yodaa
asked on
Sonicwall Traffic
Guys
Any idea how can I monitor incoming traffic on sonicwall Tz215 ?
Any idea how can I monitor incoming traffic on sonicwall Tz215 ?
What do you mean, "monitor incoming traffic"?
This is a very broad question, what specifically are you trying to look at?
This is a very broad question, what specifically are you trying to look at?
ASKER
I would like to see real live incoming traffic from all IP's in my lan
ASKER
Also what does it mean ?
Tx Rx Tx Pkts Rx Pkts ?
thanks
Tx Rx Tx Pkts Rx Pkts ?
thanks
If you want to capture/analyze/watch ALL network traffic, I'd suggest using Wireshark and specify the capture filter for multiple IP addresses:
Don't use 'and' as that will only capture packets where all conditions are fulfilled, which will never be the case (think about the src ip and dst ip of a packet!).
Please use 'or' instead.
If you want to capture a whole network, your must use 'net' commands instead of 'host'
For example: net 10.128.0.0/24 or net 10.129.0.0/24 or host 10.1.2.3 or host 10.2.3.4
--
You really should look at this page for Wireshark Capture Filters:
https://wiki.wireshark.org /CaptureFi lters
--
As for your abbreviations:
Tx - Transmit
Rx - Receive
Don't use 'and' as that will only capture packets where all conditions are fulfilled, which will never be the case (think about the src ip and dst ip of a packet!).
Please use 'or' instead.
If you want to capture a whole network, your must use 'net' commands instead of 'host'
For example: net 10.128.0.0/24 or net 10.129.0.0/24 or host 10.1.2.3 or host 10.2.3.4
--
You really should look at this page for Wireshark Capture Filters:
https://wiki.wireshark.org
--
As for your abbreviations:
Tx - Transmit
Rx - Receive
> Tx Rx Tx Pkts Rx Pkts ?
TX: Transmit in Bytes
Rx: Receive in Bytes
Tx Pkts: Transmit in Packets
Rx Pkts: Receive in Packets
check the Filtering Connections Viewed section of http://goo.gl/14hcKR to learn how monitor against give IPs.
TX: Transmit in Bytes
Rx: Receive in Bytes
Tx Pkts: Transmit in Packets
Rx Pkts: Receive in Packets
check the Filtering Connections Viewed section of http://goo.gl/14hcKR to learn how monitor against give IPs.
Try the Real-Time Monitor in the Dashboard.
You can also check Log - Reports bandwidth by IP
Real-Time-Monitor.jpg
Bandwidth-by-IP-Log.jpg
You can also check Log - Reports bandwidth by IP
Real-Time-Monitor.jpg
Bandwidth-by-IP-Log.jpg
ASKER
Okay thank you
Question.
I see a lot of connections but how should I know which one are malicious and which one are not ?
For example 191.232.139.254 http://191.232.139.254.ipaddress.com/ good? bad?
Question.
I see a lot of connections but how should I know which one are malicious and which one are not ?
For example 191.232.139.254 http://191.232.139.254.ipaddress.com/ good? bad?
> how should I know which one are malicious and which one are not ?
it depends on how familar you are with the normal traffic. :) anything unusual could be suspicious or malicious.
you can't judge a single IP that way by checking its owner though it might be helpful (especially when the owner is not an ISP or a cloud provider such as Amazon or Microsoft).
if the IP belongs to an ISP or a cloud provider, you can't determine it is good or bad even the owner is a big name like Microsoft, because someone may create a VM in the cloud to hack other computers using the provider's IP.
the right approach is to analyse the behaviour associated with a given IP based on what is normal according to your knowledge and observation.
it depends on how familar you are with the normal traffic. :) anything unusual could be suspicious or malicious.
you can't judge a single IP that way by checking its owner though it might be helpful (especially when the owner is not an ISP or a cloud provider such as Amazon or Microsoft).
if the IP belongs to an ISP or a cloud provider, you can't determine it is good or bad even the owner is a big name like Microsoft, because someone may create a VM in the cloud to hack other computers using the provider's IP.
the right approach is to analyse the behaviour associated with a given IP based on what is normal according to your knowledge and observation.
ASKER
Bing CISM / CISSP thank you for very informative information.
that will be hard as for me everything look suspicious!
that will be hard as for me everything look suspicious!
> that will be hard as for me everything look suspicious!
LOL. indeed, i can understand your situation and feeling at the moment. :)
to be honest, you need an experienced guy to help you analyse the traffic and determine the suspicious connections. it seems you need EE Live and ask an expert there for 1:1 assistance over a remote session (like TeamViewer).
LOL. indeed, i can understand your situation and feeling at the moment. :)
to be honest, you need an experienced guy to help you analyse the traffic and determine the suspicious connections. it seems you need EE Live and ask an expert there for 1:1 assistance over a remote session (like TeamViewer).
Hi There,
The question is a bit dicey from what I understand since I believe your requirement is to get details of the incoming traffic towards your sonic wall.
I have used fortigate wherein we had a log dashboard wherein one could select the incoming interface and filter the traffic based on real time hits.
I ain't that familiar with Sonic but I believe the Packet monitor feature could help you achieve what you want:
http://help.sonicwall.com/help/sw/eng/9600/26/2/3/content/Dashboard_Packet_Monitor.016.5.htm
For analyzing an IP address, it is quite difficult for a novice unless they are acquainted with understanding the generic traffic patterns.
However the below link could be useful for learners to atleast get a gist of the IP reputation:
http://www.borderware.com/
The question is a bit dicey from what I understand since I believe your requirement is to get details of the incoming traffic towards your sonic wall.
I have used fortigate wherein we had a log dashboard wherein one could select the incoming interface and filter the traffic based on real time hits.
I ain't that familiar with Sonic but I believe the Packet monitor feature could help you achieve what you want:
http://help.sonicwall.com/help/sw/eng/9600/26/2/3/content/Dashboard_Packet_Monitor.016.5.htm
For analyzing an IP address, it is quite difficult for a novice unless they are acquainted with understanding the generic traffic patterns.
However the below link could be useful for learners to atleast get a gist of the IP reputation:
http://www.borderware.com/
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Hi yodaa,
Kindly confirm if my previous suggestion helped you.
@Greg,: Agree with you.
Analyzer would help fix all the problems
Kindly confirm if my previous suggestion helped you.
@Greg,: Agree with you.
Analyzer would help fix all the problems
ASKER
WOW Impresive !!
Thank you Ian Arakel you are a start
Thank you Ian Arakel you are a start
Thanks yodaa..
see details here: http://goo.gl/14hcKR