RE: [gentoo-user] [Probably off-topic] How do I find out what is consuming the bandwidth?
Actually they don't all cost a fortune. You can pick up a cheap managed switch these days. We have like 20 of these "Nortel Baystack 450"s at my company that we used to use for development for our NAC product. They sell on eBay for about $50, we've gotten some as cheap as $7 + shipping. Hell, I've found an Asanti IntraCore 3524 in great condition (that I have sitting here at my desk) laying by the trash pile that some other company in our building was tossing out. eBay for "managed switch" and sort by price, lowest first. Having said all that, I would just go with a software traffic monitor like the ones previously mentioned. Dealing with a manged switch is absolutely no fun unless you're either really into Layer 2 or 3 masochism, cryptic commands, and have a pant-load of computers you need vlans and stuff for. BTW, that 'trafshow' tool is pretty slick! I've never used it before. Thanks Drew Tomlinson. One bug that I notice though, is that I run several vhosts, and when I hit some of the web sites, they all show up as the same domain name. For example, I go to hit http://daevid.com and it shows up in the list as http://anotherdomain.com :-| Daevid Vincent Lockdown Networks: Real NAC Right Now! Senior Software Engineer | Architect | Founder 206.285.8080.104 100 West Harrison Street, North Tower, Suite 300 | Seattle, WA 98119 > -Original Message- > From: Alan McKinnon [mailto:[EMAIL PROTECTED] > > There's one other way that I just remembered (for future > reference). You > don't *have* to use a linux machine as a gateway if you have a decent > managed switch - set it to route all traffic on all ports out through > the port that a monitoring machine is connected to. In other words, > that one part acts like a hub. Now that the monitoring > machine can see > every bit on the entire Ethernet, it can count 'em :-) > > However, these switches cost a fortune and I very much doubt that the > el-cheapo ADSL routers on the market have this feature. Both of mine > certainly don't. -- gentoo-user@lists.gentoo.org mailing list
Re: [gentoo-user] [Probably off-topic] How do I find out what is consuming the bandwidth?
On Sat, 1 Mar 2008 22:56:20 +0200 Alan McKinnon <[EMAIL PROTECTED]> wrote: > There's one other way that I just remembered (for future reference). > You don't *have* to use a linux machine as a gateway if you have a > decent managed switch - set it to route all traffic on all ports out > through the port that a monitoring machine is connected to. In other > words, that one part acts like a hub. Now that the monitoring machine > can see every bit on the entire Ethernet, it can count 'em :-) > > However, these switches cost a fortune and I very much doubt that the > el-cheapo ADSL routers on the market have this feature. Both of mine > certainly don't. You could also do this with a non-switching hub, if you can find one. They would be a whole lot cheaper, I'd imagine, than a managed switch, even used on ebay. -- gentoo-user@lists.gentoo.org mailing list
Re: [gentoo-user] [Probably off-topic] How do I find out what is consuming the bandwidth?
On 1 Mar 2008, at 20:56, Alan McKinnon wrote: ... There's one other way that I just remembered (for future reference). You don't *have* to use a linux machine as a gateway if you have a decent managed switch - set it to route all traffic on all ports out through the port that a monitoring machine is connected to. In other words, that one part acts like a hub. Now that the monitoring machine can see every bit on the entire Ethernet, it can count 'em :-) However, these switches cost a fortune and I very much doubt that the el-cheapo ADSL routers on the market have this feature. Both of mine certainly don't. FYI: these are actually really cheap secondhand on eBay, if you're happy with 10/100, or 10/100 with 2 x gigabit ports. Stroller. -- gentoo-user@lists.gentoo.org mailing list
Re: [gentoo-user] [Probably off-topic] How do I find out what is consuming the bandwidth?
On Saturday 01 March 2008, Drew Tomlinson wrote: > > Sometimes the router has an accounting feature. Otherwise you need > > to make a Linux box the gateway for the entire LAN and hang the > > ADSL router off one of it's interfaces. Then do accounting via any > > one of numerous tools > > > > I concur with the above poster and use a FreeBSD machine as my > gateway. There is a tool called 'trafshow' I use for quick real > time traffic analysis which might be useful for you. I found it in > portage: > > net-analyzer/trafshow There's one other way that I just remembered (for future reference). You don't *have* to use a linux machine as a gateway if you have a decent managed switch - set it to route all traffic on all ports out through the port that a monitoring machine is connected to. In other words, that one part acts like a hub. Now that the monitoring machine can see every bit on the entire Ethernet, it can count 'em :-) However, these switches cost a fortune and I very much doubt that the el-cheapo ADSL routers on the market have this feature. Both of mine certainly don't. -- Alan McKinnon alan dot mckinnon at gmail dot com -- gentoo-user@lists.gentoo.org mailing list
Re: [gentoo-user] [Probably off-topic] How do I find out what is consuming the bandwidth?
Alan McKinnon wrote: On Saturday 01 March 2008, Mike Mazur wrote: Hi, On Sat, Mar 1, 2008 at 2:26 AM, Steve <[EMAIL PROTECTED]> wrote: Situation: There's a LAN with a Netgear ADSL router... heterogenous OS, including Gentoo, are installed on various PCs on the LAN. I'd like to know what communicating IPs are consuming most bandwidth, and to quantify how much bandwidth they are using... Ideally, I'd like to see a real-time list of the main bandwidth consuming communicators... So you want to monitor the traffic going through your router? I imagine that would be difficult to do from one of the endpoints in your LAN (your Gentoo box). The switch should only route to your machine traffic destined for it, so how to measure the bandwidth the other machines are consuming between themselves and the outside world? If there is a way to do this I'd be very interested :) Sometimes the router has an accounting feature. Otherwise you need to make a Linux box the gateway for the entire LAN and hang the ADSL router off one of it's interfaces. Then do accounting via any one of numerous tools I concur with the above poster and use a FreeBSD machine as my gateway. There is a tool called 'trafshow' I use for quick real time traffic analysis which might be useful for you. I found it in portage: net-analyzer/trafshow Cheers, Drew -- Be a Great Magician! Visit The Alchemist's Warehouse http://www.alchemistswarehouse.com -- gentoo-user@lists.gentoo.org mailing list
Re: [gentoo-user] [Probably off-topic] How do I find out what is consuming the bandwidth?
On Saturday 01 March 2008, Mike Mazur wrote: > Hi, > > On Sat, Mar 1, 2008 at 2:26 AM, Steve <[EMAIL PROTECTED]> wrote: > > Situation: There's a LAN with a Netgear ADSL router... heterogenous > > OS, including Gentoo, are installed on various PCs on the LAN. > > > > I'd like to know what communicating IPs are consuming most > > bandwidth, and to quantify how much bandwidth they are using... > > Ideally, I'd like to see a real-time list of the main bandwidth > > consuming communicators... > > So you want to monitor the traffic going through your router? > > I imagine that would be difficult to do from one of the endpoints in > your LAN (your Gentoo box). The switch should only route to your > machine traffic destined for it, so how to measure the bandwidth the > other machines are consuming between themselves and the outside > world? > > If there is a way to do this I'd be very interested :) Sometimes the router has an accounting feature. Otherwise you need to make a Linux box the gateway for the entire LAN and hang the ADSL router off one of it's interfaces. Then do accounting via any one of numerous tools -- Alan McKinnon alan dot mckinnon at gmail dot com -- gentoo-user@lists.gentoo.org mailing list
Re: [gentoo-user] [Probably off-topic] How do I find out what is consuming the bandwidth?
Hi, On Sat, Mar 1, 2008 at 2:26 AM, Steve <[EMAIL PROTECTED]> wrote: > Situation: There's a LAN with a Netgear ADSL router... heterogenous OS, > including Gentoo, are installed on various PCs on the LAN. > > I'd like to know what communicating IPs are consuming most bandwidth, > and to quantify how much bandwidth they are using... Ideally, I'd like > to see a real-time list of the main bandwidth consuming communicators... So you want to monitor the traffic going through your router? I imagine that would be difficult to do from one of the endpoints in your LAN (your Gentoo box). The switch should only route to your machine traffic destined for it, so how to measure the bandwidth the other machines are consuming between themselves and the outside world? If there is a way to do this I'd be very interested :) Mike -- gentoo-user@lists.gentoo.org mailing list
Re: [gentoo-user] [Probably off-topic] How do I find out what is consuming the bandwidth?
On Friday 29 February 2008, Steve wrote: > Alan wrote: > > Give iftop a look. > > great tool... unfortunately, even in promiscuous mode, it doesn't track > TCP data except to/from the host on which it is running. I presume this > means that my Netgear DSL router implements a switch as as opposed to a > hub... > > Nice try though... Have you tried ntop? It has various breakdowns and in promiscuous mode it should show where the bandwidth goes. -- Regards, Mick signature.asc Description: This is a digitally signed message part.
Re: [gentoo-user] [Probably off-topic] How do I find out what is consuming the bandwidth?
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
Steve wrote:
| I'd like to know what communicating IPs are consuming most bandwidth,
Given the fact that other tools don't serve your purpose, I'd say you give
ettercap a try. It's a
sniffer that can do ARP Poisoning ("sniffing in switched lans"). Of course,
this is not a tool you'd
like to keep running all the time, given how troublesome ARP Poisoning can be.
You might get something useful enough.
- --
Arturo "Buanzo" Busleiman
Reliable inter-continental Mail Relay Service - Ask me!
Independent Security Consultant - SANS - OISSG
http://www.buanzo.com.ar/pro/
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.6 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
iD8DBQFHyFlnAlpOsGhXcE0RCi2VAKCATgXmG7kbzQPaUrukV9kcqvq3ewCeJI8J
bbLUzfM3iSTJEyKgaXitN/w=
=L/Uz
-END PGP SIGNATURE-
--
gentoo-user@lists.gentoo.org mailing list
Re: [gentoo-user] [Probably off-topic] How do I find out what is consuming the bandwidth?
Alan wrote: Give iftop a look. great tool... unfortunately, even in promiscuous mode, it doesn't track TCP data except to/from the host on which it is running. I presume this means that my Netgear DSL router implements a switch as as opposed to a hub... Nice try though... -- gentoo-user@lists.gentoo.org mailing list
Re: [gentoo-user] [Probably off-topic] How do I find out what is consuming the bandwidth?
On Fri, Feb 29, 2008 at 05:26:26PM +, Steve wrote: > Situation: There's a LAN with a Netgear ADSL router... heterogenous OS, > including Gentoo, are installed on various PCs on the LAN. > > I'd like to know what communicating IPs are consuming most bandwidth, and > to quantify how much bandwidth they are using... Ideally, I'd like to see a > real-time list of the main bandwidth consuming communicators... > > Has anyone any suggestions? "netstat" is rather more basic than I need... > and "wireshark" is somewhat more substantial than I'd like to get involved > with. Are there any simple solutions? Give iftop a look. -- Alan <[EMAIL PROTECTED]> - http://arcterex.net "Beware of computer programmers that carry screwdrivers." -- Unknown -- gentoo-user@lists.gentoo.org mailing list
[gentoo-user] [Probably off-topic] How do I find out what is consuming the bandwidth?
Situation: There's a LAN with a Netgear ADSL router... heterogenous OS, including Gentoo, are installed on various PCs on the LAN. I'd like to know what communicating IPs are consuming most bandwidth, and to quantify how much bandwidth they are using... Ideally, I'd like to see a real-time list of the main bandwidth consuming communicators... Has anyone any suggestions? "netstat" is rather more basic than I need... and "wireshark" is somewhat more substantial than I'd like to get involved with. Are there any simple solutions? -- gentoo-user@lists.gentoo.org mailing list
