Re: [Nolug] Re: Help with tcpdump

From: Brad Bendily <bendily_at_gmail.com>
Date: Thu, 11 Aug 2011 09:04:48 -0500
Message-Id: <518FCB26-7103-4F7D-BA35-77D6C2411F1B@gmail.com>

iftop will give you a realtime view of bandwidth usage. Ntop may be the best for long term monitoring.

On Aug 11, 2011, at 9:00 AM, Joey Kelly <joey@joeykelly.net> wrote:

> On Thursday 11 August 2011 07:13, Gilberto Martins wrote:
>> Does anybody can help me with this tcpdump issue ?
>
> I can suggest an alternate, simpler path...
>
> Run iptraf, vnstat or similar on the interface connected to the other guy's
> LAN and you'll have the bandwidth he uses. ntop can give you info about who
> he's talking to, as could a transparent squid instance on his segment.
>
> --Joey
>
>>
>> Gilberto Martins
>>
>>
>>
>> On Mon, Jul 18, 2011 at 1:53 PM, Gilberto Martins
>>
>> <gsilva.martins@gmail.com>wrote:
>>> Hi guys.
>>>
>>> I need a help with tcpdump, which is the tool I think works finest for
>>> that. But I guess that if I present you my structure, maybe one of you
>>> come out with a better solution.
>>>
>>> My structure is composed by a Linux Firewall with interfaces to an
>>> User Net (10.8.0.0/22) and two external access. In this net, there is
>>> a server from another company. We have no access to it, but we allow
>>> them the use of our infrastructure. His communication is not
>>> encripted.
>>> Now, my boss desires to know:
>>> 1 - The percentage of its use, faced to our use;
>>> 2 - The hosts that communicate to him
>>>
>>> I really don't know if there is any already made tool that could solve
>>> this out, but I found that I could colect the whole stream with
>>> tcpdump, and split the collection with many other tools. So what I
>>> did:
>>>
>>> To collect the whole stream:
>>>
>>> # sudo tcpdump -tttt -vn -i eth1 host <server> > ~/ServerStream.txt
>>>
>>> After that, I will use sed, cut, grep to split it in the way I need.
>>> My doubt is about the packet's size. A line from the capture is like:
>>>
>>> 2011-07-18 13:46:36.774050 IP (tos 0x10, ttl 64, id 32738, offset
>>> 0, flags [DF], proto TCP (6), length 1500) 10.8.0.1.22 >
>>> 10.8.2.6.54747: . 1758048:1759496(1448) ack 433 win 305
>>> <nop,nop,timestamp 799795676 1961885>
>>>
>>> The size of this packet is 1500 bytes, extracted from "length 1500" ?
>>>
>>> Thanks, people!
>>>
>>> Gilberto Martins
>
> --
> Joey Kelly
> Minister of the Gospel and Linux Consultant
> http://joeykelly.net
> 504-239-6550
> ___________________
> Nolug mailing list
> nolug@nolug.org
___________________
Nolug mailing list
nolug@nolug.org
Received on 08/11/11

This archive was generated by hypermail 2.2.0 : 08/11/11 EDT