16
General Discussion / Re: How do I detect "bad" packets and prevent them from hitting the WAN?
« on: January 16, 2019, 09:49:17 pm »You can capture packets on the interface and/or configure ntopng to show your most prolific talkers.
Interfaces, diagnosis, packet capture
Another option is to push netflow data to an external host for analysis. Solarwinds is a common option.
I don't think the amount of traffic is a problem, it seems to be the type of traffic. I'm using the built-in flow logs to watch things happen and at no point does our bandwidth spike and no individual IP address has a lot of activity.
I do like your idea about SolarWinds, unfortunately they seem to be focused on Windows and we're more of a Unix/macOS shop. Any other, possibly open source, suggestions for similar network monitoring?
Thanx!
Richard