logging packets traffic and visual tools for monitoring

TheMSsForum.com: The Microsoft Software Forum

Hi,

I need more information regarding what data is hitting my sockets. I have a
bunch of dedicated servers and im using a shared Cisco firewall (no logs
available) and MS IP packet filters per server. Also using MS port monitor
app now and again when required and windows performance monitor. Ideally an
app with visual tools and verbose logs.

------------------------------------------------------------------
net &
isp routing
|______________________ ?
| |
firewall firewall
| |
server1 server2
web db
------------------------------------------------------------------

Windows 2003 server standard edition.

I guess i could install ISA and route all traffic from "NET" to "?" to
"server#" but was looking for something i can install direct on each server
to enhance my monitoring ability.

I guess i need a firewall app per server. Dont want to risk using something
like Zone alarm as have seen it cause big problems in the past. Would worry
about installing it on a remote machine.

Thanks for any advice.
Scott
Top

Re: logging packets traffic and visual tools for monitoring by Lognoul,

Lognoul,
Thu May 08 07:05:40 CDT 2008

Hi,

If you do not need to look inside packet but rather focus on
source/destination ports, source/destination IP and sizes, I would say there
are plenty of comprehensive or hand-crafted solution such as:
- Netflow: there are mutliple implementation on Windows. An easy one being
NTOP http://www.ntop.org/overview.html. You can also install a Netflow probe
on each server and configure them to report to a central collector such as
Netflow Analyzer
- A combination of windows Firewall (everything open but logging enabled)
and LogParser (to generate the reports and charts)

If you need to look inside packet, I would rather go for command-line-based
packet capture such as netcap or wireshark and then parsing and extracting
information using logparser.

In all cases, make sure you evaluate the extra load it will bring on your
servers.

Marc



"Scott" <scott_lotus@yahoo.co.uk> wrote in message
news:e#9BOOEsIHA.2188@TK2MSFTNGP04.phx.gbl...
> Hi,
>
> I need more information regarding what data is hitting my sockets. I have
> a bunch of dedicated servers and im using a shared Cisco firewall (no logs
> available) and MS IP packet filters per server. Also using MS port monitor
> app now and again when required and windows performance monitor. Ideally
> an app with visual tools and verbose logs.
>
> ------------------------------------------------------------------
> net &
> isp routing
> |______________________ ?
> | |
> firewall firewall
> | |
> server1 server2
> web db
> ------------------------------------------------------------------
>
> Windows 2003 server standard edition.
>
> I guess i could install ISA and route all traffic from "NET" to "?" to
> "server#" but was looking for something i can install direct on each
> server to enhance my monitoring ability.
>
> I guess i need a firewall app per server. Dont want to risk using
> something like Zone alarm as have seen it cause big problems in the past.
> Would worry about installing it on a remote machine.
>
> Thanks for any advice.
> Scott
>
Top

Re: logging packets traffic and visual tools for monitoring by Scott

Scott
Thu May 08 08:14:14 CDT 2008

thanks for the reply. i will have a look at your suggested apps.
scott


Top