Nils wrote:
Hello everybody!
I have small but complicated problem.
How do you monitor what network traffic you have and how much? I want to
be able to see the origin and destination, type and volume.
We have two computer labs, with its respective ISP-connections, both with
volume based rates. These two sites are also connected to each other
through a VPN. The volume between the two sites should really be marginal.
Due to what we get charge by the ISP, we suspect a lot of non-sanctioned
material (mp3..) being transported over smb. I would like to at least be
able to monitor the volume from respective computer going through the
firewall (and the VPN).
If you can install a machine as a sniffer (hubs only in the network, or
a switch that supports port mirroring), iptraf may really help here.
I don't find it very usefull over long trends, but I use iptraf on my
network whenever I see an unexplained jump in traffic and need to track
down the source.
It's able to show traffic by port, by packet size, or a running display
of source IP:port and destination IP:port pairs. Also supports packet
filtering (which is really nice to filter out the port 22 connection
from my workstation, so the continual screen updates don't distract me
with increasing packet counts).
It's also packaged for Debian.
--Rich
_________________________________________________________
Rich Puhek
ETN Systems Inc.
2125 1st Ave East
Hibbing MN 55746
tel: 218.262.1130
email: [EMAIL PROTECTED]
_________________________________________________________
