linux gatewway traffic bandwidth monitoring by source, destination, protocol and port

I have a linux gateway that has 2 ADSL modems, does IP and VPN masquerading,
so that all traffic on the local network goes through this gateway.

I want to find out:
*) Which machine in the local LAN is consuming the ADSL bandwidth
*) Which external IP does most of the internal machines consume ADSL
bandwidth for
*) Which protocol and port consumes the most ADSL bandwidth


So far, I have tried iptraf ... but it does not have historical records ala
RRD / MRTG.

Any recommendation ?

In comp.os.linux.networking Jesus M. Salvo Jr. <(E-Mail Removed)>:

> I have a linux gateway that has 2 ADSL modems, does IP and VPN masquerading,
> so that all traffic on the local network goes through this gateway.

> I want to find out:
> *) Which machine in the local LAN is consuming the ADSL bandwidth
> *) Which external IP does most of the internal machines consume ADSL
> bandwidth for
> *) Which protocol and port consumes the most ADSL bandwidth

This way --> www.ntop.org

Running in webmode is what you want.

Good luck

--
Michael Heiming (X-PGP-Sig > GPG-Key ID: EDD27B94)
mail: echo (E-Mail Removed) | perl -pe 'y/a-z/n-za-m/'
#bofh excuse 41: interrupt configuration error

Yes, try pmacct http://freshmeat.net/projects/pmacct/

It uses either postgres or mysql to keep records and you can agregate by
hosts, networks, source ip, dest ip, etc.

A little difficult to set up and the docs are not very good, but if you
succeed, it's worth it.

Ntop does NOT keep history. If you reboot, you loose the history.




On Sun, 25 Dec 2005 11:55:01 +1100, Jesus M. Salvo Jr. wrote:

>
> I have a linux gateway that has 2 ADSL modems, does IP and VPN masquerading,
> so that all traffic on the local network goes through this gateway.
>
> I want to find out:
> *) Which machine in the local LAN is consuming the ADSL bandwidth
> *) Which external IP does most of the internal machines consume ADSL
> bandwidth for
> *) Which protocol and port consumes the most ADSL bandwidth
>
>
> So far, I have tried iptraf ... but it does not have historical records ala
> RRD / MRTG.
>
> Any recommendation ?

In comp.os.linux.networking airdog <(E-Mail Removed)>:
> On Sun, 25 Dec 2005 11:55:01 +1100, Jesus M. Salvo Jr. wrote:

[ top posting fixed }

>> I have a linux gateway that has 2 ADSL modems, does IP and VPN masquerading,
>> so that all traffic on the local network goes through this gateway.
>>
>> I want to find out:
>> *) Which machine in the local LAN is consuming the ADSL bandwidth
>> *) Which external IP does most of the internal machines consume ADSL
>> bandwidth for
>> *) Which protocol and port consumes the most ADSL bandwidth
[..]

> Yes, try pmacct http://freshmeat.net/projects/pmacct/

> It uses either postgres or mysql to keep records and you can agregate by
> hosts, networks, source ip, dest ip, etc.

> A little difficult to set up and the docs are not very good, but if you
> succeed, it's worth it.

> Ntop does NOT keep history. If you reboot, you loose the history.

Err? Ntop has rrdtool support built in these days.

--
Michael Heiming (X-PGP-Sig > GPG-Key ID: EDD27B94)
mail: echo (E-Mail Removed) | perl -pe 'y/a-z/n-za-m/'
#bofh excuse 141: disks spinning backwards - toggle the
hemisphere jumper.

Michael Heiming wrote:

> In comp.os.linux.networking Jesus M. Salvo Jr. <(E-Mail Removed)>:
>
>> I have a linux gateway that has 2 ADSL modems, does IP and VPN
>> masquerading, so that all traffic on the local network goes through this
>> gateway.
>
>> I want to find out:
>> *) Which machine in the local LAN is consuming the ADSL bandwidth
>> *) Which external IP does most of the internal machines consume ADSL
>> bandwidth for
>> *) Which protocol and port consumes the most ADSL bandwidth
>
> This way --> www.ntop.org
>
> Running in webmode is what you want.
>
> Good luck
>

Wow ... been a long time since I used ntop, I did not realise it now has
that capability built-in. Thanks.

Also, I happened to have a look at etherape, which is looks like a nice tool
to determine what's consuming your bandwidth ( it shows nods in a graph ),
but can't do historical data AFAIK.

Michael Heiming wrote:
> In comp.os.linux.networking airdog <(E-Mail Removed)>:
>
>>On Sun, 25 Dec 2005 11:55:01 +1100, Jesus M. Salvo Jr. wrote:
>
>
> [ top posting fixed }
>
>
>>>I have a linux gateway that has 2 ADSL modems, does IP and VPN masquerading,
>>>so that all traffic on the local network goes through this gateway.
>>>
>>>I want to find out:
>>>*) Which machine in the local LAN is consuming the ADSL bandwidth
>>>*) Which external IP does most of the internal machines consume ADSL
>>>bandwidth for
>>>*) Which protocol and port consumes the most ADSL bandwidth
>
> [..]
>
>
>>Yes, try pmacct http://freshmeat.net/projects/pmacct/
>
>
>>It uses either postgres or mysql to keep records and you can agregate by
>>hosts, networks, source ip, dest ip, etc.
>
>
>>A little difficult to set up and the docs are not very good, but if you
>>succeed, it's worth it.
>
>
>>Ntop does NOT keep history. If you reboot, you loose the history.
>
>
> Err? Ntop has rrdtool support built in these days.
>

Those are both good suggestions.

We also use Shorewall's accounting features along with rrdtool to track
this. It is less intensive than NTOP but requires that you know what
you are trying to account for ahead of time.

Scott R. Haven
Sr. Systems Engineer
Paisley Systems Inc.
managed services, consulting, and support
www.paisleysystems.com