bergquistcompany
asked on
Tools Network Admins can't live without
Taking a poll of tools freeware, shareware, opensource that other network admins can't live without? What do you often use?
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
If you are real good with Wireshark and what to look at a specific host then Wireshark should work.
However, say you want to monitor traffic for an hour or two in a network that is super busy. NTOP saves the information into a database and has bunch of charts and reports that are ready to go. Now, NTOP does not give you a packet capture, so if you want to see what is in a packet, Wireshark is the way to go.
NTOP can give reports based on:
"protocol" (like HTTP vs. telnet, vs. ssh, vs. ftp control)
between two specific hosts
to or from a specific host
time period
total traffic
It takes a bit more work to setup NTOP and you have to either get netflow data, sflow data, or be able to see all traffic you want to monitor.
But you have to be able to see all traffic you want to monitor with Wireshark. So if you can use Wireshark you can use NTOP.
NTOP does run best under Linux. I think there is a binary for Windows, but it did have some limitations.
Here are a couple links with a few sample reports shown. The first one is a report for a specific host. The second one is more generic information.
http://www.ntopsupport.com/192.168.42.35.html
http://www.cyberciti.biz/faq/debian-ubuntu-install-ntop-network-traffic-monitoring-software/
However, say you want to monitor traffic for an hour or two in a network that is super busy. NTOP saves the information into a database and has bunch of charts and reports that are ready to go. Now, NTOP does not give you a packet capture, so if you want to see what is in a packet, Wireshark is the way to go.
NTOP can give reports based on:
"protocol" (like HTTP vs. telnet, vs. ssh, vs. ftp control)
between two specific hosts
to or from a specific host
time period
total traffic
It takes a bit more work to setup NTOP and you have to either get netflow data, sflow data, or be able to see all traffic you want to monitor.
But you have to be able to see all traffic you want to monitor with Wireshark. So if you can use Wireshark you can use NTOP.
NTOP does run best under Linux. I think there is a binary for Windows, but it did have some limitations.
Here are a couple links with a few sample reports shown. The first one is a report for a specific host. The second one is more generic information.
http://www.ntopsupport.com/192.168.42.35.html
http://www.cyberciti.biz/faq/debian-ubuntu-install-ntop-network-traffic-monitoring-software/
ASKER
great tips thanks!
Thanks and I just realized I forgot the #1 tool you need, Experts Exchange.
ASKER
That one I DO know which is why I started here
ASKER
For NTOP does this provide better or maybe quicker access to what is using network bandwidth over sifting through wireshark?