Howdy, Stranger!

It looks like you're new here. If you want to get involved, click one of these buttons!


[Suspect traffic] OpenSource Network Monitoring Tools
New on LowEndTalk? Please Register and read our Community Rules.

All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.

[Suspect traffic] OpenSource Network Monitoring Tools

Hello Internet,

i would like to know what Networkmonitoring-Tools you like as most. I did already test many many years ago Nagios and want to start with with monitoring on all my machines again.

What do you think? What is the most efficent way to monitor all you machines for suspect traffic at the moment?

I think i will try one from this here:
Icinga 2,
Nagios,
Observium
or Zabbix
and on Windows maybe Spiceworks...

Comments

  • KuJoeKuJoe Member, Host Rep

    Please elaborate. Unless you setup port mirroring on your switches you won't be able to tell what kind of traffic your servers are sending/receiving. If you're just looking for bandwidth/network statistics then I recommend Observium hands down. If you need to monitor the type of traffic on your servers then I don't really have any recommendation besides manually reviewing the traffic with something like Wireshark or tcpdump.

    Thanked by 1Babynemo
  • zkyezzkyez Member
    edited June 2018

    If you don't need to keep the history of flow data take a look at ntopng. It can do netflow, real time capture via port mirroring and other nifty things.

    Thanked by 1Babynemo
  • mkshmksh Member

    Haven't used it but snort seems to be something to look into if you want to automatically detect suspicious traffic. Beyond that i can only second tcpdump and maybe iftop to get a general overview of whats going on.

    Thanked by 1Babynemo
  • zkyezzkyez Member

    @mksh said:
    Haven't used it but snort seems to be something to look into if you want to automatically detect suspicious traffic. Beyond that i can only second tcpdump and maybe iftop to get a general overview of whats going on.

    Problem with snort is the current stable version isn't multi-threaded and if you have a lot of traffic to analyze then it will overload a core fast. Besides, doing traffic analysis for several gbps isn't currently an easy task (with snort at least).

    Thanked by 2Babynemo mksh
  • ClouviderClouvider Member, Patron Provider

    @KuJoe said:
    Please elaborate. Unless you setup port mirroring on your switches you won't be able to tell what kind of traffic your servers are sending/receiving. If you're just looking for bandwidth/network statistics then I recommend Observium hands down. If you need to monitor the type of traffic on your servers then I don't really have any recommendation besides manually reviewing the traffic with something like Wireshark or tcpdump.

    This or flow export and some good analyser.

    Thanked by 1Babynemo
  • @KuJoe said:
    Please elaborate. Unless you setup port mirroring on your switches you won't be able to tell what kind of traffic your servers are sending/receiving. If you're just looking for bandwidth/network statistics then I recommend Observium hands down.

    As first and will buy a switch with port mirroing for my homenetwork. After that i will connect this port to the monitoring server.

    What LowEnd-Router does have the best build in monitoring features checking suspect traffic? The cheapest are TP-Link and Netgear devices, but i am a bit sceptic about this brands.

  • mkshmksh Member

    @Babynemo said:

    @KuJoe said:
    Please elaborate. Unless you setup port mirroring on your switches you won't be able to tell what kind of traffic your servers are sending/receiving. If you're just looking for bandwidth/network statistics then I recommend Observium hands down.

    As first and will buy a switch with port mirroing for my homenetwork. After that i will connect this port to the monitoring server.

    What LowEnd-Router does have the best build in monitoring features checking suspect traffic? The cheapest are TP-Link and Netgear devices, but i am a bit sceptic about this brands.

    As far as low end is concerned why not build your own. Not sure how that scales but you can run as much monitoring on it as you like.

  • KuJoeKuJoe Member, Host Rep

    I don't know of any routers that have built in DPI. The only solution I know of that includes that would be the Ubiquiti switches with a Ubiquiti UniFi Security Gateway for about $200.

    Thanked by 1gestiondbi
  • zkyezzkyez Member

    Pfsense does dpi and can run on fairly low muscle systems. But you need to bring your own hardware and wifi support is meh.

  • gestiondbigestiondbi Member, Patron Provider

    @KuJoe said:
    I don't know of any routers that have built in DPI. The only solution I know of that includes that would be the Ubiquiti switches with a Ubiquiti UniFi Security Gateway for about $200.

    Yup and Cisco does it on their Meraki brand. But it's pretty expensive

  • netomxnetomx Moderator, Veteran

    OpenWRT has port mirroring

  • edited June 2018

    @zkyez said:
    If you don't need to keep the history of flow data take a look at ntopng. It can do netflow, real time capture via port mirroring and other nifty things.

    do you know ntop alternative? with focus&emphasis on network , i really like it since pre ng and dual license
    zabbix&nagios seems overkill for me (only want to monitor the traffic, not server,service,etc)

    @netomx said:
    OpenWRT has port mirroring

    i just know that, do you mean this?
    https://github.com/mmaraya/port-mirroring

    seems on some ath only

  • netomxnetomx Moderator, Veteran

    MeMyselfandLinux said: seems on some ath only

    "port-mirroring runs on all hardware platforms supported by OpenWrt."

    you need to compile it

  • zkyezzkyez Member

    @MeMyselfandLinux said:

    @zkyez said:
    If you don't need to keep the history of flow data take a look at ntopng. It can do netflow, real time capture via port mirroring and other nifty things.

    do you know ntop alternative? with focus&emphasis on network , i really like it since pre ng and dual license
    zabbix&nagios seems overkill for me (only want to monitor the traffic, not server,service,etc)

    @netomx said:
    OpenWRT has port mirroring

    i just know that, do you mean this?
    https://github.com/mmaraya/port-mirroring

    seems on some ath only

    Nothing free, sorry. The others I used are SolarWinds and Ubiquiti stuff.

  • FHRFHR Member, Host Rep

    Mikrotik RouterOS can do active port mirroring. Mirror to a machine with ntopng and you've got yourself a great, cheap solution.

  • When I worked at the ISP - we used Cacti. It is not the most functional, but it can easily be customized

  • zkyezzkyez Member

    @ValeryTrof said:
    When I worked at the ISP - we used Cacti. It is not the most functional, but it can easily be customized

    Cacti doesn't do dpi.

Sign In or Register to comment.