Real-time Traffic Viewer

[quore]

I come from a background of using Checkpoint firewalls and a little bit of Cisco ASA's, and one thing that helped me out a great deal was being able to see in real-time, was the traffic as it passed through the firewall. Many times I needed to open additional ports, or just see what ports were being used to make a rule more granular, and I would setup an access-list or run a fwmonitor command, and be able to see what traffic was passing, or being blocked. I think this is what Untangle needs.

It is nice to be able to use the AD Connector and use the domain user accounts, but I havnt seen a way to look at a log to see what a specific user is connecting to, or to see a list of what everyone is connecting to and who that user is. All I see are IP addresses and that is not always very helpful, or can take a long time to track down, if at all.

Perhaps there is a way to do this through the command line console, and if so, please point me in the right direction; but if not, I think this is something that needs to be added and will be very helpful.

Also, with regards to the firewall, being able to make groups and applying those groups to rules would be helpful as well. Much better than having to make multiple rules of the same access.

[bigdessert]

from the gui, click on the default rack button at the top and go to session viewer.


from the command line you can also run jnettop.

[quore]

Do you have a list of commands for the jnettop? I am not familiar with that.

The Show Sessions is nice, but it doesnt show anything about usernames. It would be helpful to know what user was doing what. The session viewer also does not allow me to watch a specific IP if I wanted to. There is no way, that I know of right now, to pull up a list or make one or just watch it in real-time, access to one IP address (or hostname) if I wanted to. I think Untangle just needs something that can do this in real-time if/when needed.

[proactivens]

And you would be willing to pay for this feature if developed?

[quore]

And you would be willing to pay for this feature if developed?

Perhaps. Web Cache was developed but I did not have to pay for it since I have the education premium package. I would assume the same thing for something like this. However, I wouldnt be suprised if the renewal price increases.

[memothejanitor]

I added a couple requests through bugzilla such as MAC ID lookup by clicking a MAC ID, Ip lookup or whois nslookup, and also port lookup, I'd suggest you to go here and make a request http://bugzilla.untangle.com/

[dozer]

I could do with something like this. Even it`s just a filter to view a specific user or ip in Webfilter so I could monitor them for a few minutes etc via auto refresh.

[gotkimchi]

If you have the Directory connector, I would have two windows open, one for the currently logged in users (which shows the AD names and IP addresses), and the other window the show sessions.

Finally, you can try the packet capture on config, networking, troubleshooting.

[donhwyo]

If you can get to the physical console, type wireshark and wireshark will pop up. If it's not easy to get to it there are a couple of ways to remote to it too.

Don

[Spiral]

what about tcpdump with networkminer as posted here: http://forums.untangle.com/tip-day/9...-untangle.html