ALParada wrote:
Hello,
Is there an easy way to monitor who is hogging up all the bandwidth? For the last couple of days our router has been saturated and slowing our network to a crawl. I am not looking for anything fancy just enough to figure out who the culprit is.
I am running uClibc with Shorewall. No proxy and no additional net tools. Any help would be greatly appreciated.
Assuming you're close to the physical router, you can start by looking at the blinking lights on the NICs.
Typically, somone's PC(s) have gotten a virus and they're busy spewing data as fast as they can to the whole world, trying to infect someone else. This can usually be tracked pretty easily by following the usage lights on the router NICs, and then the lights on the switch/hub connecting to the workstations.
Of course, you can do the same thing via the web if you're running something like MRTG to gather stats on all your firewall NICs and managed switch ports.
To really narrow down the problem, you can use something like tcpdump (note it also requires the libpcap library to be loaded), or an IDS like snort to sniff traffic and identify what doesn't belong. With tcpdump, I typically just start dumping the raw traffic, and start zeroing in on what looks like the culprit. Not too hard to do if you are familiar with the normal traffic patterns generated by your network.
-- Charles Steinkuehler [EMAIL PROTECTED]
-------------------------------------------------------
This SF.Net email sponsored by Black Hat Briefings & Training.
Attend Black Hat Briefings & Training, Las Vegas July 24-29 - digital self defense, top technical experts, no vendor pitches, unmatched networking opportunities. Visit www.blackhat.com
------------------------------------------------------------------------
leaf-user mailing list: [EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user
SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
