Nils wrote:
Hello everybody! I have small but complicated problem. How do you monitor what network traffic you have and how much? I want to be able to see the origin and destination, type and volume. We have two computer labs, with its respective ISP-connections, both with volume based rates. These two sites are also connected to each other through a VPN. The volume between the two sites should really be marginal. Due to what we get charge by the ISP, we suspect a lot of non-sanctioned material (mp3..) being transported over smb. I would like to at least be able to monitor the volume from respective computer going through the firewall (and the VPN).
If you can install a machine as a sniffer (hubs only in the network, or a switch that supports port mirroring), iptraf may really help here.
I don't find it very usefull over long trends, but I use iptraf on my network whenever I see an unexplained jump in traffic and need to track down the source.
It's able to show traffic by port, by packet size, or a running display of source IP:port and destination IP:port pairs. Also supports packet filtering (which is really nice to filter out the port 22 connection from my workstation, so the continual screen updates don't distract me with increasing packet counts).
It's also packaged for Debian. --Rich _________________________________________________________ Rich Puhek ETN Systems Inc. 2125 1st Ave East Hibbing MN 55746 tel: 218.262.1130 email: rpuhek@etnsystems.com _________________________________________________________