Network Monitoring on a Budget

Posted: August 21st, 2009 | Author: | Filed under: Network, Security | No Comments »

In this post, I want to discuss how to monitor a small network without spending big money. The goal of such monitoring is primarily security. We want to look for signs of presence of attackers and malware on our network. It is quite a daunting task, especially if there is no dedicated budget and no dedicated personnel (which is what one usually finds in small, and sometimes even not so small institutions). Below, there are some of the things that I have tried. If you have other ideas, please share them (send a comment). Read the rest of this entry »


IFSTAT network data visualized

Posted: July 22nd, 2009 | Author: | Filed under: Network, Security | Comments Off on IFSTAT network data visualized

I have many computer systems on my network that stay powered on 24/7 (these are mostly servers but also many desktops systems stay on for a variety of reasons). Monitoring network bandwidth usage on such systems can be quite desirable. It can help to detect, let’s call them, “unofficial” activities by users. It can also help to detect presence of a network active malware. Whatever your reasons are, if you are interested in network monitoring, IFSTAT program is your friend.

IFSTAT – http://gael.roualland.free.fr/ifstat/ – is a great tool written by GaĆ«l Roualland for network usage monitoring on individual computer hosts . IFSTAT runs on most computer platforms, it is very easy to install, and very easy to use.

IFSTAT generates large volumes of of data that is not easy to analyze especially when one has to deal with data coming from tens of hosts. A graphical presentation of IFSTAT data should substantially facilitate analysis. I developed a simple tool to collect and to visualize data collected by IFSTAT.

My tool is intended for networks of computers. It is not intended (and probably not very useful) for a home computer user with a couple of systems on the network.

Approach

IFSTAT is executed on individual computer hosts in a continuous or a semi-continuous manner. IFSTAT data is sent periodically to a Web server host via HTTP POST method. Perl scripts on the server process submitted data and make it available for presentation. Data is collected and presented per host and per calendar month. Color is used for presentation of network bandwidth values (in addition to numerical values). You can see an example of IFSTAT presentation page generated on the web server here.
Read the rest of this entry »