From: tom <tom@t0mb.net>
To: "Taylor, Grant" <gtaylor@riverviewtech.net>
Cc: netfilter@lists.netfilter.org
Subject: Re: Someone is using too much bandwidth???
Date: Tue, 21 Nov 2006 18:28:27 +0000 [thread overview]
Message-ID: <4563454B.6000609@t0mb.net> (raw)
In-Reply-To: <4563448D.7000401@riverviewtech.net>
Taylor, Grant wrote:
> lubasi wrote:
>> How can i interprate the #tail -f /var/logs/messages to determin
>> which machine is doing kazaa or any other P2P???consuming the
>> bandwidth.
>
> By default /var/log/messages will not record any thing about traffic
> that is
> passing through the system. You can add IPTables rules that will cause
> matched packets to be logged via Syslog which you can then see in
> /var/log/messages.
>
> However to get a better idea of what traffic is running on your network,
> consider TCPDump or a GUI front end like Etherial. This will give you a
> real time report of what traffic is flowing in to / out of / through your
> system (presuming you sniff the correct interface). You can tell from
> this,
> which computer is consuming more bandwidth than it should based on the
> frequency of the source / destination IP showing up in TCPDump's output.
>
> You could add rules to IPTables that match specific IPs in question and
> watch the hit counters to see which system(s) are incrementing their
> counters at an exceptional rate. One (or more) system(s) should jump
> out at
> you as being the culprit(s).
>
>> And how do i block these popular P2P???
>
> First you need to find out more about the type of P2P traffic that you
> are
> experiencing so that you can more accurately filter it out / rate
> limit it.
> I will say that you may have better luck with rate limiting. If you
> completely block a users access to something they will find a different
> method to get to what they want to get to. If your users switch to
> something else you then have to learn about that too. Where as if you
> let
> your users use one system but control the amount of bandwidth consumed
> and /
> or the priority you may not play the above game nearly as often.
>
> My family has a saying, "Give 20% to get 80% of what you want.".
>
>
>
> Grant. . . .
>
>
iftop will suit your needs for monitoring like that.
http://freshmeat.net/*iftop*
next prev parent reply other threads:[~2006-11-21 18:28 UTC|newest]
Thread overview: 10+ messages / expand[flat|nested] mbox.gz Atom feed top
2006-11-21 17:22 Someone is using too much bandwidth??? lubasi
2006-11-21 18:13 ` Pablo Sanchez
2006-11-21 18:25 ` Taylor, Grant
2006-11-21 18:28 ` tom [this message]
2006-11-22 5:48 ` Danny
2006-11-25 18:54 ` R. DuFresne
-- strict thread matches above, loose matches on Subject: below --
2006-11-22 5:57 lubasi
2006-11-22 15:15 ` Taylor, Grant
2006-11-22 14:44 lubasi
2006-11-22 15:08 ` Gavin White
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=4563454B.6000609@t0mb.net \
--to=tom@t0mb.net \
--cc=gtaylor@riverviewtech.net \
--cc=netfilter@lists.netfilter.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox