Traffic monitoring
Hello everybody!
I have small but complicated problem.
How do you monitor what network traffic you have and how much? I want to
be able to see the origin and destination, type and volume.
We have two computer labs, with its respective ISP-connections, both with
volume based rates. These two sites are also connected to each other
through a VPN. The volume between the two sites should really be marginal.
Due to what we get charge by the ISP, we suspect a lot of non-sanctioned
material (mp3..) being transported over smb. I would like to at least be
able to monitor the volume from respective computer going through the
firewall (and the VPN).
Preferably, I would like to have information like:
------------------------------------------------
Date xx/xx/xx
Workstation A (xxx.xxx.xxx.xxx) (95 MB)
SMB.....35 MB
HTTP....40 MB
RSYNC...10 MB
FTP......5 MB
SSH...
.
.
Workstation B...
----------------------------------------
If I also could see what files being sent (names and sizes), it would be
fantastic. Is it possible with SMB? (What about FTP, HTTP, RSYNC...)
Of course I can't see what files get encapsulated in a SSH tunnel, but, I
still want to know the volume and origin. Of course they can use different
ports... This is not a police action I want to conduct, I just want a
really strong position when complaints come from different directions.
Those who pay say the cost is too high and those who use it say the
connection is to slow. What the users don't realize is that if the costs
isn't manageable, the ISP-connection will be cut off. They just blame each
other for the volume sent/received. I'm just about feed up with it!!!
As for now, all I have is a transparent squid and the total volume through
the connection (with no separation on the volume the different
workstations tribute).
Can anyone at least solve some of my wishes?
Forgive me my hard hidden frustration.
Cheers
- Nils Erikson
Reply to: