Solved

net traffic analyzer for linux firewall needed - looking for software suggestions

Posted on 2002-04-29
8
277 Views
Last Modified: 2013-11-16
net traffic analyzer for linux firewall needed - looking for software suggestions

Here is what I'm looking for:
A tiny console tool which dynamically shows all incoming nettraffic.

Here is what I want to improve:
A linux firewall (SuSE 7.3) with tools like (tail -f /var/log/firewall and iptraf [from Gerard Paul Java])

Any software suggestions ?
What experience did you make ? and with wich software ?

Thanks for your help

mathias



0
Comment
Question by:mfuerlinger
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
  • 2
  • 2
  • +2
8 Comments
 
LVL 51

Expert Comment

by:ahoffmann
ID: 6978353
0
 
LVL 79

Expert Comment

by:lrmoore
ID: 6980363
try the man pages for tcpdump. If you don't have it, it is freely available.
0
 
LVL 40

Expert Comment

by:jlevie
ID: 6980455
I find that ntop (http://www.ntop.org) is a very nice traffic analyzer for networks in general. You can monitor overall traffic as well as see statistics relating to a single host, like who they are talking to and how much data is assocaited with a connection.
0
Surfing Is Meant To Be Done Outdoors

Featuring its rugged IP67 compliant exterior and delivering broad, fast, and reliable Wi-Fi coverage, the AP322 is the ideal solution for the outdoors. Manage this AP with either a Firebox as a gateway controller, or with the Wi-Fi Cloud for an expanded set of management features

 
LVL 1

Author Comment

by:mfuerlinger
ID: 6982101
hi Irmoore
, tried 'tcpdump' before but got stuck somewhere in the manual.
trying again...more precise:
searching a way to report all unknown incomming nettraffic except port 80 on the firewals eth0 dynamically on stdout.
Did not find a really helpfull expression and/or switch in 'tcpdump' yet.
...


salut ahoffmann
just downloaded mrtg2.9.18pre9 - hold on.
...
0
 
LVL 79

Expert Comment

by:lrmoore
ID: 6982131
Try Ethereal as an alternative. It might be easier to set filters.
http://www.ethereal.com/download.html

What do you have in front of the firewall for a router? If it is a Cisco router, you can setup access-lists to send all that traffic off to a syslog server..
0
 
LVL 51

Expert Comment

by:ahoffmann
ID: 6982203
hmm, seems that you need to clarify what you want to see:
   a) just packet headers
   b) packet content
   c) data streams (packets belonging/related to a connection)
   d) statistics about traffic (that's what I assumed according to the question)

for a) and b) go with tcpdump, or ethereal if you know how to use a mouse
for c) ethereal might be the better choice, there are some more of such programs
0
 
LVL 1

Accepted Solution

by:
smisk earned 100 total points
ID: 7057379
Try this for tcpdump :

tcpdump -x -X -i eth0 'dst 192.168.0.10 and dst port not 80 and src net not 192.168.0.0/24'

Where the following applies :

192.168.0.10 : firewall that you want to monitor.
80 : http port.
192.168.0.0/24 : subnet on which to allow incoming traffic from w/out printing to stdout.  use this if you have some trusted hosts on a network (you said all "unkown incoming traffic").

Also, if you're doing this over an ssh connection you probably want to add 'and host not my.ip.address' so your ssh connection doesn't flood the screen.

tcpdump has a lot of really great features.  Check the man pages for more useful options (ie, 'tcp' if you only want to see tcp traffic).

Steve
0
 
LVL 1

Author Comment

by:mfuerlinger
ID: 8101791
Finally to finish this question.
0

Featured Post

Free Tool: SSL Checker

Scans your site and returns information about your SSL implementation and certificate. Helpful for debugging and validating your SSL configuration.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Can not open an anonymous level security token 2 67
Report to police 8 46
MFA in Azure for a hybrid org 2 45
80072efd error while checking for updates. 20 52
Ransomware is a malware that is again in the list of security  concerns. Not only for companies, but also for Government security and  even at personal use. IT departments should be aware and have the right  knowledge to how to fight it.
Smart phones, smart watches, Bluetooth-connected devices—the IoT is all around us. In this article, we take a look at the security implications of our highly connected world.
Sending a Secure fax is easy with eFax Corporate (http://www.enterprise.efax.com). First, just open a new email message. In the To field, type your recipient's fax number @efaxsend.com. You can even send a secure international fax — just include t…
The Email Laundry PDF encryption service allows companies to send confidential encrypted  emails to anybody. The PDF document can also contain attachments that are embedded in the encrypted PDF. The password is randomly generated by The Email Laundr…

726 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question