How to count bytes from ISP.
Help, what tools exist in SuSE to account for internet bytes in? The byte-count from the ISP has gone berserk lately, last month downloads ran to 3 Gig, (costing me over $200 in excess) this month it's already at the limit (1.5 Gig). Is it the teenagers downloading music? (Yes they do but not that much) Is it the Limewire music sharing app generating traffic spontaneously? Am I under some kind of external attack? Have I been hacked? Setup is a home network with 4 computers, one of which is a server (SuSE 8.2) that hosts email and web. Network connection is broadband and always on, (except when I turn it off to slow the traffic). I'm using SuSEfirewall2 with Quickmode NAT, also a squid cache. I'd like to know where the bulk of the bytes are coming from, which (if any) internal computer is calling for them, what protocols (ports) are involved? Thanks for any pointers, michaelj -- Michael James michael.james@csiro.au System Administrator voice: 02 6246 5040 CSIRO Bioinformatics Facility fax: 02 6246 5166
* Michael James <Michael.James@csiro.au> [04-19-04 20:18]:
Help, what tools exist in SuSE to account for internet bytes in?
/usr/sbin/iptraf -- Patrick Shanahan Registered Linux User #207535 http://wahoo.no-ip.org @ http://counter.li.org HOG # US1244711
I tried few daemons, some of them were good, some looked good until traffic become heavy... Anyway, I'm sattisfied with ulog-acctd (http://savannah.nongnu.org/projects/ulog-acctd) you can configure it to your needs... it had some php script which was parsing logs and writing data in postgresql db. but there was too much info, and too much load for machine that acts as router for lot of users. it was writting one record per connection, so after 24h it was really huge table in database. so I worte some c++ crap that only counts traffic for IP addresses I want to monitor and writting them in PG database. it is writting only 1 record per monitored IP so table is small. then I wrote basic php frontend for easier administering and for users who can login and check if they are crossing their limits. well, thing is not documented at all but I could modify and update it for general use if one finds it useful. /ssbljk On Tue, 20 Apr 2004, Michael James wrote:
Help, what tools exist in SuSE to account for internet bytes in?
The byte-count from the ISP has gone berserk lately, last month downloads ran to 3 Gig, (costing me over $200 in excess) this month it's already at the limit (1.5 Gig).
Michael James wrote:
Help, what tools exist in SuSE to account for internet bytes in?
The byte-count from the ISP has gone berserk lately, last month downloads ran to 3 Gig, (costing me over $200 in excess) this month it's already at the limit (1.5 Gig).
Is it the teenagers downloading music? (Yes they do but not that much) Is it the Limewire music sharing app generating traffic spontaneously? Am I under some kind of external attack? Have I been hacked?
Setup is a home network with 4 computers, one of which is a server (SuSE 8.2) that hosts email and web. Network connection is broadband and always on, (except when I turn it off to slow the traffic).
I'm using SuSEfirewall2 with Quickmode NAT, also a squid cache.
I'd like to know where the bulk of the bytes are coming from, which (if any) internal computer is calling for them, what protocols (ports) are involved?
Thanks for any pointers, michaelj
I like ntop. I'm not sure about 8.2, but it comes with 9. I know rpms are available on rpm.pbone.net for 8.2. Once installed go to http://localhost:3000 and then the admin tab. Go to plugins and change rrdplugin to track hosts and you will get even more info. Sniffit is a good tool as well. It gives pretty much the same info as tcpdump but in a much more readable style. -- Louis D. Richards LDR Interactive Technologies
participants (4)
-
Aidin Alihodzic -
Louis Richards -
Michael James -
Patrick Shanahan