Analyze and detect network usage patters using logs The GNOME Network Tools accessed from Applications -> System Tools include ping, traceroute, and netstat.
Monitor Tools
ping
ping uses the Internet Control Message Protocol (ICMP) to check another host on a network. It sends a request to the host and which then sends a reply back. Break or ^c used to stop the ping command. If the ping fails, it issues a message that the host is unreachable. Some networks blocks ICMP protocol as a security precaution.
$ ping ananova.com
Ettercap
It performs Unified or Bridged sniffing on all connections between network interfaces. It detects Man-in-the-Middle attacks where unauthorized user gets access to a network and then modifies packets in transit. It is available as a graphical user interface, script mode, daemon logging, and at the command line.
Plugins
- dos_attack: detect denial-of-service attacks
- dns-spoof: for DNS spoofing detection
ettercap -p list
Wireshark
A network protocol analyzer captures packets transmitted across a network, selects and examines protocols. Wireshark displays three panes:
- A listing of current packets
- The protocol tree for the currently selected packet
- Display selected packet contents
tcpdump
Operates from the command line and it captures network packets
Options
- -i: specify an interface to listen to
-c: limit the number of packets to capture
-w: to save packets to a file
-r: apply filter expression
netstat
It provides real-time information on the status of network connections, statistics, and the routing table. It lists active TCP connections and then active domain sockets. The domain sockets contain processes used to set up communication among systems and other systems.
Options
- -r: display the routing table
-i: display different network interfaces
When it comes to website monitoring beginners have a lot to learn. However, the basics aren’t so difficult to learn about network monitoring so a beginner can really learn the necessities fairly quickly. Some of the basics are provided below-
First of all, when you are looking for a network monitoring service you want to find one that will notify you immediately of any problem that I detected. This type of monitoring service will save you a lot of downtime because the problem is detected immediately allowing restoration to occur more rapidly.
First, your HTTP should be monitored so that if any unauthorized changes are made you will know immediately. The same goes to ensure that a valid response code is running. Multiple pages should be monitored for best results. HTTPS should also be monitored to ensure they are secure. You want your PING to be monitored as well as it will ping your web site IP address to make sure all is well. The same goes for POP3 server monitoring and SMTP. FTP monitoring is also very desirable.
Make sure that the website monitoring service you choose does not simply notify you of problems via email. You may not be in front of your computer to deal with the situation immediately. Choose a network monitoring service that will notify your email, cell phone, and even your Instant Messaging service to ensure you get the message as promptly as possible.
