Results 1 to 2 of 2
Hello. Nice site. I need to build a "box" of some sort that can monitor packets for individual IP addresses. This would send alerts if there was an absorbent amount ...
Enjoy an ad free experience by logging in. Not a member yet? Register.
- 12-16-2004 #1
- Join Date
- Dec 2004
A new project I have due. I could use assistance.
I need to build a "box" of some sort that can monitor packets for individual IP addresses. This would send alerts if there was an absorbent amount of traffic on an "odd port" (worms, Trojans, malware - to be customized) and let us know which IP it's coming from.
This is for a large (and growing) WiFi ISP.
We just need to know when these scumware's are using bandwidth so we can alert the client and/or turn them off.
The through-put is 45MB a second at the nock. (So a 10/100 NIC is sufficient)
I was thinking of something like TCPdump or similar. I think reporting EVERY packet could be very cumbersome for this box - so maybe ever 5th packet or something. Then show a % or somthing.
This box will not be in our physical location - so we would like the data to be pushed over to a PHP site , or so we can remotely see the data.
I would like this to be a rack, but the physical is not important right now.
Any good ideas here on this?
- 12-16-2004 #2
- Join Date
- Oct 2004
Did you try out Nagios??
It's a general purpose network monitor, but can be extended with plugins.The Unforgiven
Registered Linux User #358564