From: Danny <dineshg@hostway.com>
To: netfilter@lists.netfilter.org
Subject: Re: Someone is using too much bandwidth???
Date: Wed, 22 Nov 2006 11:18:48 +0530 [thread overview]
Message-ID: <4563E4C0.30608@hostway.com> (raw)
In-Reply-To: <4563454B.6000609@t0mb.net>
Hi,
ntop is a good solution too. It gives you current thoroughput and total
bandwidth consumption.
It gives you info about the transmission type as well - TCP/UDP.
http://www.ntop.org/overview.html
All the best !!
- Danny
tom wrote:
> Taylor, Grant wrote:
>> lubasi wrote:
>>> How can i interprate the #tail -f /var/logs/messages to determin
>>> which machine is doing kazaa or any other P2P???consuming the
>>> bandwidth.
>>
>> By default /var/log/messages will not record any thing about traffic
>> that is
>> passing through the system. You can add IPTables rules that will cause
>> matched packets to be logged via Syslog which you can then see in
>> /var/log/messages.
>>
>> However to get a better idea of what traffic is running on your network,
>> consider TCPDump or a GUI front end like Etherial. This will give you a
>> real time report of what traffic is flowing in to / out of / through
>> your
>> system (presuming you sniff the correct interface). You can tell
>> from this,
>> which computer is consuming more bandwidth than it should based on the
>> frequency of the source / destination IP showing up in TCPDump's output.
>>
>> You could add rules to IPTables that match specific IPs in question and
>> watch the hit counters to see which system(s) are incrementing their
>> counters at an exceptional rate. One (or more) system(s) should jump
>> out at
>> you as being the culprit(s).
>>
>>> And how do i block these popular P2P???
>>
>> First you need to find out more about the type of P2P traffic that
>> you are
>> experiencing so that you can more accurately filter it out / rate
>> limit it.
>> I will say that you may have better luck with rate limiting. If you
>> completely block a users access to something they will find a different
>> method to get to what they want to get to. If your users switch to
>> something else you then have to learn about that too. Where as if
>> you let
>> your users use one system but control the amount of bandwidth
>> consumed and /
>> or the priority you may not play the above game nearly as often.
>>
>> My family has a saying, "Give 20% to get 80% of what you want.".
>>
>>
>>
>> Grant. . . .
>>
>>
> iftop will suit your needs for monitoring like that.
> http://freshmeat.net/*iftop*
>
>
next prev parent reply other threads:[~2006-11-22 5:48 UTC|newest]
Thread overview: 10+ messages / expand[flat|nested] mbox.gz Atom feed top
2006-11-21 17:22 Someone is using too much bandwidth??? lubasi
2006-11-21 18:13 ` Pablo Sanchez
2006-11-21 18:25 ` Taylor, Grant
2006-11-21 18:28 ` tom
2006-11-22 5:48 ` Danny [this message]
2006-11-25 18:54 ` R. DuFresne
-- strict thread matches above, loose matches on Subject: below --
2006-11-22 5:57 lubasi
2006-11-22 15:15 ` Taylor, Grant
2006-11-22 14:44 lubasi
2006-11-22 15:08 ` Gavin White
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=4563E4C0.30608@hostway.com \
--to=dineshg@hostway.com \
--cc=netfilter@lists.netfilter.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.