If you want to do this simultaneously you will need at least 3 NICs on your NST system for monitoring. You will need to set up 3 CISCO SPAN ports or just one SPAN port aggregating the 3 specific ports to the SPAN port. Connect the NST monitoring NICs to each SPAN port
Next visit the NST WIKI using these links for how to monitor network traffic using NST:
Thanks for your Answer RWH, but I made a mistake in my explanation, i have 3 ports traffic to specificly monitoring (Internet Routeur, DSL routeur, switch uplink).
On NST system, i have 3 NICS (1 management, 1 dedicated monitoring, 1 backup). all (management and monitoring(Gi0/24), Internet Routeur(Gi0/1), DSL routeur(Gi0/2), switch uplink(Gi0/3)) are connecting to the same switch.
when i add cisco SPAN command :
monitor session 1 source interface gigabitethernet0/1
monitor session 1 source interface gigabitethernet0/2
monitor session 1 source interface gigabitethernet0/3
monitor session 1 destination interface gigabitethernet0/24 encapsulation replicate
thanks for everyone can help me.
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
1 yes the dedicated monitoring is connecting to 2960G port gigabitethernet0/24.
2 i use ntop.
3 in promiscious mode in ntop config. is there location to define the nic in promiscuous mode
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
i think i solved my problem.
all interface was inaccessible du to SPAN configuration Why ??? i don't know.
but from the NST machine console, it's slow but i can see live data analysis in ntop.
I also activate promiscuous on the nic interface parameter in WUI interface, i don't remember where exactly.
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
1) If you are using the NST WUI ntop management page to start ntop then you do not have to worry about configuring promiscuous mode on the NIC. This is done automatically by ntop.
2) To manually set promiscuous mode via the NST WUI, just click on a NIC icon (Many NST WUI pages provide NIC icons) and use the "Promisc On" action button. View the "Promiscuous" flag setting for the NIC to see if it is enabled or not.
3) You can use the "Network Packet Capture" page to quickly do a capture to see if you are seeing any data from the SPAN port.
See this NST Wiki page for additional help on NST and ntop usage:
hi Ronald,
I have an other issue in Ntop, when i click on a host, i don't have detailed of ip traffic like protocole and port number, i have the screen in attachment below.
hi,
i just install NST, anyone can help me to monitoring source/destination/protocole/bandwith from 3 spécifique port of my 2960G cisco Switch.
NST look like a nice tool, but a simple howto for basic use will good things.
Thx.
Noritaka:
If you want to do this simultaneously you will need at least 3 NICs on your NST system for monitoring. You will need to set up 3 CISCO SPAN ports or just one SPAN port aggregating the 3 specific ports to the SPAN port. Connect the NST monitoring NICs to each SPAN port
Next visit the NST WIKI using these links for how to monitor network traffic using NST:
http://wiki.networksecuritytoolkit.org/nstwiki/index.php/HowTo_Monitor_Network_Traffic
http://wiki.networksecuritytoolkit.org/nstwiki/index.php/NST_Network_Interface_Bandwidth_Monitor
---RWH
Thanks for your Answer RWH, but I made a mistake in my explanation, i have 3 ports traffic to specificly monitoring (Internet Routeur, DSL routeur, switch uplink).
On NST system, i have 3 NICS (1 management, 1 dedicated monitoring, 1 backup). all (management and monitoring(Gi0/24), Internet Routeur(Gi0/1), DSL routeur(Gi0/2), switch uplink(Gi0/3)) are connecting to the same switch.
when i add cisco SPAN command :
monitor session 1 source interface gigabitethernet0/1
monitor session 1 source interface gigabitethernet0/2
monitor session 1 source interface gigabitethernet0/3
monitor session 1 destination interface gigabitethernet0/24 encapsulation replicate
thanks for everyone can help me.
Noritaka:
I am a little confused with your question now:
1) Are you connecting the NST dedicated monitoring NIC to the Cisco 2960G port: gigabitethernet0/24?
2) Which NST monitoring tool are you using?
3) Have you put the NST dedicated monitoring NIC in promiscuous mode?
---RWH
1 yes the dedicated monitoring is connecting to 2960G port gigabitethernet0/24.
2 i use ntop.
3 in promiscious mode in ntop config. is there location to define the nic in promiscuous mode
i think i solved my problem.
all interface was inaccessible du to SPAN configuration Why ??? i don't know.
but from the NST machine console, it's slow but i can see live data analysis in ntop.
I also activate promiscuous on the nic interface parameter in WUI interface, i don't remember where exactly.
Noritaka:
1) If you are using the NST WUI ntop management page to start ntop then you do not have to worry about configuring promiscuous mode on the NIC. This is done automatically by ntop.
2) To manually set promiscuous mode via the NST WUI, just click on a NIC icon (Many NST WUI pages provide NIC icons) and use the "Promisc On" action button. View the "Promiscuous" flag setting for the NIC to see if it is enabled or not.
3) You can use the "Network Packet Capture" page to quickly do a capture to see if you are seeing any data from the SPAN port.
See this NST Wiki page for additional help on NST and ntop usage:
http://wiki.networksecuritytoolkit.org/nstwiki/index.php/HowTo_Geolocate_ntop_Data
---RWH
hi Ronald,
I have an other issue in Ntop, when i click on a host, i don't have detailed of ip traffic like protocole and port number, i have the screen in attachment below.
Thanks for your help.