On Friday, January 20, 2006 9:28 AM, Mike Miller wrote: > >Date: Fri, 20 Jan 2006 09:28:55 -0600 (CST) >From: Mike Miller >To: TCLUG List <tclug-list at mn-linux.org> >Subject: [tclug-list] monitoring network activity of a Linux box > >A friend has a Linux machine with many users. Suppose one or more users >is doing inappropriate things with the box like sending ping floods or >scanning networks. He would want to know about it. Is there any software >that is designed specifically to monitor for this kind of stuff and report >when it sees something unusual? A program like netstat can detect all >sorts of network activity, but it would have to be called at intervals and >its output would have to be parsed and analyzed by some other programs. > >Thanks in advance for any tips. > >Mike > There are alot of tools you can use to monitor network traffic, google turned out this page from Standford university that lists almost every monitoring tool out there; it also has a brief introduction to Network Monitoring Protocol (NMP). http://www.slac.stanford.edu/xorg/nmtf/nmtf-tools.html In my experience the most widely used mnitoring software is Snort, you can get real specific as in setting rules of attacks that you want to monitor and bind them to specific IP addresses, etc. My first experience with seeing how cool Snort was when seeing the specific reports and information it provided when I installed Smoothwall Firewall at a friends business. http://www.snort.org/ ______________________________________ >TCLUG Mailing List - Minneapolis/St. Paul, Minnesota >tclug-list at mn-linux.org >http://mailman.mn-linux.org/mailman/listinfo/tclug-list "Great Spirits Have Always Encountered Violent Opposition From Mediocre Minds" - Einstein "Cuanta estupidez en tan poco cerebro!"