Link to home
Start Free TrialLog in
Avatar of yodaa
yodaa

asked on

Sonicwall Traffic

Guys

Any idea how can I monitor incoming  traffic on sonicwall Tz215  ?
Avatar of bbao
bbao
Flag of Australia image

check Connectiob Monitor under Dashboard.

see details here: http://goo.gl/14hcKR
What do you mean, "monitor incoming traffic"?

This is a very broad question, what specifically are you trying to look at?
Avatar of yodaa
yodaa

ASKER

I would like to see real live incoming traffic from all IP's in my lan
Avatar of yodaa

ASKER

Also what does it mean ?

Tx  Rx Tx Pkts Rx Pkts ?

thanks
If you want to capture/analyze/watch ALL network traffic, I'd suggest using Wireshark and specify the capture filter for multiple IP addresses:

Don't use 'and' as that will only capture packets where all conditions are fulfilled, which will never be the case (think about the src ip and dst ip of a packet!).

Please use 'or' instead.

If you want to capture a whole network, your must use 'net' commands instead of 'host'

For example:    net 10.128.0.0/24 or net 10.129.0.0/24 or host 10.1.2.3 or host 10.2.3.4
--
You really should look at this page for Wireshark Capture Filters:

https://wiki.wireshark.org/CaptureFilters

--

As for your abbreviations:

Tx - Transmit

Rx - Receive
> Tx  Rx Tx Pkts Rx Pkts ?

TX: Transmit in Bytes
Rx: Receive in Bytes
Tx Pkts: Transmit in Packets
Rx Pkts: Receive in Packets

check the Filtering Connections Viewed section of http://goo.gl/14hcKR to learn how monitor against give IPs.
Try the Real-Time Monitor in the Dashboard.
You can also check Log - Reports bandwidth by IP
Real-Time-Monitor.jpg
Bandwidth-by-IP-Log.jpg
Avatar of yodaa

ASKER

Okay thank you

Question.

I see a lot of connections but how should I know which one are malicious  and which one are not ?
For example 191.232.139.254  http://191.232.139.254.ipaddress.com/ good? bad?
> how should I know which one are malicious and which one are not ?

it depends on how familar you are with the normal traffic. :) anything unusual could be suspicious or malicious.

you can't judge a single IP that way by checking its owner though it might be helpful (especially when the owner is not an ISP or a cloud provider such as Amazon or Microsoft).

if the IP belongs to an ISP or a cloud provider, you can't determine it is good or bad even the owner is a big name like Microsoft, because someone may create a VM in the cloud to hack other computers using the provider's IP.

the right approach is to analyse the behaviour associated with a given IP based on what is normal according to your knowledge and observation.
Avatar of yodaa

ASKER

Bing CISM / CISSP thank you for very informative information.

that will be hard as for me everything look suspicious!
> that will be hard as for me everything look suspicious!

LOL. indeed, i can understand your situation and feeling at the moment. :)

to be honest, you need an experienced guy to help you analyse the traffic and determine the suspicious connections. it seems you need EE Live and ask an expert there for 1:1 assistance over a remote session (like TeamViewer).
Hi There,

The question is a bit dicey from what I understand since I believe your requirement is to get details of the incoming traffic towards your sonic wall.

I have used fortigate wherein we had a log dashboard wherein one could select the incoming interface and filter the traffic based on real time hits.

I ain't that familiar with Sonic but I believe the Packet monitor feature could help you achieve what you want:
http://help.sonicwall.com/help/sw/eng/9600/26/2/3/content/Dashboard_Packet_Monitor.016.5.htm

For analyzing an IP address, it is quite difficult for a novice unless they are acquainted with understanding the generic traffic patterns.
However the below link could be useful for learners to atleast get a gist of the IP reputation:
http://www.borderware.com/
ASKER CERTIFIED SOLUTION
Avatar of Gene Blake
Gene Blake
Flag of United States of America image

Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
SOLUTION
Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
Hi yodaa,

Kindly confirm if my previous suggestion helped you.
@Greg,: Agree with you.
Analyzer would help fix all the problems
Avatar of yodaa

ASKER

WOW Impresive !!

Thank you Ian Arakel  you are a start
Thanks yodaa..