Hello !
I use Slackware Linux on a box for routing and SNAT for a small network:
|eth0: 80.97.108.1|
|
|
|eth1: 192.168.1.1| ..........| my network (192.168.1.0/24)|
I search for a tool show-me on real time the trafic made by all/one IPon the
interface eth1, somethings simple ; EX:
192.168.1.10 ........... x kbit/s
192.168.1.11 ........... y kbit/s
192.168.1.12 ........... z kbit/s
192.168.1.13 ........... x kbit/s
192.168.1.14 ........... x kbit/s
192.168.1.15 ........... x kbit/s
192.168.1.16 ........... x kbit/s
192.168.1.17 ........... x kbit/s
192.168.1.18 ........... x kbit/s
192.168.1.19 ........... x kbit/s
...any ideea ..Thanks!!
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Wednesday 16 June 2004 09:51, Ionut Gogu wrote:> I search for a tool show-me on real time the trafic made by all/one IPon > the interface eth1, somethings simple ; EX: 192.168.1.10 ........... x > kbit/s > 192.168.1.11 ........... y kbit/s > 192.168.1.12 ........... z kbit/s > 192.168.1.13 ........... x kbit/s > 192.168.1.14 ........... x kbit/s > 192.168.1.15 ........... x kbit/s > 192.168.1.16 ........... x kbit/s > 192.168.1.17 ........... x kbit/s > 192.168.1.18 ........... x kbit/s > 192.168.1.19 ........... x kbit/sI''m working on one _RIGHT_NOW_ and expect it to be usable today. It will be configurable over a webinterface, and will manipulate the iptables using a small setuid C-Program I wrote. (I know, setuid root sucks, but you''ll have to make sure noone else on this server can access or run the executable file using the webserver .. that''s your job.) It uses ulogd and stores the traffic in a webinterface, it also does update the statistics database once a given limit of traffic has been reached, or a certain timeout has been hit. I might give out a usable version tomorrow, but I cannot guarantee for its bugfreeness. Though, most of the parts are done and they also seem to work the way I want them to. Plus, it won''t destroy any already-present firewall setups. - -- Thilo Schulz My public PGP key is available at http://home.bawue.de/~arny/public_key.asc -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.4 (GNU/Linux) iD8DBQFA0CmeZx4hBtWQhl4RAtm6AJ9ZnZGEaqqEVen4bhj2dp3zHQuBXwCg0mLh xUIkFG3likAGC9G4lk4rlxg=LxT8 -----END PGP SIGNATURE----- _______________________________________________ LARTC mailing list / LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
Thilo Schulz wrote:> On Wednesday 16 June 2004 09:51, Ionut Gogu wrote: >> I search for a tool show-me on real time the trafic made by all/one IPon >> the interface eth1 > > I''m working on one _RIGHT_NOW_ and expect it to be usable today. > It will be configurable over a webinterface, and will manipulate the iptables > using a small setuid C-Program I wrote. (I know, setuid root sucks, but > you''ll have to make sure noone else on this server can access or run the > executable file using the webserver .. that''s your job.) > It uses ulogd and stores the traffic in a webinterface, it also does update > the statistics database once a given limit of traffic has been reached, or a > certain timeout has been hit. I might give out a usable version tomorrow, but > I cannot guarantee for its bugfreeness. Though, most of the parts are done > and they also seem to work the way I want them to. > Plus, it won''t destroy any already-present firewall setups.I find that thing intriguing, but I have a couple questions; - How will your solution scale? can it handle 200Mb traffic full duplex on a Xeon 2.8GHz without choking? what about 100Mb on an AMD 800MHz? - Could it affect latency? - why not use sudo instead of setuid root? Cheers, -- Morten
> I search for a tool show-me on real time the trafic made by all/one > IPon the interface eth1, somethings simple ; EX: > 192.168.1.10 ........... x kbit/s > 192.168.1.11 ........... y kbit/s > 192.168.1.12 ........... z kbit/s > 192.168.1.13 ........... x kbit/s > 192.168.1.14 ........... x kbit/s > 192.168.1.15 ........... x kbit/s > 192.168.1.16 ........... x kbit/s > 192.168.1.17 ........... x kbit/s > 192.168.1.18 ........... x kbit/s > 192.168.1.19 ........... x kbit/s > > ...any ideea ..Thanks!!Perhaps something like iptraf, ntop, nettop, iftop would be sufficient? I think ntop looks the most full featured, but perhaps the others will do enough for you? (eg iptraf without port numbers should work?) Ed W _______________________________________________ LARTC mailing list / LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
On Thu, 2004-06-17 at 12:18, Ed Wildgoose wrote:> > I search for a tool show-me on real time the trafic made by all/one > > IPon the interface eth1, somethings simple ; EX: > > 192.168.1.10 ........... x kbit/s > > 192.168.1.11 ........... y kbit/s > > 192.168.1.12 ........... z kbit/s > > 192.168.1.13 ........... x kbit/s > > 192.168.1.14 ........... x kbit/s > > 192.168.1.15 ........... x kbit/s > > 192.168.1.16 ........... x kbit/s > > 192.168.1.17 ........... x kbit/s > > 192.168.1.18 ........... x kbit/s > > 192.168.1.19 ........... x kbit/s > > > > ...any ideea ..Thanks!! > > > Perhaps something like iptraf, ntop, nettop, iftop would be sufficient? > > I think ntop looks the most full featured, but perhaps the others will > do enough for you? (eg iptraf without port numbers should work?)ipfm do exactly this. 1 interface that see all trafic makes logs of what it can see i have put it on a monitor port on the switch or you can use a hardware ethernet tap -- Ronny Aasen <list@datapart-as.no> _______________________________________________ LARTC mailing list / LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Thursday 17 June 2004 09:59, Morten Nilsen wrote:> > - How will your solution scale? can it handle 200Mb traffic full duplex > on a Xeon 2.8GHz without choking? what about 100Mb on an AMD 800MHz?This is a very good question. I think, the kernel should do guiding the traffic through iptables pretty efficiently and fast. I rather suspect the accounting daemon to be the bottleneck. At the moment, I have my traffic accounter daemon, say: the one logging the traffic, linked against electricfence, which should have very negative effects on performance. I will run a transfer from my server that has a 100Mbit connection later today, and monitor CPU usage. If the electricfence-version does well, you can be sure the productive version will do definitely. My C program is actually written in a way to store produced traffic at first internally, and not use the database functions every time a packet comes in. It should be clear, that the more traffic categories you have though, the more CPU usage is going to be required. I''ll keep you updated on my findings :)> - Could it affect latency?I doubt it would have much of an impact on latency, as the accounting is being done in userspace, not on kernel level.> - why not use sudo instead of setuid root?Because I must say to my own embarassement, I haven''t used sudo yet. But: you should only have to modify a line in the php script, I think, to make this work using sudo. - -- Thilo Schulz My public PGP key is available at http://home.bawue.de/~arny/public_key.asc -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.4 (GNU/Linux) iD8DBQFA0YXEZx4hBtWQhl4RAnGJAJ4v+lc2XxZTwRDbAynGHXSzqYKTLQCgjiKM 34ytH/wFsTRQUXz5nGf4Qdg=1ldg -----END PGP SIGNATURE----- _______________________________________________ LARTC mailing list / LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Thursday 17 June 2004 13:51, Thilo Schulz wrote:> At the moment, I have my traffic accounter daemon, say: the one logging the > traffic, linked against electricfence, which should have very negative > effects on performance. I will run a transfer from my server that has a > 100Mbit connection later today, and monitor CPU usage. If the > electricfence-version does well, you can be sure the productive version > will do definitely.Okay, This seems to work really well. 226 33.268 seconds (measured here), 5.03 Mbytes per second 175560916 bytes received in 33.27 secs (5153.0 kB/s) The daemon used for logging never came above a top CPU usage of 1.8% at this throughput, and this value only got that high when my program was updating the mysql databases. Really the thing eating most of the CPU was the reading from disk and the ftp program. Here is the CPU in use for this little experiment: model name : Intel(R) Pentium(R) 4 CPU 2.66GHz Anyways, I''ll be working on doing a small release package, for those who are interested in this thing. Don''t expect too much from it, I hardly sat a week at this system. It was my goal to just have a convenient way of getting traffic statistics for my root server and be warned if I go over the traffic limit I have, not add as many nifty features as possible. You can do that yourself if you find my package worth of your precious attention and really want to ;) - -- Thilo Schulz My public PGP key is available at http://home.bawue.de/~arny/public_key.asc -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.4 (GNU/Linux) iD8DBQFA0aZFZx4hBtWQhl4RAkLVAJ4upDEUOpj267v0kLnTkg+nZpmEeACgnHkb 3LESGamMy4jjogJOIrbkBOw=6PCt -----END PGP SIGNATURE----- _______________________________________________ LARTC mailing list / LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Thursday 17 June 2004 16:10, Thilo Schulz wrote:> Anyways, I''ll be working on doing a small release package, for those who > are interested in this thing. Don''t expect too much from it, I hardly sat a > week at this system. It was my goal to just have a convenient way of > getting traffic statistics for my root server and be warned if I go over > the traffic limit I have, not add as many nifty features as possible. You > can do that yourself if you find my package worth of your precious > attention and really want to ;)My package is available for download from: http://thilo.kickchat.com/taccounter-0.99.tar.bz2 - -- Thilo Schulz My public PGP key is available at http://home.bawue.de/~arny/public_key.asc -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.4 (GNU/Linux) iD8DBQFA1bbkZx4hBtWQhl4RAh9aAJ9KcctKv+LxhDc1VmZTVS3TMNZE5wCg29/k 6Q10pVJTQ2yTdtVFY/Z5cT4=7x3+ -----END PGP SIGNATURE----- _______________________________________________ LARTC mailing list / LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/