From: Danny <dineshg@hostway.com>
To: netfilter@lists.netfilter.org
Subject: Re: Someone is using too much bandwidth???
Date: Wed, 22 Nov 2006 11:18:48 +0530 [thread overview]
Message-ID: <4563E4C0.30608@hostway.com> (raw)
In-Reply-To: <4563454B.6000609@t0mb.net>
Hi,
ntop is a good solution too. It gives you current thoroughput and total
bandwidth consumption.
It gives you info about the transmission type as well - TCP/UDP.
http://www.ntop.org/overview.html
All the best !!
- Danny
tom wrote:
> Taylor, Grant wrote:
>> lubasi wrote:
>>> How can i interprate the #tail -f /var/logs/messages to determin
>>> which machine is doing kazaa or any other P2P???consuming the
>>> bandwidth.
>>
>> By default /var/log/messages will not record any thing about traffic
>> that is
>> passing through the system. You can add IPTables rules that will cause
>> matched packets to be logged via Syslog which you can then see in
>> /var/log/messages.
>>
>> However to get a better idea of what traffic is running on your network,
>> consider TCPDump or a GUI front end like Etherial. This will give you a
>> real time report of what traffic is flowing in to / out of / through
>> your
>> system (presuming you sniff the correct interface). You can tell
>> from this,
>> which computer is consuming more bandwidth than it should based on the
>> frequency of the source / destination IP showing up in TCPDump's output.
>>
>> You could add rules to IPTables that match specific IPs in question and
>> watch the hit counters to see which system(s) are incrementing their
>> counters at an exceptional rate. One (or more) system(s) should jump
>> out at
>> you as being the culprit(s).
>>
>>> And how do i block these popular P2P???
>>
>> First you need to find out more about the type of P2P traffic that
>> you are
>> experiencing so that you can more accurately filter it out / rate
>> limit it.
>> I will say that you may have better luck with rate limiting. If you
>> completely block a users access to something they will find a different
>> method to get to what they want to get to. If your users switch to
>> something else you then have to learn about that too. Where as if
>> you let
>> your users use one system but control the amount of bandwidth
>> consumed and /
>> or the priority you may not play the above game nearly as often.
>>
>> My family has a saying, "Give 20% to get 80% of what you want.".
>>
>>
>>
>> Grant. . . .
>>
>>
> iftop will suit your needs for monitoring like that.
> http://freshmeat.net/*iftop*
>
>
next prev parent reply other threads:[~2006-11-22 5:48 UTC|newest]
Thread overview: 10+ messages / expand[flat|nested] mbox.gz Atom feed top
2006-11-21 17:22 Someone is using too much bandwidth??? lubasi
2006-11-21 18:13 ` Pablo Sanchez
2006-11-21 18:25 ` Taylor, Grant
2006-11-21 18:28 ` tom
2006-11-22 5:48 ` Danny [this message]
2006-11-25 18:54 ` R. DuFresne
-- strict thread matches above, loose matches on Subject: below --
2006-11-22 5:57 lubasi
2006-11-22 15:15 ` Taylor, Grant
2006-11-22 14:44 lubasi
2006-11-22 15:08 ` Gavin White
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=4563E4C0.30608@hostway.com \
--to=dineshg@hostway.com \
--cc=netfilter@lists.netfilter.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox