16-05-2016, 08:06 AM
17-05-2016, 03:01 PM
Packet sniffing is used within a network in order to capture and register data flows. Packet sniffing allows you to discern each individual packet and analyze its content based on predefined parameters.
Packet sniffing allows for very detailed network monitoring and bandwidth usage analysis. It, however, requires a broader knowledge of networks and their inner functions, in order to be able to recognize the relevance of the data being monitored.
Advantages of Packet Sniffing
Adding to normal bandwidth monitoring capabilities based on SNMP, PRTG allows administrators to discern actual bandwidth usage based on multiple parameters, such as source and destination IP addresses, MAC addresses, port numbers, protocols, etc., using packet sniffing. Furthermore, PRTG's packet sniffing functionality can be used to generate top lists, which enable administrators to recognize detailed usage trends, sources and destinations of individual communications via the network, as well as the details of the traffic flowing within said network.
How to Set up Packet Sniffing
Packet sniffing sensors generally use the host machine's network card, but can be configured to use monitoring ports found on some networking devices using port mirroring / forwarding in order to monitor the overall network bandwidth utilization.
Using a device equipped with a "monitoring port" or "port mirroring" you can use packet sniffing to monitor all the traffic in your network. Most unmanaged switches do not have this feature, many managed switches do.
Port mirroring is used on a network switch to send a copy of all network packets seen on one switch port to a monitoring network connection on another switch port. This is commonly used for network appliances that require monitoring of network traffic, such as an intrusion-detection system. Port mirroring on a Cisco Systems switch is generally referred to as SPAN. You can also use an old-fashioned hub. Hubs send all network packets to all ports, but they are a lot slower than switches.
Configure the switch(es) to send a copy of all network packets to the IP of the machine running PRTG
Create a new Packet Sniffing Sensor without any filtering to monitor network's total traffic
Packet filtering by a software firewall can degrade your system's performance, because it's a demanding task to examine every packet of data. A hardware firewall eases this burden.
Whichever option you choose, configuring and maintaining the firewall can be a difficult maintenance chore. A network firewall also can lend users a false sense of security, encouraging them not to maintain security at the machine level. If the network firewall fails or is not configured properly, this could prove disastrous.
Packet sniffing allows for very detailed network monitoring and bandwidth usage analysis. It, however, requires a broader knowledge of networks and their inner functions, in order to be able to recognize the relevance of the data being monitored.
Advantages of Packet Sniffing
Adding to normal bandwidth monitoring capabilities based on SNMP, PRTG allows administrators to discern actual bandwidth usage based on multiple parameters, such as source and destination IP addresses, MAC addresses, port numbers, protocols, etc., using packet sniffing. Furthermore, PRTG's packet sniffing functionality can be used to generate top lists, which enable administrators to recognize detailed usage trends, sources and destinations of individual communications via the network, as well as the details of the traffic flowing within said network.
How to Set up Packet Sniffing
Packet sniffing sensors generally use the host machine's network card, but can be configured to use monitoring ports found on some networking devices using port mirroring / forwarding in order to monitor the overall network bandwidth utilization.
Using a device equipped with a "monitoring port" or "port mirroring" you can use packet sniffing to monitor all the traffic in your network. Most unmanaged switches do not have this feature, many managed switches do.
Port mirroring is used on a network switch to send a copy of all network packets seen on one switch port to a monitoring network connection on another switch port. This is commonly used for network appliances that require monitoring of network traffic, such as an intrusion-detection system. Port mirroring on a Cisco Systems switch is generally referred to as SPAN. You can also use an old-fashioned hub. Hubs send all network packets to all ports, but they are a lot slower than switches.
Configure the switch(es) to send a copy of all network packets to the IP of the machine running PRTG
Create a new Packet Sniffing Sensor without any filtering to monitor network's total traffic
Packet filtering by a software firewall can degrade your system's performance, because it's a demanding task to examine every packet of data. A hardware firewall eases this burden.
Whichever option you choose, configuring and maintaining the firewall can be a difficult maintenance chore. A network firewall also can lend users a false sense of security, encouraging them not to maintain security at the machine level. If the network firewall fails or is not configured properly, this could prove disastrous.