From: "Taylor, Grant" <gtaylor@riverviewtech.net>
To: netfilter@lists.netfilter.org
Subject: Re: Someone is using too much bandwidth???
Date: Wed, 22 Nov 2006 09:15:25 -0600 [thread overview]
Message-ID: <4564698D.8050906@riverviewtech.net> (raw)
In-Reply-To: <380-220061132255717968@zamnet.zm>
lubasi wrote:
> Okey thanks for tcpdump.
No problem.
> But got a problem. I cant seem to really figure out what those lines
> mean? say these four (4) lines:
>
> 08:01:42.131982 IP 192.168.0.71.1054 > mail.parliament.gov.zm.squid:
> . ack 6755 win 65535
Host 192.168.0.71 is talking from port 1054 to host mail.parliament.gov.zm's
Squid port (3128) (acknowledging packet 6755 with a window size of 65535)
> 08:01:42.225114 IP 213.155.151.150.http > 192.168.0.183.3011: P
> 1:334(333) ack 170 win 5840
213.155.151.150 was sending traffic from the http port (80) back to
192.168.0.183
> 08:01:42.229863 IP 192.168.0.183.3011 > 213.155.151.150.http: F
> 170:170(0) ack 334 win 63907
> 08:01:42.229968 IP 213.155.151.150.http > 192.168.0.183.3011: F
> 334:334(0) ack 171 win 5840
> Okey seen the date part, the IP address then looks like the port on
> which the connection is listening on is appended to the requesting IP
> address then the greater than???? confused from that point.
The greater than is an arrow pointing the direction of the traffic flow.
There is also some packet information that is not really important for the
basic traffic flow that you are after. Consider perusing the TCPDump man
page. ;) You will find out all sorts of things about how you can customize
the default output of TCPDump.
> Anything i can use to graph this information????
Now you are just being picky. ;)
I'm sure there are some ways that you could capture this output and run it
through a graph generation program. However these are just pieces in a
total solution. You may want to look at some of the other things mentioned
in this thread as I bet they will come closer to doing what you want to do
out of the box. If not, look for something that will take the output of
TCPDump and munge it and then create a file that holds your stats (csv?) and
then look to have something graph that (GNUPlot?) for you.
Grant. . . .
next prev parent reply other threads:[~2006-11-22 15:15 UTC|newest]
Thread overview: 10+ messages / expand[flat|nested] mbox.gz Atom feed top
2006-11-22 5:57 Someone is using too much bandwidth??? lubasi
2006-11-22 15:15 ` Taylor, Grant [this message]
-- strict thread matches above, loose matches on Subject: below --
2006-11-22 14:44 lubasi
2006-11-22 15:08 ` Gavin White
2006-11-21 17:22 lubasi
2006-11-21 18:13 ` Pablo Sanchez
2006-11-21 18:25 ` Taylor, Grant
2006-11-21 18:28 ` tom
2006-11-22 5:48 ` Danny
2006-11-25 18:54 ` R. DuFresne
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=4564698D.8050906@riverviewtech.net \
--to=gtaylor@riverviewtech.net \
--cc=netfilter@lists.netfilter.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox