Re: Traffic monitoring
You might want to try out the packat "iptraf" and monitor the
interface ipsec0. It gives you various overwiews on traffic going
over each port in / out as well as other statistics. Only drawback:
It only counts as long as you leave it running on console. But I
guess leaving it running for e.g. 12 hours (one work-day) should be
sufficient to get an idea what's going on, right?
And you could also try to sniff the SMB-traffic ... there are
probably ways to "listen" which files (with what filenames etc.) are
transfered. I strongly believe there are tools doing this out there.
Ethereal maybe? (Haven't worked with it yet.)
On 14 Mar 2003 at 20:03, Nils wrote:
> I have small but complicated problem.
>
> How do you monitor what network traffic you have and how much? I want
> to be able to see the origin and destination, type and volume.
>
> We have two computer labs, with its respective ISP-connections, both
> with volume based rates. These two sites are also connected to each
> other through a VPN. The volume between the two sites should really be
> marginal. Due to what we get charge by the ISP, we suspect a lot of
> non-sanctioned material (mp3..) being transported over smb. I would
> like to at least be able to monitor the volume from respective
> computer going through the firewall (and the VPN).
>
> Preferably, I would like to have information like:
> ------------------------------------------------
> Date xx/xx/xx
> Workstation A (xxx.xxx.xxx.xxx) (95 MB)
> SMB.....35 MB
> HTTP....40 MB
> RSYNC...10 MB
> FTP......5 MB
> SSH...
Reply to: