NETWORK PRESENCE ABOUT SERVICES PRODUCTS TRAINING CONTACT US SEARCH SUPPORT
 


Search
display results
words begin  exact words  any words part 

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [FW-1] Network performance analysis / sniffing.


  • To: [email protected]
  • Subject: Re: [FW-1] Network performance analysis / sniffing.
  • From: Steve McNutt <[email protected]>
  • Date: Wed, 10 Apr 2002 21:46:10 -0400
  • Reply-to: Mailing list for discussion of Firewall-1 <[email protected]>
  • Sender: Mailing list for discussion of Firewall-1 <[email protected]>
  • Thread-index: AcHg3UI5NR9KACtnQQS1sjdCKlV+dAAGBKrw
  • Thread-topic: [FW-1] Network performance analysis / sniffing.

What tools and or budget do you have available for performance analysis?

Network Associates sniffer and sniffer reporter will do exactly what you want but cost $$$$. For a one off it would probably be cheaper to use a consultant (nudge nudge) who has already invested the money and has expertise with the tools than to buy the tools yourself.  However, a tool like NAI sniffer can be used to tackle many firewall/network related tasks and should be in your toolbag if you can afford it.

If you don't have any money to spend and don't own sniffer or a tool like it(like a netscout RMON probe), there are a couple of ways to attack the problem, but you will be using relativly unpolished freeware tools and need to be able to deal with what that implies (learning curve, bad docs, install problems, have to compile it yourself, bugs, etc.).  But if you have time, but no tools and money, they are your best bet.

If you have a cisco router in front of your firewall and access to a unix box with your standard GNU development stuff on it, you can use netflow data export and a tool called flowscan to create graphs of the data.  You can read about flowscan here:  http://www.caida.org/tools/utilities/flowscan/index.xml

If you would like to try getting per protocol stats off of your firewall directly, you can try this tool:
http://www.rotoni.com/FwGold/
The problem with this approach is that you will have to really crank up your logging, which could cause resource utilization issues on your firewall.

Here are a couple of other freebie type tools to look at:
http://cebu.mozcom.com/riker/iptraf/
http://ourmon.cat.pdx.edu/ourmon/
http://www.ntop.org/ntop.html

HTH,

Steven McNutt, CCIE #6495, CCSE #6224, MCSE
President
LightningCloud Technologies
bus:cel:[email protected]

-----Original Message-----
From: Jarmoc, Jeff [mailto:[email protected]]
Sent: Wednesday, April 10, 2002 5:04 PM
To: [email protected]
Subject: [FW-1] Network performance analysis / sniffing.


        I'm hoping someone can help me with something that's only partly
firewall related.  At times, the external interface of firewalls I'm
responsible for will become highly utilized.  In going down the path of
looking for upgrades, management invariably asks the question, "What sort of
traffic is this interface passing?"  Obviously, I can tell what traffic is
allowed by looking at my firewall rulebase and logs.  What's more difficult,
is to tell how much of each type of traffic is allowed.
        For example, I can presume that HTTP and SMTP are two of the major
protocols in use on my network.  However, I can't reliably state the HTTP
accounts for X% of total utilization while SMTP accounts for Y%.  And
therein lies my question.  Does anyone know of a relatively simple way to
collect these sorts of statistics?  My first thoughts are to possibly i) run
a sniffer near my firewall, and analyze it's captured data in order to
generate these statistics.  My second thought is that maybe the firewall
logs already contain most of the information I'm looking for.  What sorts of
solutions have other people implemented to answer these sorts of questions?

        Any and all ideas are appreciated greatly.

Jeff Jarmoc - CCSA, CCNA, MCSE
Network Analyst - Grubb & Ellis
[email protected]

=================================================
To set vacation, Out Of Office, or away messages,
send an email to [email protected]
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
[email protected]
=================================================

=================================================
To set vacation, Out Of Office, or away messages,
send an email to [email protected]
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
[email protected]
=================================================



 
----------------------------------

ABOUT SERVICES PRODUCTS TRAINING CONTACT US SEARCH SUPPORT SITE MAP LEGAL
   All contents © 2004 Network Presence, LLC. All rights reserved.