gnhlug-discuss Digest, Vol 140, Issue 6

Joseph Guarino jguarino at evolutionaryit.com
Thu May 10 12:59:43 EDT 2018


Hi,

If your firewall supports SNMP you can use  any number of tools such as
Ntopng, Cacti or MRTG to see what is up with your packets. If your firewall
isn't able to handle the load of this function in addition to its day to
day functioning you can always separate this out to another Linux box that
you attach to a SPAN port on your switch or use a tap to monitor your
connection.

Are you using the Comcast gateway as your firewall? If so, I'd recommend
upgrading to any number of great open source firewalls which can be built
on commodity hardware for ~$1000 you'll get an enterprise grade firewall
with supernumerary features.  Proxying, malware scanning and QoS would
certainly be helpful to your situation. I'd recommend looking at OpnSense
or Untangle. Both are open and offer community and corporate support. Both
of these vendors offer ready made firewall solutions as well. Both of these
have some of the bandwidth monitoring features among their many others.

https://opnsense.org/
https://www.untangle.com/

In terms of gaining insight into your traffic you'll either need a network
switch that supports SPAN/port mirroring or a network TAP. Then you can use
any number of tools to get VERY detailed insights into the traffic flowing
on your network. Tools like NtopNg,Cacti, MRTG among others would give you
LOTS of insights of what is happening with your network.

https://www.ntop.org/products/traffic-analysis/ntop/
https://www.cacti.net/
https://oss.oetiker.ch/mrtg/

Lastly, I'd not use Windows 8 for anything other than.. well nothing. =P
You can take that desktop and throw just about ANY Linux desktop focused
distro on it and then put Ntop, Catcti, Wireshark on it and it'll be a heck
of a lot more secure, stable and performant.  You can then plug that into a
SPAN/port mirror or into a network tap and see EVERYTHING going on. Ntop
and Cacti will give you TONS of info. As I detailed above many of the
firewalls have some of the features you may need. In the end, architecting
this is entirely up to you and your budget and needs.

Hope this is helpful.

Have a great weekend,
Joe




> ---------- Forwarded message ----------
> From: Thomas Charron <twaffle at gmail.com>
> To: jsf <jfreeman at gmail.com>
> Cc: GNHLUG <gnhlug-discuss at mail.gnhlug.org>
> Bcc:
> Date: Wed, 9 May 2018 12:42:27 -0400
> Subject: Re: bandwidth capture question
> On Fri, May 4, 2018 at 1:09 PM, jsf <jfreeman at gmail.com> wrote:
>
>> Hi friends,
>>
>> I am IT dir. at a small independent school in CT nowadays.  I have a
>> comcast modem.  my firewall plugs into a wired port in the comcast modem.
>> I have an old PC running windows 8.1.  I have installed wireshark on the
>> old PC.  I have plugged the old PC's network interface into another wired
>> port on the comcast modem.  Ideally I would like to use wireshark to
>> capture EVERYTHING going across the modem - basically everything that is
>> going in and out of the connection between the modem and my firewall.  I am
>> at a loss w/r/t how to set this up properly.
>>
>
>   That'd be doing it wrong, and you'd be looking at a giant list of
> spaghetti.
>
>
>> I am trying to get a sense regarding the schools' bandwidth usage.. we
>> have 150/25 over coax.  i think performance is pretty good most of the time
>> (we are a small school).. but not everyone agrees with me.  If we have too
>> little bandwidth (are hitting a max periodically) I'd like to know that.
>>
>> Thanks in advance for help with this and recommendations about anything
>> else I should put on this old PC to help with this exercise.
>>
>
>   It's best to be looked at from the firewalls perspective.  What are you
> using for a firewall?  Is it up to the task to NAT the number of sessions
> it is likely having to NAT?  The first place I would look would be the
> firewall itself.  Many times, a cheap/underpowered firewall is the cause of
> crappy speeds, and not the network itself.
>
>   Thomas
>
>
> _______________________________________________
> gnhlug-discuss mailing list digest
> gnhlug-discuss at mail.gnhlug.org
> http://mail.gnhlug.org/mailman/listinfo/gnhlug-discuss/
>
>


-- 
--------------
Joseph Guarino
Evolutionary IT - Best Practice IT(tm)
Website: www.evolutionaryit.com
Blog: www.evolutionaryit.com/blog
Social Networks: network.evolutionaryit.com
888.404.5074
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mail.gnhlug.org/pipermail/gnhlug-discuss/attachments/20180510/309930ab/attachment.html 


More information about the gnhlug-discuss mailing list