From: "Taylor, Grant" <gtaylor@riverviewtech.net>
To: netfilter@lists.netfilter.org
Subject: Re: Someone is using too much bandwidth???
Date: Tue, 21 Nov 2006 12:25:17 -0600 [thread overview]
Message-ID: <4563448D.7000401@riverviewtech.net> (raw)
In-Reply-To: <380-2200611221172226406@zamnet.zm>
lubasi wrote:
> How can i interprate the #tail -f /var/logs/messages to determin
> which machine is doing kazaa or any other P2P???consuming the
> bandwidth.
By default /var/log/messages will not record any thing about traffic that is
passing through the system. You can add IPTables rules that will cause
matched packets to be logged via Syslog which you can then see in
/var/log/messages.
However to get a better idea of what traffic is running on your network,
consider TCPDump or a GUI front end like Etherial. This will give you a
real time report of what traffic is flowing in to / out of / through your
system (presuming you sniff the correct interface). You can tell from this,
which computer is consuming more bandwidth than it should based on the
frequency of the source / destination IP showing up in TCPDump's output.
You could add rules to IPTables that match specific IPs in question and
watch the hit counters to see which system(s) are incrementing their
counters at an exceptional rate. One (or more) system(s) should jump out at
you as being the culprit(s).
> And how do i block these popular P2P???
First you need to find out more about the type of P2P traffic that you are
experiencing so that you can more accurately filter it out / rate limit it.
I will say that you may have better luck with rate limiting. If you
completely block a users access to something they will find a different
method to get to what they want to get to. If your users switch to
something else you then have to learn about that too. Where as if you let
your users use one system but control the amount of bandwidth consumed and /
or the priority you may not play the above game nearly as often.
My family has a saying, "Give 20% to get 80% of what you want.".
Grant. . . .
next prev parent reply other threads:[~2006-11-21 18:25 UTC|newest]
Thread overview: 10+ messages / expand[flat|nested] mbox.gz Atom feed top
2006-11-21 17:22 Someone is using too much bandwidth??? lubasi
2006-11-21 18:13 ` Pablo Sanchez
2006-11-21 18:25 ` Taylor, Grant [this message]
2006-11-21 18:28 ` tom
2006-11-22 5:48 ` Danny
2006-11-25 18:54 ` R. DuFresne
-- strict thread matches above, loose matches on Subject: below --
2006-11-22 5:57 lubasi
2006-11-22 15:15 ` Taylor, Grant
2006-11-22 14:44 lubasi
2006-11-22 15:08 ` Gavin White
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=4563448D.7000401@riverviewtech.net \
--to=gtaylor@riverviewtech.net \
--cc=netfilter@lists.netfilter.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox