Hello,
can someone recommend me a good way to quickly determine who on the
network is using up most the Bandwith, and preferrably, what are the
using it for?
I have a 4.3 Machine, which is the Firewall and Router for a Network
with about 100 Machines. Every once in a while, i see the Traffic
picking up consideribly when using bwm-ng to check. During normal
Operation, i know the average Kilobytes per second is around 100kbps ,
but when bwm-ng shows me the traffic is going up 750kbps, and then i
know something is up.
Normally then i use something like pftop -s 1 -o rate , and then find
out who is on top of the list. I wonder if anyone has a better way of
finding Bandwidth Hogs. On an older FreeBSD System, i simply installed
iftop, which quickly showed me my top Users. Similar to bwm-ng, but
basically showing you per IP who is using how much Bandwidth.
Ideally would be a way that not only shows me quickly who is using the
most Bandwidth, but also, if they are using it for HTTP traffic, or
simply downloading a large mail or having a Skype Conversation or else.
Excellent would also be a way i can somehow graph all of that, so that
even when i am not in the office, i can identify people who are doing
things they shouldnt. I do have an RRD Graph for my main Interface, so i
can say for example a few hours ago something made the Traffic pick up
to 750kbps for 20 minutes, but i have no idea who it was. I once had all
my protocols and IP's labeled, and used pfctl -s labels to parse them
into my rrd files, but the whole process with collecting and graphing
got quite slow.
Also i tried darkstat, but its doesnt do a better job than current
bwm-ng and pftop.
Thanks for any suggestions,
David
