Someone is using too much bandwidth???

[tom]

Taylor, Grant wrote:
> lubasi wrote:
>> How can i interprate the #tail -f /var/logs/messages to determin
>> which machine is doing kazaa or any other P2P???consuming the
>> bandwidth.
>
> By default /var/log/messages will not record any thing about traffic 
> that is
> passing through the system.  You can add IPTables rules that will cause
> matched packets to be logged via Syslog which you can then see in
> /var/log/messages.
>
> However to get a better idea of what traffic is running on your network,
> consider TCPDump or a GUI front end like Etherial.  This will give you a
> real time report of what traffic is flowing in to / out of / through your
> system (presuming you sniff the correct interface).  You can tell from 
> this,
> which computer is consuming more bandwidth than it should based on the
> frequency of the source / destination IP showing up in TCPDump's output.
>
> You could add rules to IPTables that match specific IPs in question and
> watch the hit counters to see which system(s) are incrementing their
> counters at an exceptional rate.  One (or more) system(s) should jump 
> out at
> you as being the culprit(s).
>
>> And how do i block these popular P2P???
>
> First you need to find out more about the type of P2P traffic that you 
> are
> experiencing so that you can more accurately filter it out / rate 
> limit it.
>  I will say that you may have better luck with rate limiting.  If you
> completely block a users access to something they will find a different
> method to get to what they want to get to.  If your users switch to
> something else you then have to learn about that too.  Where as if you 
> let
> your users use one system but control the amount of bandwidth consumed 
> and /
> or the priority you may not play the above game nearly as often.
>
> My family has a saying, "Give 20% to get 80% of what you want.".
>
>
>
> Grant. . . .
>
>
iftop will suit your needs for monitoring like that. 
http://freshmeat.net/*iftop*