Re: How to monitor the internet bandwidth eater ?

To: debian-user@lists.debian.org
Subject: Re: How to monitor the internet bandwidth eater ?
From: Arnt Karlsen <arnt@c2i.net>
Date: Tue, 27 Mar 2012 12:48:18 +0200
Message-id: <[🔎] 20120327124818.2a1340d5@nb6.lan>
In-reply-to: <[🔎] 20120326104710.2d33639b@shiva.selfip.org>
References: <[🔎] 20120326104710.2d33639b@shiva.selfip.org>

On Mon, 26 Mar 2012 10:47:10 +0530, J. wrote in message 
<[🔎] 20120326104710.2d33639b@shiva.selfip.org>:

> 
> Hello,
> 
> This is an office environment where client's PC are connected with a
> hub

..really?  A box that behaves like a properly set 
up coax wire?  And therefore, _not_ a switch?

> and that hub is connected with the gateway debian box.

...that you have checked out ok for rootkits?
A skilfully set up rootkit might check Debian 
mirrors for which md5sums to feed you when you 
try run rootkit checks.  _Etc._

> How can I monitor the bandwidth at the gateway server to check which sites are
> eating maximum bandwidth.

..I'd set up 2 new boxes, one with 3 nics, 2 for the invisible 
bridge outside or inside your Debian gw box, and one for your 
laptop or monitoring-and-control box that you keep disconnected 
from your office clientele lan, you may want an "admin lan" 
secured from your office lan.

..if your gw box is clean, you probably have one or more hijacked
wintendos doing spam to child porn or terrorism, so you wanna tell 
cops you trust, and get a lawyer.  Your office workers are probably
innocent because they are clueless, even if they are stupid enough 
to break some silly rule on "security."  But, there _are_ some bad 
e.g. pedo networks that we all like to see in jail. 


..I used my bridge boxes primarily as bandwidth throttles, "my lan" 
was an early wifi isp service and we were shot down by Telenor's 
drive on adsl modems with "wireless" lan's. ;o)

> I have used iftop / ntop etc.....

..me 2. ;o)

..to collect ntop data, combine cron and wget on a log server box. 

> but still unable to get the proper report i.e. when I visit youtube or do a
> torrent download from my own client box; I can't see the presence of
> those connection through iftop / ntop. 

..is why I doubt you have an hub and guess you have a switch.

> Could anyone suggest a proper
> tool for this ? Or am I missing the right technique needed for iftop
> etc  ?

..try an invisible bridge. ;o)

> Thanks
> 
> 


-- 
..med vennlig hilsen = with Kind Regards from Arnt Karlsen
...with a number of polar bear hunters in his ancestry...
  Scenarios always come in sets of three: 
  best case, worst case, and just in case.

Reply to:

References:
- How to monitor the internet bandwidth eater ?
  - From: "J. Bakshi" <bakshi12@gmail.com>

Prev by Date: Re: Lilo not recognizing keyboard SOLVED)
Next by Date: Re: Query about hard drive partitions maintenance
Previous by thread: Re: How to monitor the internet bandwidth eater ?
Next by thread: A simple regular expression?
Index(es):
- Date
- Thread