[SlugBug] OT..Networking Hardware Software Recommendations
Ishikodzume
ishikodzume at beneath.plus.com
Tue Mar 2 05:52:25 GMT 2004
> multipurpose network monitoring,
As has already been said, BB4 and Nagios are really cool
applications. I've not had much experience with Nagios, but i'd
probably recommend you try that one out first, as it seems to be the
one used by most professional network operator guys from what i've
been seeing lately on mailing lists, etc... there must be something
good about it :)
> say traffic protocol analysis one day,
This is where, to my knowledge, i don't think there is a ready-to-go
solution, software wise. I mean, sure, if you want to sit there all day
watching every bit of traffic go by, use ethereal or TCPdump... but
i'm guessing you just want to have an overview of the traffic, see
if there are and anomolies you'd want to look into, etc.
For specific needs - and if i'm wrong here please someone tell me,
as i'd love it for my own network - you're probably looking at
either piping tcpdump through a custom perl script to analyse and
graph/log the traffic, or writing something that does what you want
with libpcap yourself. I'd say the former solution almost certainly
has performance issues when you're seeing a lot of traffic, but i
don't know from experience as i've never had anything other than my
home network to deal with :)
There are easy to use toolkits such as gd for graphing etc, if you
don't feel like writing your own graphics code.
> to IDS another day.
Depends what you mean by IDS... but in the context given, yes, Snort
is very good i've heard :)
But again it depends how much traffic you want to push through
there... i'm thinking all that signiture matching doesn't come cheap,
cycle-wise :)
As someone else has said, it makes a /world/ of difference what NICs
you buy. If you get a card that does stuff like TCP checksums in
hardware, you have to worry a lot less about what spec machine you're
buying in order to be able to saturate the link. Not that having a
high spec machine will mean you'll be able to saturate the link with
a crappy NIC...
Go Intel :)
As far as Linux vs. BSD... i don't think it really matters. I'd
probably use OpenBSD, just incase i find a use for its wonderful pf
in that situation :)
--
PGP: http://spacecake.hypermart.net/pgp/ishikodzume.pubkey.asc
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: not available
Url : http://www.email-lists.org/pipermail/slugbug/attachments/20040302/ef68324d/attachment.bin
More information about the SlugBug
mailing list