[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Full-disclosure] Considering nSight, any opinions?
- To: Jon Dossey <JDossey@xxxxxxxxxxxxxxxxxxxx>
- Subject: Re: [Full-disclosure] Considering nSight, any opinions?
- From: Jason Heschel <jason.heschel@xxxxxxxxx>
- Date: Thu, 28 Jul 2005 11:18:44 -0400
Jon,
Actually ntop is what we're trying to move off of. It's a great tool,
but we needed more data and more flexibility.
We looked at Q1Labs QRadar as well, but couldn't afford it. nSight
appears to be somewhere in the middle.
On 7/28/05, Jon Dossey <JDossey@xxxxxxxxxxxxxxxxxxxx> wrote:
> > Hi list,
> >
> > I tried sending this to a SecurityFocus list but I think everyone's at
> > Blackhat or something. :)
> >
> > We've spent the last few weeks evaluating nSight (www.intrusense.com).
> > It's been very helpful in identifying exactly what, when and who is
> > eatting up all of our internal network bandwdith as well expose some
> > 'strange' internal network behavior which was causing some
> > intermittent problems with our Windows hosts. Anyways, we're now
> > considering making a purchase.
> >
> > I'm curious to hear any opinions, problems or praise people have for
> > this software. Does it scale well? It seems to collect a lot of
> > information. How does it perform after collecting several months worth
> > of data?
> >
> > -jason
>
> I'm a big fan of NTOP (http://www.ntop.org) personally.
>
> Just span some ports on a core switch, setup your netflows, and watch
> the fireworks. Great piece of software. Just need to remember the
> PF_RING kernel patch if you're capturing a significant amount of
> traffic.
>
> .jon
>
>
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/