Solved

How to monitor Internet (and email) traffic?

Posted on 2010-09-15
11
1,058 Views
Last Modified: 2012-05-10
Hi there,

We are a small company having two routers, which have static IP from T1 provider.  What is needed in order to monitor ALL http trafic?  Is it possible to get something (hardware and/or software) sitting on top of the two routers or individual router for such monitoring purpose?  

Our mail server is managed by an outside cotractor.  Is monitoring email in and out possible?

Thanks for the suggestions in advance.
0
Comment
Question by:asugri
11 Comments
 
LVL 12

Accepted Solution

by:
Chris Staunton earned 56 total points
ID: 33687908
MTRG can monitor traffic for you.  Just google MRTG and you'll find the link to the site with examples of what it can do for you.  MRTG can run under linux or even windows.
0
 
LVL 3

Assisted Solution

by:dr-evil
dr-evil earned 56 total points
ID: 33688380
what do u mean with "monitor all http trafic" ?
u wanna log every http-request made by your users?
0
 
LVL 76

Assisted Solution

by:arnold
arnold earned 56 total points
ID: 33688476
cacti.net is a more robust tool and could be simpler than dealing with MRTG configs.

Depending on the router and whether you are talking about setting up a transparent proxy with WCCP. i.e. any request to port 80 on either router will get transparently redirected to a proxy server.  the proxy server's logs can than be audited.
The distribution of the outgoing requests would have to be configured by assigning static routes on the proxy with two interfaces, or have a routing protocol/broadcast to direct the request to the correct device.
If you have two routers each with a different ISP. and they both provide a connection to a firewall that than feeds the LAN, the routing configuration among the routers and the firewall will handle the traffic distribution.

If you have a requirement to maintain copies of all incoming/outgoing emails, this has to be setup on the mailserver.
0
 
LVL 20

Assisted Solution

by:Silvers5
Silvers5 earned 56 total points
ID: 33688486
You need to monitor the bandwidth or intercept the traffic?
For interception you can use websense, while for traffic bandwidth MRTG is ok
0
 
LVL 25

Assisted Solution

by:madunix
madunix earned 165 total points
ID: 33689033
0
Free Trending Threat Insights Every Day

Enhance your security with threat intelligence from the web. Get trending threat insights on hackers, exploits, and suspicious IP addresses delivered to your inbox with our free Cyber Daily.

 
LVL 5

Assisted Solution

by:giovannicoa
giovannicoa earned 55 total points
ID: 33690380
Hi,

Use a proxy server for HTTP traffic monitoring and statistical reports.

For the HTTP part Endian Firewall can be the useful. It's also free.

What do you need to do is to Install Endian Firewall as you internet gateway and expose it with NAT to the internet. Configure the HTTP proxy section and make your workstations using the proxy for browsing the internet.
0
 
LVL 25

Assisted Solution

by:madunix
madunix earned 165 total points
ID: 33690596
beside squid i use sarg http://sarg.sourceforge.net/
Squid Analysis Report Generator is a tool that allow you to view "where" your users are going to on the Internet. I suggest that you use sarg for analyzing squid log files. Sarg will analyze the log file and generate the reports like access time, top downloads, etc.
0
 

Author Comment

by:asugri
ID: 33879865
All,  

Sorry not getting back to this issue for a while.   I need to digest a little bit regarding all the provided info.  Thanks.
0
 
LVL 25

Assisted Solution

by:madunix
madunix earned 165 total points
ID: 33886899
0
 

Assisted Solution

by:m76543
m76543 earned 56 total points
ID: 34612481
Essentially you need NTOP monitoring and POP3+SMTP proxy services.  NTOP will monitor specified links providing very indepth statistics of the traffic.

The two proxy services will allow you to monitor and A/V the mail incoming and outgoing.  In ENDIAN these are found under the tab "PROXY", for the NTOP go to tab "SERVICES" and then menu choice "Traffic Monitoring". I found that the default system did not allow me to get it to monitor the RED Internet interfaces, so I editing in Linux the file /etc/ntop/etc/ntop.conf to include the extra interfaces.
see here for more info on doing that.

All of these (and more) are provided in many community firewalls such as ENDIAN.
http://www.endian.com/en/community/overview/

ENDIAN community supports upto 4 interfaces, I would recommend:
2 you could assign for the Internet T1 connections (known as RED)
1 for the first internal router interface (known as GREEN)
1 for the second internal router interface (known as BLUE)

I expect you will need to define some routes as the Endian is in the "hub" of your links and routers.  Define the routes in tab "Network", menu "Routing", tab "Policy Routing".

You may find that there is no need to even use your two routers once the Endian goes in!  IF you wish to do that then us the "FIREWALL" tab to define all the rules.

cheers Michael
0
 

Author Comment

by:asugri
ID: 35380520
I don't have time to test out the suggestions.  Will try to visit this topic in the future.  Thank you all for the help.
0

Featured Post

Free Trending Threat Insights Every Day

Enhance your security with threat intelligence from the web. Get trending threat insights on hackers, exploits, and suspicious IP addresses delivered to your inbox with our free Cyber Daily.

Join & Write a Comment

Introduction We as admins face situation where we need to redirect websites to another. This may be required as a part of an upgrade keeping the old URL but website should be served from new URL. This document would brief you on different ways ca…
Load balancing is the method of dividing the total amount of work performed by one computer between two or more computers. Its aim is to get more work done in the same amount of time, ensuring that all the users get served faster.
Learn how to navigate the file tree with the shell. Use pwd to print the current working directory: Use ls to list a directory's contents: Use cd to change to a new directory: Use wildcards instead of typing out long directory names: Use ../ to move…
In this tutorial you'll learn about bandwidth monitoring with flows and packet sniffing with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're interested in additional methods for monitoring bandwidt…

759 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

21 Experts available now in Live!

Get 1:1 Help Now