On Wed, 25 Feb 2004 17:39:00 -0600,
Rich Puhek [EMAIL PROTECTED] wrote in message
[EMAIL PROTECTED]:
Gregory Wood wrote:
Problem 1: I have a couple of sites, one with 30 users, another with
500 users. The switches are unmanaged. Occasionally, someone won't
be able to log in or they will loose a network printer. I suspect
one or more PCs are soaking up the bandwidth.
..for bandwidth throttling, I (and my isp alias business client) use my
http://fmb.no/ipcop/setup-cbq-0.0.5.tar.bz2 on an ip-less bridge.
I guess it could use a web interface or a webmin module, if you don't
like to edit text files. My isp has about 200 clients now, some of them
businesses, there is ip room for another 600, and AFAICT, any recent
box can handle it, we use a Duron 1.2G with 128 MB ram.
..it and the gateway box is going to be replaced with one throttling
gateway, same hardware, it rarely sees any load at all, I've even
compiled kernels on the bridge while in throttle service. ;-)
Problem 2: I work with a local ISP. He has his system subnetted BUT
there are still folks who find a 'free' IP and use it. When the
owner of the IP fires up his system, he can't connect. Also, as
above, he has seen the'steady state' bandwidth increase but can't
identify the users. He has CISCO switches and I would have though
they would have the tools to identify the user consumption.
Apparently not.
Is there a tool for monitoring who is using the bandwidth and with
what MAC? I've used Ethereal but it generates way too much detail. I
would like to load up a notebook and a hub and stick it between the
server and the rest of the network or between the Internet firewall
and the network.
Ideas? Thoughts?
..ntop, www.ntop.org. Very nice web interface for lookup's, used to be
a resource hog, but I had it running for months on the bridge, and could
not get it to run for much more than 5 minutes on my own 3 box lan 2
years back.
Same HW and SW, so we figured it just needed traffic to survive. ;-)
If the Ciscos are managed switches, try using MRTG to graph port
usage. You should also be able to log on and show port info, check the
docs for the switches CLI. Haven't used Cisco switches here, but
something along the lines of show int should get what you need.
For individual bandwidth usage on a local subnet, iptraf provides a
neat glance at real-time usage. If you're on a switched network,
you'll need some way to see all the traffic on the network. For 3com
switches, it's called something like the roving analysis port
(better than using a hub near the firewall, just analyze the
firewall's port). Iptraf will give a nice display of traffic in and
traffic out, listed by MAC. Then it's just a matter of tracing down
the MAC's location, and going to said location with a big stick in
hand :-)
You might also want to nmap your network periodically. Look for
surprising IP addresses.
You'll probably find misbehaving KaZaa servers to blame. They're very
bad about playing well on a network, and will happily saturate your
bandwidth.
...and set a policy first, then police it. ;-)
--
..med vennlig hilsen = with Kind Regards from Arnt... ;-)
...with a number of polar bear hunters in his ancestry...
Scenarios always come in sets of three:
best case, worst case, and just in case.
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
