Analyzing network data with appliance router
NoOp
glgxg at sbcglobal.net
Mon Jun 13 00:29:17 UTC 2011
On 06/12/2011 03:47 PM, Patton Echols wrote:
> Greetings all,
>
> I am looking for ways to analyze the traffic through my home network.
> The tools that I seen mentioned as I google all seem to need to run on
> the router. This makes sense to me. After all, where better to access
> the traffic. I am wondering whether there are tools that can moniter
> traffic within the LAN and / or to and from the WAN, but do it from my
> desktop machine within the LAN.
>
> Here is what I am trying to do:
>
> I have been reading about concerns of Botnets and a recent article that
> suggested that nearly 20% or windows machines are infected. I have to
> support several windows machines in our network. We have antivirus and
> updates applied as soon as available, but I would like to have a way to
> ID a box that gets infected. One suggested method is to watch their
> traffic. If a windows box has spikes in network activity, starts port
> scanning, or doing other obnoxious activity, then you know you have work
> to do.
>
> The logging function of my appliance router is fairly minimal. It
> records the outgoing IP and protocol, but not the port or the time.
> Also, it seems to be pretty limited as to how much it saves. I'd prefer
> to not have to set up my own router if not necessary.
>
> Any thoughts?
Better router :-) That said, when my trusty BEFVP41 started going wonky
on my I had to back up to my Netgear & that router sucks as far as
traffic logs go. For a small home network, you might want to install
etherape to watch your network periodically. It will give you a
graphical view of your network traffic.
Unfortunately the repositories for maverick only offer 0.9.8 & 0.9.12 is
the latest:
https://launchpad.net/ubuntu/+source/etherape
http://etherape.sourceforge.net/
I'm not aware of any 0.9.12 deb's (haven't looked actually).
More information about the ubuntu-users
mailing list