UbuntuHelp:NetworkMonitoringBridge
来自Ubuntu中文
 |
点击翻译: |
English |
请不要直接编辑翻译本页,本页将定期与来源同步。 |
<<Include(Tag/ContentCleanup)>> <<Include(Tag/Unsupported)>>
目录
Introduction
This document outlines the creation of a network monitoring bridge on Ubuntu 6.06 (Dapper). The bridge can be transparently plugged into any segment of a local subnet to analyze network traffic without disturbing network services. ntop is used for monitoring; it provides comprehensive statistics on network usage and throughput. For more information on what a bridge is see the Linux Documentation Project Bridging Howto.
Sample uses of the network monitor
- Analyze connection problems to local database server
Network configuration: LAN <=> switch <=> Database server Network with monitoring: LAN <=> switch <=> Network Monitoring Bridge <== PATCH CABLE ==> Database server
- Analyze network usage on a subnet at our University
Network configuration: INTERNET <=> Gateway firewall <=> Switch <=> Local network Computers Network with monitoring: INTERNET <=> Gateway firewall <== PATCH CABLE ==> Network Monitoring Bridge <=> Switch <=> Local network Computers
Prerequisites
Begin with a fairly powerful PC with enough RAM, 128MB or more. Install two 100mb/s network cards on this machine and obtain a Patch cable. You may begin with either a Desktop or Server installation of Ubuntu 6.06 (Dapper). See InstallingSoftware for more information.
Install Software
Install bridge utilities from Main repository
sudo apt-get install bridge-utils
Install ntop from Universe repository
sudo apt-get install ntop
/!\ The ntop install will give some errors. This is ok. We will fix it later! /!\
Configure the Bridge
Edit /etc/network/interfaces to reflect your network topology. The following example configuration configures the bridge via DHCP. You could easily modify the line iface bridge01 inet dhcp to be iface bridge01 192.168.1.2 netmask 255.255.255.0 up for a static IP address.
Sample /etc/network/interfaces file
# This file describes the network interfaces available on your system # and how to activate them. For more information, see interfaces(5). # The loopback network interface auto lo iface lo inet loopback auto bridge01 iface bridge01 inet dhcp pre-up ifconfig eth0 down pre-up ifconfig eth2 down pre-up brctl addbr bridge01 pre-up brctl addif bridge01 eth0 pre-up brctl addif bridge01 eth2 pre-up ifconfig eth0 0.0.0.0 pre-up ifconfig eth2 0.0.0.0 post-down ifconfig eth0 down post-down ifconfig eth2 down post-down ifconfig bridge01 down post-down brctl delif bridge01 eth0 post-down brctl delif bridge01 eth2 post-down brctl delbr bridge01
Restart networking
sudo /etc/init.d/networking restart
Configure ntop
Edit ntop configuration
sudo nano /var/lib/ntop/init.cfg
Change the INTERFACES line to the name of your bridge. Something like...
INTERFACES="bridge01"
configure NTOP to recognize your local subnet
sudo nano /etc/default/ntop
Change the GETOPTS variable to something like...
GETOPTS="--local-subnets=192.168.1.0/24"
Set the admin password for NTOP (Enter the password for your sudo account)
sudo ntop --set-admin-password
Restart NTOP
sudo /etc/init.d/ntop restart
Test ntop by browsing to http://localhost:3000
Install and begin monitoring
- To begin monitoring choose a place on your network that you would like to monitor as shown in the examples above
- Plug the patch cable to one of the network devices on the Network Monitoring Bridge
- Unplug the network cable from the computer you would like to monitor and plug the cable into the other network device of the Network Monitoring Bridge
- Plug free end of the patch cable to the computer that will be monitored
- Restart networking on the Network Monitoring Bridge
sudo /etc/init.d/networking restart
View network traffic statistics at http://ip_address_of_network_monitor:3000
Additional Information
Another description of how to enable Connection Bridging, including Internet Connection Bridging, is available at NetworkConnectionBridge. `It would be great for a knowledgeable person to assist with integrating both of these pages as they are closely related, but slightly divergent.`
