In tshark, you can perform the filtering internally with its own filter syntax. I can't remember the details - I always have to look up the manual page. -----Original Message----- From: Chris Turner [mailto:ultimatethesecond@googlemail.com] Sent: Friday, September 1, 2017 6:22 PM To: Jason White <jason@jasonjgw.net>; 'Blind sysadmins list' <blind-sysadmins@lists.hodgsonfamily.org> Cc: 'Chris Turner' <ultimatethesecond@googlemail.com> Subject: Re: [Blind-sysadmins] network monitoring Yep Tshark and Tcpdump are both good. They use the Berkley Packet Filter sintax. Using with grep, awk and sort can narrow down what you're interested in. Again, you need to have them on a promiscious interface at a suitable place on the network to capture packets off the wire, assuming we're talking ethernet not wireless. I actually bought an old dum layer hub for this a while ago though not used it much. Otherwise you could put your sniffing system on a mirror / span port on a switch. Regards. Chris Turner On 01/09/17 20:19, Jason White wrote:
Try tshark via a Linux terminal. You can filter the output to show just the protocols or addresses of interest - see the documentation for details. It is a while since I've needed it, but I have successfully used it.
-----Original Message----- From: Blind-sysadmins [mailto:blind-sysadmins-bounces@lists.hodgsonfamily.org] On Behalf Of Chris Turner via Blind-sysadmins Sent: Friday, September 1, 2017 7:58 AM To: Blind sysadmins list <blind-sysadmins@lists.hodgsonfamily.org> Cc: Chris Turner <ultimatethesecond@googlemail.com> Subject: Re: [Blind-sysadmins] network monitoring
Hi.
Been a while since I tried. Will be watching this thread.
I tried NtopNG briefly. This produces stats and info you can look at in a webpage. It requires a paid for plugin to work with netflow if I recall. I need to have a look it again actually. Not sure I configured with SNMP.
There's also cacti which can collect SNMP data, display graphs and stats in a web interface.
There are quite a few for SNMP collection actually.
Active analisys. I'm sure you know but if using sniffing, AKA traffic analysis, it's important where you place the sniffing system. My NtopNG was a VM on a virtual network between some VM hosts and a virtual upstream router. SO snaffling up all traffic that traversed the link.
Regards
Chris Turner
On 31/08/2017 22:14, Simon Eigeldinger via Blind-sysadmins wrote:
Hi all,
Anyone using some linux software to monitor a network? I want something that prints stuff out in text on a web interfaces. at least the most stuff i would be grateful. Want to install that on a raspberry pi to see what the network devices are doing. so support for snmp and other protocols would be nice.
anyone has an idea?
Greetings, Simon
--- Diese E-Mail wurde von Avast Antivirus-Software auf Viren geprüft. https://www.avast.com/antivirus
_______________________________________________ Blind-sysadmins mailing list Blind-sysadmins@lists.hodgsonfamily.org https://lists.hodgsonfamily.org/listinfo/blind-sysadmins
--- This email has been checked for viruses by Avast antivirus software. https://www.avast.com/antivirus
_______________________________________________ Blind-sysadmins mailing list Blind-sysadmins@lists.hodgsonfamily.org https://lists.hodgsonfamily.org/listinfo/blind-sysadmins