On gio, 2014-11-13 at 19:09 +0200, Eliezer Croitoru wrote: > Hey all, > > I have a tiny linux router based on ubuntu and sometimes I get a > massive load of UDP traffic because of one of the PCs in the network. > Usually I handle the situation with a strict block using iptables. > The main issue is to find it due to the load. > For now I am monitoring the traffic load using MRTG but it won't > notify me. > I can try to use nagios to monitor traffic load for a period of time > but before I start working on it I want another person opinion and > options. > > I have seen netflow in the past but never actually used it. > > Thanks in advance, > Eliezer
NFDump [1] also is good if you look at a less fancy analyzer (cmdline based) but very customizable. You search for that data the you want in the time slot that you want. I know there are other projects which can read captured data and present it in a GUI but I haven't used them myself. Regards, leonardo [1] http://nfdump.sourceforge.net/
signature.asc
Description: This is a digitally signed message part