Network monitoring

[Deleted member 174149]

A local apartment complex is having issues with students participating in illegal activities on some websites. They are looking for a way to track these users down and warn them or disable their internet access.

Right now they have a Cisco 2821, but unfortunately, it doesn't appear that Netflow gives enough granularity for us to do this monitoring. We can see basic protocol usage information per IP address but we really want something a little more detailed than that. If there's a way to do it with the existing 2821, I'm all ears.

They will soon be implementing a login system for each user, so all traffic will go through a Windows 2003 server with dual NICs. I am thinking that there must be a good software solution to monitor what webpages, protocols and network traffic for each user that we can load on the server.

Our needs are very simple - they are not responsible for the health or status of any machine on the network, they just need to monitor the traffic with some detail and some good sorting that will make it easy on them.

There might be room in the budget but I'd sincerely welcome free/open source/cheap solutions as well since they'd be happy if we could save them some money.

Thanks!

 

[yinan]

ISA Serer can do this easily.

 

[Deleted member 174149]

Thanks, yinan. I'm hoping the client will allow for a little room in the budget but if he balks at the $1499 list price, are there any less expensive options?

 

[MedicBob]

Proxy Server? There are GPL/Open Source solutions out there.

 

[mooseracing]

I'm using a netflow analyzer and it breaks it down to basic protocol per IP, as well as IP traffic that can be resolved to DNS. It shows all traffic and size as well. What else are you looking for?

If you know the IP and what to sort through data you coudl set up wireshark to analyze just traffic coming or going from that IP.

 

[Modelworks]

Pfsense, is free and can do everything you listed. It will log per packet based on rules if you want.
http://www.pfsense.org/index.p...k=view&id=40&Itemid=43

Any reason they are going with a windows server and not something *nix for free ?


If you want something that can manage access as well as content monitor: http://www.clarkconnect.com/

I run pfsense now, I did run clarkconnect, but it really had too many features for what I needed.

 

[Crusty]

I use a BSD virtual machine running cacti and various other tools to monitor all my equipment. Any device that can use SNMP cacti can log. I've also got it setup for a syslog server as well, which cacti handles nicely 🙂