[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bandwidth monitoring



Hello,

Whats the best way in Debian to monitor IP packets sent/received over an
external (ie. volume charged) connection? ie. How many bytes did host A
receive on what port? Which internal host received the most external
traffic? etc?

I have looked at the following:

CALAMARIS
        * pretty good, but only works on squid traffic.

NTOP
        * very friendly user interface, can do just about anything with
          statistics in an easy way.
        * doesn't work to well on ISDN adaptor, seems to get all these
          Ethernet addresses which ISDN simply doesn't have.
        * I have had problems with it consuming too much memory, almost
          to the extent of crashing the computer as it thrashes
          constantly (see bug #123003 and #136627). This might be
          related to other problems described here.
        * If you run it on an internal adapter, it doesn't distinguish
          local vs remote traffic. Local traffic is free, remote traffic
          isn't (at least here in Australia).
        * If you run it on an external adaptor, it appears to consider
          all external hosts as local.

ARGUS
        * Appears pretty good, but the interface is very low level
          compared with say NTOP, and it seems pretty easy to mistake,
          eg incoming packets counted for outgoing packets for instance
          (since argus records everything differently depending on which
          side initiated the connection).
        * Maybe something like argus with cricket could be used, however
          I am not aware of how this can be done very efficiently (eg.
          without rerunning racount with lots of different rules with a
          custom script and extracting the data to put into cricket).
        * Due to lack of documentation, I might be confused ;-).

NSTREAMS (looks interesting, but I suspect it cant solve this problem)

Ideally, any program should also work with masquerading, although that
might be difficult (last I tried, tcpdump showed incoming and outgoing
packets with different IP addresses).

Any others?
-- 
Brian May <bam@snoopy.apana.org.au>


-- 
To UNSUBSCRIBE, email to debian-devel-request@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org



Reply to: