Firewalls: Re: Building a monitoring system

Firewalls
(September 1996)

Indexed By Thread: [Previous] [Next]

Subject:	Re: Building a monitoring system
From:	Todd Graham Lewis <tlewis @ mindspring . com>
Date:	Fri, 6 Sep 1996 12:21:54 -0400 (EDT)
To:	Russ <Russ . Cooper @ RC . Toronto . on . ca>
Cc:	"'Firewalls'" <Firewalls @ GreatCircle . COM>
In-reply-to:	<c=US%a=_%p=Toronto%l=MAIL-960906130045Z-88 @ mail . rc . toronto . on . ca>

On Fri, 6 Sep 1996, Russ wrote:

> Howdy folks,
> 
> I'm going to take the plunge into Unix by way of building a monitoring
> system that would be dedicated to the task of reporting the actions of
> the other machines on my very small network. Given my limited Unix
> background, I figured the best way to approach this would be to ask
> y'all what this box should be.
> 
> I've got a 486DX-100 sitting here with 8MB of RAM and a el cheapo PCI
> NE2000 clone NIC. I've got 1GB of drive and an ATI VGA Wonder VGA
> adapter. A floppy, a Future Domain TMC3260 PCI SCSI-2 adapter, and a NEC
> 3x SCSI CD round out the box.
> 
> So;
> 
> - what OS should I use (downloadable from the net would be preferred)

Linux or FreeBSD.  I prefer Linux, as it has, IMO, better SNMP and 
general network monitoring tools, plus lots of firewall toys.  Either 
will suit your purposes equally well.

> - will the OS support the hardware I described or do I need
> more/different/better hardware

I would consider upgrading the Ethernet cards to real cards: SMC, 3com,
etc.  Other than that, this should do.

> - what packet monitor tool would be recommended, I would like something
> that I can set filters on and run several filters at once into different
> captures if possible

tcpdump.

> - could somebody lend me a bookmark file of Unix tools links for the
> recommended OS

If you are just talking about packet sniffing (no SNMP, etc.), then 
tcpdump with some perl on top is about the only way to go.  A group in 
Australia is working on some more specialized packet sniffing tools; 
netman or something like that.  The url escapes me.

> - configuration recommendations would be appreciated

Read the man pages, write a perl script to collate the output of tcpdump, 
and read the result when you have time.  As far as the box goes, install 
the os, become root, and run tcpdump.  There's not that much to it.

> I've got similar functionality in my NT boxes, so its not that I can't
> do this in NT. I want to put a dedicated box in place for this now so I
> figured I'd give Unix a try at this before I put NT on it. If it works
> well, I'll just leave it there, maybe allowing me to give you more
> detailed dumps of NT activity that you can actually grep...;-]

Now we get to the heart of the matter!  See if you can reverse engineer 
Quake's network behaviour while you're at it.  8^)

Good luck; mail if problems.

__
Todd Graham Lewis             Linux!                 Core Engineering
Mindspring Enterprises  tlewis @
 mindspring .
 com   (800) 719 4664, x2804

Follow-Ups:

Re: Building a monitoring system
From: Jeff Murphy <jcmurphy @ smurfland . cit . buffalo . edu>

References:

Building a monitoring system
From: Russ <Russ . Cooper @ RC . Toronto . on . ca>

Indexed By Date	Previous:	Re: traceroute From: apilosov @ cantor . com
Indexed By Date	Next:	Re: C2 Myths From: Leonard Miyata <leonard @ geminisecure . com>
Indexed By Thread	Previous:	Building a monitoring system From: Russ <Russ . Cooper @ RC . Toronto . on . ca>
Indexed By Thread	Next:	Re: Building a monitoring system From: Jeff Murphy <jcmurphy @ smurfland . cit . buffalo . edu>