real time monitoring ....
Why NagiosXI
I was searching for a free monitoring solution for my lab and came across Nagios XI. It offers a simple yet powerful infrastructure monitoring systems, performance metrics and advanced reporting. Its customizable dashboards, multi-tenant capabilities, and seamless integration made it the perfect fit for my setup. The free version supports up to seven hosts or 100 services, whichever limit is reached first.
Features
- Comprehensive Monitoring – Servers, networks, applications, databases, and services.
- Customizable Dashboards – User-friendly UI with drag-and-drop widgets.
- Advanced Reporting – Performance graphs, availability reports, and SLA tracking.
- Alerting & Notifications – Email, SMS, and custom script alerts.
- Multi-Tenant Support – Role-based access control for different users.
- Capacity Planning – Predict trends with historical data analysis.
- Configuration Wizards – Simplifies setup and monitoring.
- API & Integrations – Supports third-party tools and automation.
- Scalability – Handles large-scale environments efficiently.
- Auto-Discovery – Detects new devices and services automatically.
OVA, Agents & WinRM
Data Locks - Monitoring Solution
I found NagiosXI to have one on the most intuitve designs to allow quick and easy setup to monitor a slew of differnet technologies. With a wizard style menu system you and easily get this software up and running in a matter of minutes. The OVA comes with the ability to monitor MySQL, Linux, SNMP, WMI, WinRM and discovery of many other servers and services out fo the box.
The Nagios Cross-Platform Agent (NCPA) is an open-source monitoring tool that works across multiple operating systems like Windows, Linux, and Mac OS X. It supports both active and passive checks, real-time metrics, and custom plugin integration through a user-friendly web interface.
Here is a link for settting up monitoring via WinRM. Seeing my connection was comming from a non-domain system in my case I had to run the following commands on the domain computer.
Required for WinRM to Work:
winrm set winrm/config/service/auth '@{Basic="true"}'` ''
winrm set winrm/config/service '@{AllowUnencrypted="true"}'
WireShark | Taps & Span Port (Mirror)
What is SPAN Port
In networking, a SPAN port (Switched Port Analyzer) is used for network monitoring and troubleshooting. It's a port on a network switch that mirrors the traffic from one or more source ports and sends that traffic to a destination port for analysis.
What is a Wire TAP
A Network TAP (Test Access Point) is a hardware device used for monitoring network traffic. It creates an exact copy of the data traffic on a network without affecting the performance or integrity of the original data flow.
Is this required?
No, a wire tap and a SPAN port are optional \ optimal ways to review data on the network. If you just want to install Wireshark and run it on your local system you can see all the traffic to and from that local system.
Wireshark?
Wireshark is a (FREE) widely used open-source network protocol analyzer. It allows users to capture and inspect data packets traveling through a network in real-time. With its detailed packet-level analysis, Wireshark helps troubleshoot network issues, analyze traffic patterns, and detect security vulnerabilities. It supports various protocols and provides powerful filtering and visualization tools to assist network administrators, security professionals, and developers.
Gather
Capture Data
Run Wireshark and let it run collecting information from the network
Export
Export
Export the data to a CSV file for filtering
Filter and Review
Filter Results
Open the CSV file and filter out all local IP addresses (192.168.x.x) within the destination column and copy that column to another file; Book1.csv
Open Book1.csv and use the data managment tools to remove duplicates.
Results!
Data Mining
I wrote a Python script that will import Book1.csv and pull Geo-location information
and perform a whois search by IP address and export results to Output.csv
Using WireShark
An in-depth look at network traffic...
Once you have set up your SPAN or TAP ports you can simply plug your ethernet in and run the application. I do not configure an IP on the NIC. This NIC will operate in what is referred to as promiscuous mode. This means it will just allow all traffic and not drop packets.
Now you can simply press the play button and select your interface you want to monitor on that local system and data starts flying in. I usually capture it for about 5 minutes and then stop it so I can save the output and then work with that dataset instead of trying to filter while it’s live.
There are built in DIsplay Filters that can be accessed within Wireshark. To see the options just type in IP and a dropdown of pre-formatted options will appear. Simply select one and edit it to match your network IP scheme.
