[ previous ] [ next ] [ threads ]
 From:  "Benjamin H. Henry" <ben at magothy dot net>
 To:  lists at masonc dot com
 Cc:  m0n0wall at lists dot m0n0 dot ch
 Subject:  Re: [m0n0wall] How to monitor workstation network traffic
 Date:  Thu, 02 Feb 2006 08:19:02 -0500
Ntop is a network probe which uses a NIC in "promiscuous" mode, attached 
to the network through a hub, a monitoring port on a switch, or a 
network tap. It basically sees all network traffic on that segment of 
the network. You wouldn't want to run it on your firewall, as it is 
resource intensive and not sufficiently stable for such a device.

How to build a passive ethernet tap: http://www.snort.org/docs/tap/

Chris Mason (Lists) wrote:
> Benjamin H. Henry wrote:
>> Take a look at ntop: http://ntop.org. It gives you so much info about 
>> every node on your network it's scary. An easy way to try ntop is by 
>> using the Network Security Toolkit http://nst.sourceforge.net/nst/, a 
>> bootable Live CD which includes ntop.
> How would this work? If the application is not running on the firewall, 
> how would ntop know what packets were going through the firewall?