Network monitoring tool advice
Hey guys
I've installed Wireshark onto our secondary DC, however I'm not sure whether this appliation has been installed on the correct machine. I'm assuming that by installing it on this machine, it ONLY monitors the network traffic going in/out of that particular server and that's it? am I right or is it fine to install network monitoring applications on just any server as it will pick up the entire LAN?
We have four different gateways. What's the best way for me to monitor network traffic of our entire LAN?
Thanks
I've installed Wireshark onto our secondary DC, however I'm not sure whether this appliation has been installed on the correct machine. I'm assuming that by installing it on this machine, it ONLY monitors the network traffic going in/out of that particular server and that's it? am I right or is it fine to install network monitoring applications on just any server as it will pick up the entire LAN?
We have four different gateways. What's the best way for me to monitor network traffic of our entire LAN?
Thanks
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
depending what level of detail you are looking for and the type of network hardware, but Solarwinds Orion NPM is very good especially when combined with Netwflow for traffic type analysis
ASKER
Thanks for both of your inputs guy.
Well the way the systems are configured is such that everything is connected to our 48 port switches. From there, they're connected to our routers. Is it worth configuring a PC with like 4 LAN cards and then connecting each of those to the back of one router to monitor each LAN adapter for input/output of traffic?
Well the way the systems are configured is such that everything is connected to our 48 port switches. From there, they're connected to our routers. Is it worth configuring a PC with like 4 LAN cards and then connecting each of those to the back of one router to monitor each LAN adapter for input/output of traffic?
If you were to use WhatsUpGold or Orion you would have to configure it to store SNMP stats so you can see exactly what the traffic is doing.
Does your switch support NetFlow ? there are some NetFlow products Orion might support NetFlow that will traffic your packets very granular.
Depending on your firewall/router/gateway they sometimes have products that support reporting.
I know SonicWALL/CheckPoint have this feature.
Does your switch support NetFlow ? there are some NetFlow products Orion might support NetFlow that will traffic your packets very granular.
Depending on your firewall/router/gateway they sometimes have products that support reporting.
I know SonicWALL/CheckPoint have this feature.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
sounds like you want deep packet inspecting (sniffing) if you are using tools like wireshark.
if so, easiest way is to span (or rspan) to ports so a single destination and then you can use wireshark to collect all packets from your network.
BUT: this does depend on your network topology and hardware - i.e. it works well on flat layer 2 networks.
good explaination here:
http://www.cisco.com/en/US/products/hw/switches/ps708/products_tech_note09186a008015c612.shtml
if so, easiest way is to span (or rspan) to ports so a single destination and then you can use wireshark to collect all packets from your network.
BUT: this does depend on your network topology and hardware - i.e. it works well on flat layer 2 networks.
good explaination here:
http://www.cisco.com/en/US/products/hw/switches/ps708/products_tech_note09186a008015c612.shtml
ASKER
In the end, I've downloaded a tool called Capsa. It's free and is similar to the whatsupgold software. However, I have no clue about port-mirroring or enabling things on our 48 port switch.
All I know is that I've installed the software now onto the server and via its Local LAN Adapter, it has picked up almost everything, but I'm unsure as to whether this is the correct information it is picking up? Does this pick up information that is only between that server and the switch? As it does seem to be looking at all of the MAC addresses on the network.
If you have any ideas whether this is correct info, would help big time?
Thanks again
Yashy
network-monitoring.jpeg
All I know is that I've installed the software now onto the server and via its Local LAN Adapter, it has picked up almost everything, but I'm unsure as to whether this is the correct information it is picking up? Does this pick up information that is only between that server and the switch? As it does seem to be looking at all of the MAC addresses on the network.
If you have any ideas whether this is correct info, would help big time?
Thanks again
Yashy
network-monitoring.jpeg
ASKER
The switch I'm using is a 3COm 2948-SFP Plus if that helps. I haven't configured this switch in anyway in terms of its internal config.
it has a lovely interface very easy to use and its free for 365 days.
http://www.whatsupgold.com/
you can monitor 3 devices for free to start. At least you can see if this product suits before purchasing it.