Rick Stevens wrote: > On 02/18/2010 03:01 PM, Patrick O'Callaghan wrote: > >> On Thu, 2010-02-18 at 13:47 -0800, Rick Stevens wrote: >> >>> On 02/18/2010 09:52 AM, Wendell Nichols wrote: >>> >>>> I would like to monitor network connections on my servers. Users run >>>> all sorts of stuff and I want to know when some chat client starts >>>> shipping data to a system in china etc. >>>> >>> Snort is probably the best (and complicated) network sniffer out >>> there. It can do some serious analysis. It also eats up CPU cycles >>> like crazy. You've been warned. >>> >> Other things to look at: ntop and wireshark (not for the faint of >> heart). >> > > Wireshark, of course, being the GUI side of tcpdump. But you knew that! Thankyou for your input. I've looked at all these things and a few more. One of the more interesting tools is etherape (available at your friendly neighbourhood fedora repo site). It gives you a nice picture of what machines on your lan are connected to what machines both off and on your lan. The thing it doesn't tell me is what app is responsible for the connection and where the end point is. There is also no logging. I have snort on my firewall and I'll look more closely at it before I move on. I'm mostly concerned with apps on windows machines on my local lan having connections to machines which are not expected. You read nearly every week about some social networking game or app (tomtom skype?) which funnels the chat content to either a foreign government or an organization collecting identities for fraud purposes. I'm interested in tools which might plug those holes... but perhaps they don't exist or are out of the reach of the "little guy" :) Thanks again for your thoughts.. Wendell Nichols -- users mailing list users@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe or change subscription options: https://admin.fedoraproject.org/mailman/listinfo/users Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines
