Wireless Hacks. 1917 IndustrialStrength Tips and Tools [Electronic resources] نسخه متنی

اینجــــا یک کتابخانه دیجیتالی است

با بیش از 100000 منبع الکترونیکی رایگان به زبان فارسی ، عربی و انگلیسی

Wireless Hacks. 1917 IndustrialStrength Tips and Tools [Electronic resources] - نسخه متنی

Rob Flickenger

| نمايش فراداده ، افزودن یک نقد و بررسی
افزودن به کتابخانه شخصی
ارسال به دوستان
جستجو در متن کتاب
بیشتر
تنظیمات قلم

فونت

اندازه قلم

+ - پیش فرض

حالت نمایش

روز نیمروز شب
جستجو در لغت نامه
بیشتر
لیست موضوعات
توضیحات
افزودن یادداشت جدید












Hack 42 Running ntop for Real-Time Network Stats




See who's doing what on your
network over time with ntop.


If
you're looking for real-time network statistics, you
should check out the terrific ntop (http://www.ntop.org/) tool. It is a
full-featured protocol analyzer with a web frontend, complete with
SSL- and GD-graphing support. Unfortunately, ntop
isn't exactly lightweight (requiring more resources
depending on the size of your network and the volume of Net traffic),
but it can give you a very nice picture of who's
talking to whom on your network.


ntop needs to run initially as root (to throw your interfaces into
promiscuous mode and start capturing
packets), but then releases its privileges to a user that you
specify. If you decide to run ntop for long periods of time,
you'll probably be happiest running it on a
dedicated monitoring box (with few other services running on it, for
security and performance reasons).


Here's a quick reference on how to get ntop up and
running quickly. First, create an ntop user and
group:


root@gemini:~# groupadd ntop
root@gemini:~# useradd -c "ntop user" -d /usr/local/etc/ntop -s /bin/true [RETURN]
-g ntop ntop


Then unpack and build ntop per the instructions in
docs/BUILD-NTOP.txt. I assume that you have the
source tree unpacked in
/usr/local/src/ntop-2.1.3/.


Create a directory for ntop to keep its capture database in:


root@gemini:~# mkdir /usr/local/etc/ntop


(Note that it should be owned by root, and
not by the ntop user.)


If you'd like to use SSL for
https (instead of standard
http), then copy the default SSL key to
/usr/local/etc/ntop:


root@gemini:# cp /usr/local/src/ntop-2.1.3/ntop/*pem /usr/local/etc/ntop


Note that the default SSL key will not be built with the correct
hostname for your server. Now we need to initialize the ntop
databases and set an administrative password:


root@gemini:~# ntop -A -u ntop -P /usr/local/etc/ntop
21/Sep/2002 20:30:23 Initializing GDBM...
21/Sep/2002 20:30:23 Started thread (1026) for network packet analyser.
21/Sep/2002 20:30:23 Started thread (2051) for idle hosts detection.
21/Sep/2002 20:30:23 Started thread (3076) for DNS address resolution.
21/Sep/2002 20:30:23 Started thread (4101) for address purge.
Please enter the password for the admin user:
Please enter the password again:
21/Sep/2002 20:30:29 Admin user password has been set.


Finally, run ntop as a daemon, and start the SSL server on your
favorite port (4242, for example):


root@gemini:~# ntop -u ntop -P /usr/local/etc/ntop -W4242 -d


By default, ntop also runs a standard HTTP server on
port 3000. You should strongly consider locking down access to these
ports at your firewall, or by using command-line iptables rules.


Let ntop run for a while, then
connect to https://your.server.here:4242/. You can find
out all sorts of details about what traffic has been seen on your
network, as shown in Figure 3-41.



Figure 3-41. ntop provides all sorts of useful real-time information.





While tools like tcpdump and Ethereal give you detailed, interactive
analysis of network traffic, ntop delivers a wealth of statistical
information in a very slick and easy-to-use web interface. When
properly installed and locked down, it will likely become a favorite
tool in your network analysis tool chest.



/ 158