• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 630
  • Last Modified:

Network monitoring tool advice

Hey guys

I've installed Wireshark onto our secondary DC, however I'm not sure whether this appliation has been installed on the correct machine. I'm assuming that by installing it on this machine, it ONLY monitors the network traffic going in/out of that particular server and that's it? am I right or is it fine to install network monitoring applications on just any server as it will pick up the entire LAN?

We have four different gateways. What's the best way for me to monitor network traffic of our entire LAN?

Thanks
0
Yashy
Asked:
Yashy
  • 3
  • 2
  • 2
  • +1
2 Solutions
 
fluk3dCommented:
I'm assuming your LAN is a switched network therefor you will only pick up on the server you have the application running on.

Switches will break up broadcasts so you will not see every packet going in and out of your network. You mentioned you have four gateways if these gateways support packet capturing you can set it up with filers and what not depending what you want to monitor.

Depending on your switch setup you can also purchase a barracuda ethernet tap and setup your switch for port mirroing (be careful) a lot of traffic through one port can brign your network to a halt!

Have a look at these links,

http://www.youtube.com/watch?v=U6ZveV0nDpk

https://www.evilfingers.com/publications/howto_EN/HowTo%20-%20Use%20Packet%20Sniffers.pdf

http://www.barracudanetworks.com/tap/specs/Barracuda_Ethernet_Tap_QSG.pdf
0
 
JaoibhCommented:
I use a product named "whats up Gold" to monitor all the traffic on the network

it has a lovely interface very easy to use and its free for 365 days.
http://www.whatsupgold.com/

you can monitor 3 devices for free to start. At least you can see if this product suits before purchasing it.
0
 
nexxcCommented:
depending what level of detail you are looking for and the type of network hardware, but Solarwinds Orion NPM is very good especially when combined with Netwflow for traffic type analysis
0
Worried about phishing attacks?

90% of attacks start with a phish. It’s critical that IT admins and MSSPs have the right security in place to protect their end users from these phishing attacks. Check out our latest feature brief for tips and tricks to keep your employees off a hackers line!

 
YashyAuthor Commented:
Thanks for both of your inputs guy.

Well the way the systems are configured is such that everything is connected to our 48 port switches. From there, they're connected to our routers. Is it worth configuring a PC with like 4 LAN cards and then connecting each of those to the back of one router to monitor each LAN adapter for input/output of traffic?

0
 
fluk3dCommented:
If you were to use WhatsUpGold or Orion you would have to configure it to store SNMP stats so you can see exactly what the traffic is doing.

Does your switch support NetFlow ? there are some NetFlow products Orion might support NetFlow that will traffic your packets very granular.

Depending on your firewall/router/gateway they sometimes have products that support reporting.

I know SonicWALL/CheckPoint have this feature.
0
 
JaoibhCommented:
Hi Yashy, What you can do is monitor the Router and the switches using whatsupgold and it gives you a full break down
whatsupgold.JPG
0
 
nexxcCommented:
sounds like you want deep packet inspecting (sniffing) if you are using tools like wireshark.

if so, easiest way is to span (or rspan) to ports so a single destination and then you can use wireshark to collect all packets from your network.

BUT: this does depend on your network topology and hardware - i.e. it works well on flat layer 2 networks.

good explaination here:
http://www.cisco.com/en/US/products/hw/switches/ps708/products_tech_note09186a008015c612.shtml
0
 
YashyAuthor Commented:
In the end, I've downloaded a tool called Capsa. It's free and is similar to the whatsupgold software. However, I have no clue about port-mirroring or enabling things on our 48 port switch.

All I know is that I've installed the software now onto the server and via its Local LAN Adapter, it has picked up almost everything, but I'm unsure as to whether this is the correct information it is picking up? Does this pick up information that is only between that server and the switch? As it does seem to be looking at all of the MAC addresses on the network.

If you have any ideas whether this is correct info, would help big time?

Thanks again
Yashy
network-monitoring.jpeg
0
 
YashyAuthor Commented:
The switch I'm using is a 3COm 2948-SFP Plus if that helps. I haven't configured this switch in anyway in terms of its internal config.
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

Improve Your Query Performance Tuning

In this FREE six-day email course, you'll learn from Janis Griffin, Database Performance Evangelist. She'll teach 12 steps that you can use to optimize your queries as much as possible and see measurable results in your work. Get started today!

  • 3
  • 2
  • 2
  • +1
Tackle projects and never again get stuck behind a technical roadblock.
Join Now