[BlueOnyx:13182] Monitoring tools
George F. Nemeyer
tigerwolf at tigerden.com
Wed Jun 5 13:41:52 -05 2013
With the recent spate of DNS attacks, I've found some tools (one just
today) that can prove very useful in observing and figuring out what's
going on with DNS and other traffic.
1. iftop - A very easy to use text-terminal program to watch various
sorts of traffice to/from a network interface. It has filters and options
to narrow down the displayed info, plus a nifty integrated bar graph that
shows relative amounts/speed of traffic to/from various connecting IPs.
I'd not be without this one!
Info at: <http://en.wikipedia.org/wiki/Iftop>
Home page/code at: <http://www.ex-parrot.com/pdw/iftop/>
2. dnstop - Another text-terminal program that watches and reports
specifically DNS types of traffic/queries.
Info and pre-built RH/Centos RPMs at:
<http://dns.measurement-factory.com/tools/dnstop/index.html>
3. dns_flood_detector - a daemon or bind-integrated alarm/analyzer
for DNS flooding. I've just learned of this one, and haven't had
the chance yet to play around with it.
Info and code at: <http://www.adotout.com/dnsflood.html>
I'd recommend these for consideration as Blue Quartz repository packages.
=^_^= Tigerwolf
More information about the Blueonyx
mailing list