.
When I worked at the ISP - we used Cacti. It is not the most functional, but it can easily be customized
Cacti doesn't do dpi.