Someone is using too much bandwidth???
dineshg at hostway.com
Wed Nov 22 06:48:48 CET 2006
ntop is a good solution too. It gives you current thoroughput and total
It gives you info about the transmission type as well - TCP/UDP.
All the best !!
> Taylor, Grant wrote:
>> lubasi wrote:
>>> How can i interprate the #tail -f /var/logs/messages to determin
>>> which machine is doing kazaa or any other P2P???consuming the
>> By default /var/log/messages will not record any thing about traffic
>> that is
>> passing through the system. You can add IPTables rules that will cause
>> matched packets to be logged via Syslog which you can then see in
>> However to get a better idea of what traffic is running on your network,
>> consider TCPDump or a GUI front end like Etherial. This will give you a
>> real time report of what traffic is flowing in to / out of / through
>> system (presuming you sniff the correct interface). You can tell
>> from this,
>> which computer is consuming more bandwidth than it should based on the
>> frequency of the source / destination IP showing up in TCPDump's output.
>> You could add rules to IPTables that match specific IPs in question and
>> watch the hit counters to see which system(s) are incrementing their
>> counters at an exceptional rate. One (or more) system(s) should jump
>> out at
>> you as being the culprit(s).
>>> And how do i block these popular P2P???
>> First you need to find out more about the type of P2P traffic that
>> you are
>> experiencing so that you can more accurately filter it out / rate
>> limit it.
>> I will say that you may have better luck with rate limiting. If you
>> completely block a users access to something they will find a different
>> method to get to what they want to get to. If your users switch to
>> something else you then have to learn about that too. Where as if
>> you let
>> your users use one system but control the amount of bandwidth
>> consumed and /
>> or the priority you may not play the above game nearly as often.
>> My family has a saying, "Give 20% to get 80% of what you want.".
>> Grant. . . .
> iftop will suit your needs for monitoring like that.
More information about the netfilter