Some time ago I installed a new firewall at the customer’s site. Meanwhile, the customer was interested in the flows that are traversing through the firewall right now. Oh. Good question. Of course, it is easy to filter through log messages of firewalls, but theses logs are only for finished sessions. Yes, there are “session browsers” or the like on all firewalls, but they are not nice and handy to analyze the sessions in real time.
The solution was to bring a network analyzer on a mirror port near the firewall. I decided to use ntopng running on the live Linux distribution Knoppix. Great choice! An old notebook with two network adapters fits perfectly. A handful of commands and you’re done:
Continue reading Out of the Box Network Analyzer “ntopng” →