On Wed, 18 Oct 2000, Jacques Rautenbach wrote:
> Hi All,
> I am looking for a script that will work out the amount of traffic IP
> adress's behind a gauntlet firewall on a Linux platform pull of the
> internet. Preferably it should be accessed through a web interface and can
> be adjsuted to reflect values over certain periods such as 24 hours,
> monthly, yearly etc. The point being to finger out individual IP's that are
> abusing bandwidth as we in SA pay huge amounts of money for bandwidth. I
> have seen an interface like this before that had a "top 20" for the day and
> then the history of each IP but I am unable to find it.
>
> Any help would be greatly appreciated.
>
> Regards
You can easily do this with Sniffer Pro. There is a way to monitor up to
500 hosts, and the statistics (packets in/out) from each. I am sure with
some nicely tuned scripts, you can do the same with tcpdump or ethereal.
I have done this with Sniffer Pro, then exported the data as a comma
seperated file. CSV files can be imported into Excel, where you can write
some functions to SUM the data.
If you have a mostly cisco network, you can setup NetFlow accounting. I
have setup this up with a SUN Ultra5 doing the NetFlow Collection. This is
very scalable and is probably the best bet for the long term.
You might want to also look into using an application proxy where you can
track each IP and how much data they retrieved.
.truman.
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
