network monitoring systems
JT Moree
moreejt at pcxperience.com
Wed Jun 6 11:00:27 MST 2007
We have a cisco VOIP server that also acts as the gateway for all the internal
network traffic (i don't know why it's setup this way but it is). Given that
it has become difficult to get accurate SNMP data from the router (because all
traffic looks like it comes from the VOIP server?)
we are thinking of installing a system that will let us analyze the traffic.
the most important problem we are solving is knowing who is watching streaming
video on the network (by IP address).
My first thought was to put one of the switch ports in manage mode where it
sends all traffic to that port for sniffing but that idea is not popular with
my superior.
Perhaps I'll put the system on the network. All traffic needs to be passed
through the system so that we can analyze it.
I can install a Linux box that forwards all traffic though to the VOIP server
(which runs windows). Leave the VOIP system at .201 and make the analyzer be
.203. then set dhcp to pass out .203 as the gateway.
or I can put the system in promiscuous/bridging mode where it sits in between
the VOIP system and the switch.
The real question is which software should I use to analyze the traffic. I
could use wireshark on pretty much anything or maybe use SNORT. since snort is
an IDS it may not be the best for this scenario.
Is anyone else dealing with a similar situation? How have you solved the
problem?
--
JT Moree
www.pcxperience.com
----------------------------------------------------------------
This message was sent using IMP, the Internet Messaging Program.
--
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.
MailScanner thanks transtec Computers for their support.
More information about the PLUG-discuss
mailing list