Give me some inspiration and examples for visualizing the network and analyzing flows that I can play around with. But I am not sure what I should look for. Monitoring and analyzing is a big part of it aswell. I think I realized typing firewall and routing commands is just a small part of our jobs. TLDR Im new and trying to absorb how to be a good network administrator. We're mostly using mikrotik (netflow 5,9 and ipfix) and vyos (I only got netflow 5 to work, and only on inbound interface, no ipv6). (Ntop 1 and NG-MON 2) capture raw packets from network links or network devices, and generate flow data with their own flow format. And I havent even started looking into visualizing in kibana yet. But right now the data is just useless without any visualisation. Are there any resources that share Kibana dashboards, or sites for inspiration? I've managed to send netflow v5 and 9 to it. I've recently discovered the Elastic stack, and I am trying to look into all of its possibilities. I also saw a Kentik netflow as a service thing, which seemed powerful, but I have no idea about the pricing, I could find no info. Is it possible to send netflow data directly to it, or do you have to send it through the nProbe, which costs money? It seemed to do reverse dns lookups on source/dst IP's which was pretty cool. Similar to nfsen, but doesn't look like its made in the '90s. I saw ntopng the other day, just barely looking at it. Alot of the biggest products also seem to offer much of things we dont need, such as SNMP, since we already do that in LibreNMS. I know there are a lot of tools such as Solarwinds, PRTG, but we're happy with Open source, or low licensing costs. But I've gotten really intrested in the traffic flow part right now. This is all good, and gives us some alerting aswell. Today we're already visualizing snmp bandwidth graphs, and router locations throughout the country with LibreNMS. Not sure how useful this for network administrators, maybe more to impress sales and the boss. Some other cool features and visualizations I've seen are mappings on potential ddos machines, on a world map. Grafs showing end user traffic patterns, abnormalities.Īs we're also a smaller ISP, I guess netflow/ipfix data with visualization showing AS traffic patterns, so we can see potential peering partners. But I imagine, since we're a "ITaaS" shop, some useful information would netflow data visualized. You could do this manually, but then you have to update your SPF records every time one of the providers changes their IPs (which happens frequently). Flattening the SPF record to include less DNS lookups and substituting them for IPs (flattening) is a way to get around the limit. It is possible to receive flows from different locations which can be displayed in a single instance of ntopng. I am not completely sure on what I am looking for. The 10 lookup limit is a limit for DNS lookups. I'm pretty new to networking, two years in my field. watering hole through DNS spoofing and lateral movement through pivoting. I work for a company which delivers "it as a service" to mostly medium sized businesses. our approach relying only on network flows of internal corporate traffic.
0 Comments
Leave a Reply. |