?
Solved

Network monitoring tool advice

Posted on 2010-08-25
9
Medium Priority
?
625 Views
Last Modified: 2012-05-10
Hey guys

I've installed Wireshark onto our secondary DC, however I'm not sure whether this appliation has been installed on the correct machine. I'm assuming that by installing it on this machine, it ONLY monitors the network traffic going in/out of that particular server and that's it? am I right or is it fine to install network monitoring applications on just any server as it will pick up the entire LAN?

We have four different gateways. What's the best way for me to monitor network traffic of our entire LAN?

Thanks
0
Comment
Question by:Yashy
  • 3
  • 2
  • 2
  • +1
9 Comments
 
LVL 6

Accepted Solution

by:
fluk3d earned 1000 total points
ID: 33521702
I'm assuming your LAN is a switched network therefor you will only pick up on the server you have the application running on.

Switches will break up broadcasts so you will not see every packet going in and out of your network. You mentioned you have four gateways if these gateways support packet capturing you can set it up with filers and what not depending what you want to monitor.

Depending on your switch setup you can also purchase a barracuda ethernet tap and setup your switch for port mirroing (be careful) a lot of traffic through one port can brign your network to a halt!

Have a look at these links,

http://www.youtube.com/watch?v=U6ZveV0nDpk

https://www.evilfingers.com/publications/howto_EN/HowTo%20-%20Use%20Packet%20Sniffers.pdf

http://www.barracudanetworks.com/tap/specs/Barracuda_Ethernet_Tap_QSG.pdf
0
 
LVL 3

Expert Comment

by:Jaoibh
ID: 33521791
I use a product named "whats up Gold" to monitor all the traffic on the network

it has a lovely interface very easy to use and its free for 365 days.
http://www.whatsupgold.com/

you can monitor 3 devices for free to start. At least you can see if this product suits before purchasing it.
0
 

Expert Comment

by:nexxc
ID: 33522476
depending what level of detail you are looking for and the type of network hardware, but Solarwinds Orion NPM is very good especially when combined with Netwflow for traffic type analysis
0
Automating Your MSP Business

The road to profitability.
Delivering superior services is key to ensuring customer satisfaction and the consequent long-term relationships that enable MSPs to lock in predictable, recurring revenue. What's the best way to deliver superior service? One word: automation.

 
LVL 1

Author Comment

by:Yashy
ID: 33522516
Thanks for both of your inputs guy.

Well the way the systems are configured is such that everything is connected to our 48 port switches. From there, they're connected to our routers. Is it worth configuring a PC with like 4 LAN cards and then connecting each of those to the back of one router to monitor each LAN adapter for input/output of traffic?

0
 
LVL 6

Expert Comment

by:fluk3d
ID: 33522570
If you were to use WhatsUpGold or Orion you would have to configure it to store SNMP stats so you can see exactly what the traffic is doing.

Does your switch support NetFlow ? there are some NetFlow products Orion might support NetFlow that will traffic your packets very granular.

Depending on your firewall/router/gateway they sometimes have products that support reporting.

I know SonicWALL/CheckPoint have this feature.
0
 
LVL 3

Assisted Solution

by:Jaoibh
Jaoibh earned 1000 total points
ID: 33522592
Hi Yashy, What you can do is monitor the Router and the switches using whatsupgold and it gives you a full break down
whatsupgold.JPG
0
 

Expert Comment

by:nexxc
ID: 33522848
sounds like you want deep packet inspecting (sniffing) if you are using tools like wireshark.

if so, easiest way is to span (or rspan) to ports so a single destination and then you can use wireshark to collect all packets from your network.

BUT: this does depend on your network topology and hardware - i.e. it works well on flat layer 2 networks.

good explaination here:
http://www.cisco.com/en/US/products/hw/switches/ps708/products_tech_note09186a008015c612.shtml
0
 
LVL 1

Author Comment

by:Yashy
ID: 33523806
In the end, I've downloaded a tool called Capsa. It's free and is similar to the whatsupgold software. However, I have no clue about port-mirroring or enabling things on our 48 port switch.

All I know is that I've installed the software now onto the server and via its Local LAN Adapter, it has picked up almost everything, but I'm unsure as to whether this is the correct information it is picking up? Does this pick up information that is only between that server and the switch? As it does seem to be looking at all of the MAC addresses on the network.

If you have any ideas whether this is correct info, would help big time?

Thanks again
Yashy
network-monitoring.jpeg
0
 
LVL 1

Author Comment

by:Yashy
ID: 33524044
The switch I'm using is a 3COm 2948-SFP Plus if that helps. I haven't configured this switch in anyway in terms of its internal config.
0

Featured Post

 The Evil-ution of Network Security Threats

What are the hacks that forever changed the security industry? To answer that question, we created an exciting new eBook that takes you on a trip through hacking history. It explores the top hacks from the 80s to 2010s, why they mattered, and how the security industry responded.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Quality of Service (QoS) options are nearly endless when it comes to networks today. This article is merely one example of how it can be handled in a hub-n-spoke design using a 3-tier configuration.
I'm a big fan of Windows' offline folder caching and have used it on my laptops for over a decade.  One thing I don't like about it, however, is how difficult Microsoft has made it for the cache to be moved out of the Windows folder.  Here's how to …
If you're a developer or IT admin, you’re probably tasked with managing multiple websites, servers, applications, and levels of security on a daily basis. While this can be extremely time consuming, it can also be frustrating when systems aren't wor…
NetCrunch network monitor is a highly extensive platform for network monitoring and alert generation. In this video you'll see a live demo of NetCrunch with most notable features explained in a walk-through manner. You'll also get to know the philos…
Suggested Courses

850 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question