Network Monitor

Hi All,

Here's the scoop. Through some form of hacking some script kitty was able to determine that administrator password for our network. Aside from applying some tighter security measures I'm looking for some extra help. (When the boss is worried it means he won't give a 2nd thought to pitching in some money to solve a problem.)

I'm mainly a Novell Shop, but I've got Windows Servers as well. We run BorderManager for our proxy and SurfControl as a web filter. Other than http that goes through the proxy I've got no way of knowing what kind of traffic is going on on the network.

Here is my 2 part question:

I'd like to get a network monitor of some sort, be it hardware or software that will monitor all (or at least most) types of network traffic. I'd be great if it had a way to block that traffic as well but that's not required. I've also "heard" of products that will let you pretty much view what that traffic is in plain text. I've heard of Sniffer, Nessus, etc but they're a bit over my head as far as turning the results that I get from them into something that I can use. I'd love a set it and forget it solution. Any recommendations?

The second part is are network monitors effective. It seems that most programs can be moved to run over http which would make it harder attract attention on a log. Thoughts?

Thanks in advance.
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Rich RumbleSecurity SamuraiCommented:
IDS are effective warning tools, and an IDS such as Snort can be used to trigger firewall updates with a program like SnortSam.
Snort also has "in-line" mode that can make snort act like snortsam does, however I think snortsam has some destinct advantages.
Traffic monitors etc... Ethereal/Tcpdump are sniffers that allow you to see traffic in plain-text, and basically that's what an IDS does, sniff the traffic and alert you based on signatures and other critera when met. Snort has a few added engines that allow it to reassemble streams and connections in ways that most sniffers don't, such as an FTP engine (preprocessor) that can uncompress ftp streams and examine the data in them, and in some cases there are preprocessors to decrypt other streams.

Ntop is a good program to help you catagoize, and gather statistics for protocols being used on your lan, however there is no substitute for a good "flow manager" such as Nflow (a free windows version is here: ) nProbe from ntop is very good

Then you can also use Cacti, or someother MRTG/RRDtool front end to graph your interfaces (switch and router ports) bandwidth usage, as well as CPU etc...

Security isn't a product, it's a process. So you have to keep up with adding the latest snort sig's and checking the alerts if they aren't automatically sent to you, you also have to weed out the false positives and remove some signatures you may not need or want.


Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
I didn't see you mention anything about a firewall.  You should invest in a good firewall such as: (Microsoft ISA, Symantec Sygate, Checkpoint, etc.).  Most firewalls allow you to monitor your network traffic and/or block access to vulnerable ports.  If you are mostly looking for a network monitoring tool then I suggest GFI LANGuard (, it is pretty intuitive and should help you get down to the nitty gritty of your network.  Another good product is Computer Associates Unicenter TNG.  

Hope this helps!
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today

From novice to tech pro — start learning today.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.