Someone is using too much bandwidth???

Taylor, Grant gtaylor at
Tue Nov 21 19:25:17 CET 2006

lubasi wrote:
> How can i interprate the #tail -f /var/logs/messages to determin
> which machine is doing kazaa or any other P2P???consuming the
> bandwidth.

By default /var/log/messages will not record any thing about traffic that is
passing through the system.  You can add IPTables rules that will cause
matched packets to be logged via Syslog which you can then see in

However to get a better idea of what traffic is running on your network,
consider TCPDump or a GUI front end like Etherial.  This will give you a
real time report of what traffic is flowing in to / out of / through your
system (presuming you sniff the correct interface).  You can tell from this,
which computer is consuming more bandwidth than it should based on the
frequency of the source / destination IP showing up in TCPDump's output.

You could add rules to IPTables that match specific IPs in question and
watch the hit counters to see which system(s) are incrementing their
counters at an exceptional rate.  One (or more) system(s) should jump out at
you as being the culprit(s).

> And how do i block these popular P2P???

First you need to find out more about the type of P2P traffic that you are
experiencing so that you can more accurately filter it out / rate limit it.
  I will say that you may have better luck with rate limiting.  If you
completely block a users access to something they will find a different
method to get to what they want to get to.  If your users switch to
something else you then have to learn about that too.  Where as if you let
your users use one system but control the amount of bandwidth consumed and /
or the priority you may not play the above game nearly as often.

My family has a saying, "Give 20% to get 80% of what you want.".

Grant. . . .

More information about the netfilter mailing list