ntop is an excellent tool for this purpose. However, you will need to properly configure the network for ntop to capture traffic on a switched network. A network switch will only send broadcast traffic to all ports. To "hear" all traffic, a switch port has to be configured as a mirror, span or monitor port. You can then connect your network monitor to this port to listen to all traffic on the network. Another option would be to get a network tap and place it between the edge router & the LAN switch. This will permit you to see all traffic entering and exiting the local network. It would not show you host to host traffic on the local LAN though. Take a look at some of my blog postings on this topic. Start on this page and the first part of the series starts here. The ntop mailing list is a great place to get additional assistance on this excellent application. This video or this one may also give you some education into using ntop. You can find some liveCD's with ntop on it. Check out the Network Security Toolkit.

See this similar question.

Please complete the following information:

REGISTER / LOG-IN TO DISCUSS

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Submit your e-mail address below to continue

E-mail: 

E-mail: 

Handle:   

Password: 

Forgot Password?

Create Handle: 

Your handle identifies you in ITKnowledgeExchange. Max 30 char.

Create Password: 

Confirm Password: 

Yes, I agree to the IT Knowledge Exchange  Terms and Conditions.

hidden modal window