Firewall Wizards mailing list archives
RE: Statistics for Firewalls
From: John Adams <jna-dated-1032202478.26c83c () retina net>
Date: Wed, 11 Sep 2002 11:54:36 -0700 (PDT)
On Wed, 11 Sep 2002, Joe Matusiewicz wrote:
I think it's marvelous. The only problem I had with it was on one of my networks. The firewall there averages 70,000 simultaneous connections and ntop keeps a record of all the ip addresses that goes through the network. Keeping track of so many addresses bogged down the hash memory so much until ntop was unusable. :( I wound up using iptraf there. But ntop works great everywhere else I put it.
I had similiar problems with ntop. What I usually do is to filter out of the traffic I deem useless with a tcpdump expression. For example, do you really need to know every DNS connection? Hell no, filter that. Filter NNTP. Filter all SMTP that isn't bound for your main mail server. Filter out NetBIOS. Watch only the items under NTOP that you can actually do something about (KaZaa, File Sharing, etc.) and ignore (or just log) the rest. We were able to increase our network peformace by going after people who were using serious amounts of bandwidth and have some idea of what the general picture of network traffic was like using NTOP, but it really can't be used as a complete solution, as the amount of data is akin to drinking from a firehose. -john _______________________________________________ firewall-wizards mailing list firewall-wizards () honor icsalabs com http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
Current thread:
- Statistics for Firewalls Sutantyo, Danny (Sep 10)
- Re: Statistics for Firewalls Dominik Miklaszewski (Sep 10)
- Re: Statistics for Firewalls Jos Andel (Sep 10)
- Re: Statistics for Firewalls Volker Tanger (Sep 10)
- <Possible follow-ups>
- Re: Statistics for Firewalls Joe Matusiewicz (Sep 10)
- Re: Statistics for Firewalls S. Jonah Pressman (Sep 10)
- RE: Statistics for Firewalls Noonan, Wesley (Sep 10)
- RE: Statistics for Firewalls Christopher Hicks (Sep 10)
- RE: Statistics for Firewalls Bill Royds (Sep 10)
- RE: Statistics for Firewalls Joe Matusiewicz (Sep 11)
- RE: Statistics for Firewalls John Adams (Sep 11)
- RE: Statistics for Firewalls Joe Matusiewicz (Sep 11)
- RE: Statistics for Firewalls John Adams (Sep 11)
- RE: Statistics for Firewalls Christopher Hicks (Sep 11)
- Re: Statistics for Firewalls IT - Sven Mueller (Sep 12)
- RE: Statistics for Firewalls Christopher Hicks (Sep 10)
- Re: Statistics for Firewalls Dominik Miklaszewski (Sep 10)