Torsdag den 19. august 2004 16:36 skrev Danny Sauer:
Jack wrote regarding '[SLE] monitor lan traffic' on Thu, Aug 19 at 09:11:
Can somone tell what I need to have installed on suse linux machine so that I can maybe monitor an analize some of the traffic on my network. I'm wanting to see if I can determine what is causing so much traffic on the lan at times that it makes things crawl. I know there is some software on the dvd/cd to do this just not sure what it is. If know what it is I do not mind going an reading the man pages to see if i can get it going or a good how-to on the subject either. A good recommendation on a good firewall book / howto would be nice to have also.
thanks for any help you list member can give me.
Ethereal is the be-all end-all sniffer, IMHO. It'll let you know capture and later analyze traffic, but it's tough to use for real-time monitoring. Etherape is pretty decent for watching what's going on in real-time, but isn't so good for later analysis. If you have SNMP daemons running on most of your machines, mrtg or rrdtool+cacti are nice solutions for graphing the traffic on a per-machine basis, and monitoring lots of other stuff over longer periods of time.
Note that the first two programs depend on promiscuous mode beign able to pick up all of the network traffic, so you probably want to be running on a hub that's near to the router. Switched networks can still be sniffed, but it's a bigger pain.
ntop should be considered too. Johan
--Danny