Solved

Network monitoring tool advice

Posted on 2010-08-25
9
610 Views
Last Modified: 2012-05-10
Hey guys

I've installed Wireshark onto our secondary DC, however I'm not sure whether this appliation has been installed on the correct machine. I'm assuming that by installing it on this machine, it ONLY monitors the network traffic going in/out of that particular server and that's it? am I right or is it fine to install network monitoring applications on just any server as it will pick up the entire LAN?

We have four different gateways. What's the best way for me to monitor network traffic of our entire LAN?

Thanks
0
Comment
Question by:Yashy
  • 3
  • 2
  • 2
  • +1
9 Comments
 
LVL 6

Accepted Solution

by:
fluk3d earned 250 total points
ID: 33521702
I'm assuming your LAN is a switched network therefor you will only pick up on the server you have the application running on.

Switches will break up broadcasts so you will not see every packet going in and out of your network. You mentioned you have four gateways if these gateways support packet capturing you can set it up with filers and what not depending what you want to monitor.

Depending on your switch setup you can also purchase a barracuda ethernet tap and setup your switch for port mirroing (be careful) a lot of traffic through one port can brign your network to a halt!

Have a look at these links,

http://www.youtube.com/watch?v=U6ZveV0nDpk

https://www.evilfingers.com/publications/howto_EN/HowTo%20-%20Use%20Packet%20Sniffers.pdf

http://www.barracudanetworks.com/tap/specs/Barracuda_Ethernet_Tap_QSG.pdf
0
 
LVL 3

Expert Comment

by:Jaoibh
ID: 33521791
I use a product named "whats up Gold" to monitor all the traffic on the network

it has a lovely interface very easy to use and its free for 365 days.
http://www.whatsupgold.com/

you can monitor 3 devices for free to start. At least you can see if this product suits before purchasing it.
0
 

Expert Comment

by:nexxc
ID: 33522476
depending what level of detail you are looking for and the type of network hardware, but Solarwinds Orion NPM is very good especially when combined with Netwflow for traffic type analysis
0
Microsoft Certification Exam 74-409

Veeam® is happy to provide the Microsoft community with a study guide prepared by MVP and MCT, Orin Thomas. This guide will take you through each of the exam objectives, helping you to prepare for and pass the examination.

 
LVL 1

Author Comment

by:Yashy
ID: 33522516
Thanks for both of your inputs guy.

Well the way the systems are configured is such that everything is connected to our 48 port switches. From there, they're connected to our routers. Is it worth configuring a PC with like 4 LAN cards and then connecting each of those to the back of one router to monitor each LAN adapter for input/output of traffic?

0
 
LVL 6

Expert Comment

by:fluk3d
ID: 33522570
If you were to use WhatsUpGold or Orion you would have to configure it to store SNMP stats so you can see exactly what the traffic is doing.

Does your switch support NetFlow ? there are some NetFlow products Orion might support NetFlow that will traffic your packets very granular.

Depending on your firewall/router/gateway they sometimes have products that support reporting.

I know SonicWALL/CheckPoint have this feature.
0
 
LVL 3

Assisted Solution

by:Jaoibh
Jaoibh earned 250 total points
ID: 33522592
Hi Yashy, What you can do is monitor the Router and the switches using whatsupgold and it gives you a full break down
whatsupgold.JPG
0
 

Expert Comment

by:nexxc
ID: 33522848
sounds like you want deep packet inspecting (sniffing) if you are using tools like wireshark.

if so, easiest way is to span (or rspan) to ports so a single destination and then you can use wireshark to collect all packets from your network.

BUT: this does depend on your network topology and hardware - i.e. it works well on flat layer 2 networks.

good explaination here:
http://www.cisco.com/en/US/products/hw/switches/ps708/products_tech_note09186a008015c612.shtml
0
 
LVL 1

Author Comment

by:Yashy
ID: 33523806
In the end, I've downloaded a tool called Capsa. It's free and is similar to the whatsupgold software. However, I have no clue about port-mirroring or enabling things on our 48 port switch.

All I know is that I've installed the software now onto the server and via its Local LAN Adapter, it has picked up almost everything, but I'm unsure as to whether this is the correct information it is picking up? Does this pick up information that is only between that server and the switch? As it does seem to be looking at all of the MAC addresses on the network.

If you have any ideas whether this is correct info, would help big time?

Thanks again
Yashy
network-monitoring.jpeg
0
 
LVL 1

Author Comment

by:Yashy
ID: 33524044
The switch I'm using is a 3COm 2948-SFP Plus if that helps. I haven't configured this switch in anyway in terms of its internal config.
0

Featured Post

Windows Server 2016: All you need to know

Learn about Hyper-V features that increase functionality and usability of Microsoft Windows Server 2016. Also, throughout this eBook, you’ll find some basic PowerShell examples that will help you leverage the scripts in your environments!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
ADMT Intra Forest migration questions 7 169
VM networking best practice and design consideration ? 14 82
Internet monitoring software 5 34
Configuring local auth. list 1 21
Quality of Service (QoS) options are nearly endless when it comes to networks today. This article is merely one example of how it can be handled in a hub-n-spoke design using a 3-tier configuration.
I'm a big fan of Windows' offline folder caching and have used it on my laptops for over a decade.  One thing I don't like about it, however, is how difficult Microsoft has made it for the cache to be moved out of the Windows folder.  Here's how to …
Get a first impression of how PRTG looks and learn how it works.   This video is a short introduction to PRTG, as an initial overview or as a quick start for new PRTG users.
In this tutorial you'll learn about bandwidth monitoring with flows and packet sniffing with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're interested in additional methods for monitoring bandwidt…

816 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

12 Experts available now in Live!

Get 1:1 Help Now