Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations IamaSherpa on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

how can i build a linux box for traffic/protocol monitoring

Status
Not open for further replies.
walruz

walruz

Technical User
Dec 2, 2003
11
IE
at work we have multiple subnets, 1 for head office and then each branch office location have their own

e.g. head office 193.0.0.0/24

branch1 193.1.0.0/24
branch2 193.2.0.0/24
etc...

193.0.0.1, 193.1.0.1, 193.2.0.1 are routers
so the first IP of each subnet is used for their routers

noe i recently had the load of an ALLOT Netenforcer box which has 3 NICs, 1- Management, 1-INSIDE, 1-OUTSIDE

we had been experiencing traffic problems on our link to 193.1.0.0/24 subnet which is the firstbranch which is linked to use by a 256k line and a cisco 1609 on each end

head office router to branch 1 is 193.0.0.231

so now the OUTSIDE port on NetEnforcer is patched to the LAN port of the cisco 1609 and the INSIDE port is attached to LAN (193.0.0.0/24)

management port 193.0.0.8 is used for a webbrowser console
for viewing traffic and protocols

so since i have to give this back i was thinking of building a linux pc with 3 NIcs and put ethereal or similar software on it to d othe same thing as the netenforcer.

BTW the Allot Netenforcer is expensive so buying one is not an option.
 
Sort by date Sort by votes
OK, recommendations....

Many will say that you can get away with a pentium II box with a little RAM. That's not entirely the "best" case, but "doable".

I'd suggest 256MB of RAM to support your three NICs, IPTables rules, routes, and ethereal, etc.

DISK speed (and perhaps capacity) is something you should be careful about. Also consider that EXT3 partitions are CPU expensive but have less fault risk while EXT2 are the other side of the coin...

I didn't really see any specific requirements so I can't speak to specific software to help you.

There are dozens of "liveCD" firewall/routers out there..

If you're a Cisco-comfortable player, I'd suggest you take a look at Mikro-tik's RouterOS. Can be up to $100-$150 for the license, but it's damn slick and very IOS-like IMHO.

Otherwise, and again, there are lots of free implementations that can give you all sorts of value once you state your requirements a bit more in detail.

D.E.R. Management - IT Project Management Consulting
 
Upvote 0 Downvote
Sorry, I failed to complete two points in the prior post.

Try to get a Pentium III or something of decent CPU capacity, but don't go multiple CPU that's a waste.

Also, the RAM should go up to 512MB for the extra services if you want to keep the box happy.

FINAL thought, the NICs CAN make a difference in routing performance. Cheap NICs hit the CPU harder sometimes and don't always play nicely when moving between 10/100 Full/Half modes. Not that you need $500 NICs, but try to avoid the $9-after-rebate NICs for assurances... I see you aren't moving gobs of data, so this might be a slightly lesser concern than if you were bridging 100Mbps LAN segments.............. Sorry for the double-dip post.

D.E.R. Management - IT Project Management Consulting
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

AbidingDude
  • Locked
  • Question
Using My Libraries in Linux 1
Replies
5
Views
227
Salem
Salem
amatureo
  • Locked
  • Question
Linux not finding a shared WSD printer on Win7 computer
Replies
0
Views
190
amatureo
amatureo
andrew72788
  • Locked
  • Question
How do I set Arlo camera Offline with a computer?
Replies
0
Views
171
andrew72788
andrew72788
jstcallmered
  • Locked
  • Question
Suggestions needed for some great Linux materials
Replies
1
Views
174
ChrisHirst
ChrisHirst
cutsh
  • Locked
  • Question
Ubuntu Dual Boot Artifacts - Windows 10
Replies
0
Views
257
cutsh
cutsh

Part and Inventory Search

Sponsor

Back
Top