How to monitor all network traffic [closed]

I have installled wireshark on my server but can only monitor traffic through the local nic but all network traffic does not go through the server. I would like to monitor all network traffic.

Are there any good suggestions for software tools to monitor the complete network.

From reading it appears you would need to put a machine next to the router to access all traffic going through however I would I prefer not to do that at the moment. I have set up my router to log traffic but this is just general information.

Is there a tool that lets you do it, preferably free?

Answer

After reading your comments, there are a few different solutions you should employ.

  1. If you don’t want rogue users on your network, employ 802.1x authentication at the switchport. This will prevent unauthorized devices from being connected to your network.

  2. If you periodically want to troubleshoot network issues, use port mirroring on your switch to duplicate the network port connected to the problematic device, you can then use wireshark to “listen in” on the traffic on that port. This is not something that you should leave running 24/7.

  3. If you want to monitor general network performance, you should use a network monitoring tool that can query your switch/router’s metrics via SNMP. Programs like Nagios, SolarWinds Orion NMS, Microsoft System Center Operations Manager, and dozens of others can do this. This will give you historical insight into your network performance down to a per-port view.

Unless you’re troubleshooting general ingress/egress traffic flow, which it doesn’t sound like you are, then there’s no reason to try and capture 100% of the traffic being routed in your environment.

Attribution
Source : Link , Question Author : John Fleming , Answer Author : MDMarra

Leave a Comment