Re: off subject - ip & bandwidth management
On Wed, 25 Feb 2004 17:39:00 -0600,
Rich Puhek <rpuhek@etnsystems.com> wrote in message
<[🔎] 403D3214.1010403@etnsystems.com>:
> Gregory Wood wrote:
>
> > Problem 1: I have a couple of sites, one with 30 users, another with
> > 500 users. The switches are unmanaged. Occasionally, someone won't
> > be able to log in or they will loose a network printer. I suspect
> > one or more PCs are soaking up the bandwidth.
..for bandwidth throttling, I (and my isp alias business client) use my
http://fmb.no/ipcop/setup-cbq-0.0.5.tar.bz2 on an ip-less bridge.
I guess it could use a web interface or a webmin module, if you don't
like to edit text files. My isp has about 200 clients now, some of them
businesses, there is ip room for another 600, and AFAICT, any recent
box can handle it, we use a Duron 1.2G with 128 MB ram.
..it and the gateway box is going to be replaced with one throttling
gateway, same hardware, it rarely sees any load at all, I've even
compiled kernels on the bridge while in throttle service. ;-)
> > Problem 2: I work with a local ISP. He has his system subnetted BUT
> > there are still folks who find a 'free' IP and use it. When the
> > owner of the IP fires up his system, he can't connect. Also, as
> > above, he has seen the'steady state' bandwidth increase but can't
> > identify the users. He has CISCO switches and I would have though
> > they would have the tools to identify the user consumption.
> > Apparently not.
> >
> > Is there a tool for monitoring who is using the bandwidth and with
> > what MAC? I've used Ethereal but it generates way too much detail. I
> > would like to load up a notebook and a hub and stick it between the
> > server and the rest of the network or between the Internet firewall
> > and the network.
> >
> > Ideas? Thoughts?
..ntop, www.ntop.org. Very nice web interface for lookup's, used to be
a resource hog, but I had it running for months on the bridge, and could
not get it to run for much more than 5 minutes on my own 3 box lan 2
years back.
Same HW and SW, so we figured it just needed traffic to survive. ;-)
> If the Ciscos are managed switches, try using MRTG to graph port
> usage. You should also be able to log on and show port info, check the
> docs for the switches CLI. Haven't used Cisco switches here, but
> something along the lines of "show int" should get what you need.
>
> For individual bandwidth usage on a local subnet, iptraf provides a
> neat glance at "real-time" usage. If you're on a switched network,
> you'll need some way to see all the traffic on the network. For 3com
> switches, it's called something like the "roving analysis port"
> (better than using a hub near the firewall, just analyze the
> firewall's port). Iptraf will give a nice display of traffic in and
> traffic out, listed by MAC. Then it's just a matter of tracing down
> the MAC's location, and going to said location with a big stick in
> hand :-)
>
> You might also want to nmap your network periodically. Look for
> surprising IP addresses.
>
> You'll probably find misbehaving KaZaa servers to blame. They're very
> bad about playing well on a network, and will happily saturate your
> bandwidth.
...and set a policy first, then police it. ;-)
--
..med vennlig hilsen = with Kind Regards from Arnt... ;-)
...with a number of polar bear hunters in his ancestry...
Scenarios always come in sets of three:
best case, worst case, and just in case.
Reply to: