You might want to try out the packat "iptraf" and monitor the interface ipsec0. It gives you various overwiews on traffic going over each port in / out as well as other statistics. Only drawback: It only counts as long as you leave it running on console. But I guess leaving it running for e.g. 12 hours (one work-day) should be sufficient to get an idea what's going on, right?
And you could also try to sniff the SMB-traffic ... there are probably ways to "listen" which files (with what filenames etc.) are transfered. I strongly believe there are tools doing this out there. Ethereal maybe? (Haven't worked with it yet.) On 14 Mar 2003 at 20:03, Nils wrote: > I have small but complicated problem. > > How do you monitor what network traffic you have and how much? I want > to be able to see the origin and destination, type and volume. > > We have two computer labs, with its respective ISP-connections, both > with volume based rates. These two sites are also connected to each > other through a VPN. The volume between the two sites should really be > marginal. Due to what we get charge by the ISP, we suspect a lot of > non-sanctioned material (mp3..) being transported over smb. I would > like to at least be able to monitor the volume from respective > computer going through the firewall (and the VPN). > > Preferably, I would like to have information like: > ------------------------------------------------ > Date xx/xx/xx > Workstation A (xxx.xxx.xxx.xxx) (95 MB) > SMB.....35 MB > HTTP....40 MB > RSYNC...10 MB > FTP......5 MB > SSH...
