Hello everybody!
I have small but complicated problem.
How do you monitor what network traffic you have and how much? I want to be able to see the origin and destination, type and volume.
We have two computer labs, with its respective ISP-connections, both with volume based rates. These two sites are also connected to each other through a VPN. The volume between the two sites should really be marginal. Due to what we get charge by the ISP, we suspect a lot of non-sanctioned material (mp3..) being transported over smb. I would like to at least be able to monitor the volume from respective computer going through the firewall (and the VPN).
If you can install a machine as a sniffer (hubs only in the network, or a switch that supports port mirroring), iptraf may really help here.
I don't find it very usefull over long trends, but I use iptraf on my network whenever I see an unexplained jump in traffic and need to track down the source.
It's able to show traffic by port, by packet size, or a running display of source IP:port and destination IP:port pairs. Also supports packet filtering (which is really nice to filter out the port 22 connection from my workstation, so the continual screen updates don't distract me with increasing packet counts).
It's also packaged for Debian.
--Rich
_________________________________________________________
Rich Puhek ETN Systems Inc. 2125 1st Ave East Hibbing MN 55746
tel: 218.262.1130 email: [EMAIL PROTECTED] _________________________________________________________
-- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
