 |
Home
| Calendar
| Mail Lists
| List Archives
| Desktop SIG
| Hardware Hacking SIG
Wiki | Flickr | PicasaWeb | Video | Maps & Directions | Installfests | Keysignings Linux Cafe | Meeting Notes | Blog | Linux Links | Bling | About BLU |
|
Home
| Calendar
| Mail Lists
| List Archives
| Desktop SIG
| Hardware Hacking SIG
Wiki | Flickr | PicasaWeb | Video | Maps & Directions | Installfests | Keysignings Linux Cafe | Meeting Notes | Blog | Linux Links | Bling | About BLU |
On 02/06/2013 02:00 PM, David Rosenstrauch wrote: > On 02/06/2013 12:34 PM, Matt Shields wrote: >> Also try ntop. Set it up on a standalone computer. 2 network ports, one >> for management, one where you mirror all your traffic at the >> switchport to >> it and have the interface in promiscuous mode. Then it'll give you nice >> charts to show you who is talking to what (ie. User1 is streaming content >> from Youtube, etc). >> >> Matt > > Will check that out - thanks! > > DR Great suggestion on ntop! Looks like what I need. Just one thing I'm not sure about with it, though: It seems like the intention is that you would run ntop on your gateway machine (which all traffic on the network passes through) and that way get full stats for the entire network. However, that's not the setup I have. I do have a gateway, but it's our firewall box, which I can't run ntop on. The machine I am running it on is our ssh entrypoint into the network. But the other machines on the network can initiate connections directly to the Internet through firewall without going through the ssh entrypoint. So I'm thinking that by running ntop on the ssh entrypoint box, it's not going to actually be seeing all the incoming or outgoing traffic for the network, and so won't be able to report on it accurately. Am I right on this? And if so, how best to work around this? (Without having to run an instance of ntop on every machine in the network.) Thanks, DR
 |
|
| BLU is a member of BostonUserGroups | |
| We also thank MIT for the use of their facilities. | |
