Linux - NetworkingThis forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
hi, there have 10 winxp pc and 1 linux pc, all 11 pc are connect together with a switch and all have internet connection. Now i found the LAN network is ok(normal),but the internet speed very slow(ping command reply around 2k-3k milisecond)normally i ping the www.linuxquestions.org reply is around 300-400milisecond), i am a administrator, now using 1winxp pc which also connected to same network and install wireshark to is and check my network which pc occupy the internet bandwidth,maybe have 1 or more pc using p2p(bittorent... to download...)but i fail, bacause i not really understand to using wireshark to check this kind of problem,may i know is it wireshark can solve this kind of problem? ok, want i need is i really need to know which pc is occupy many2 internet bandwidth, using what software or what method to check on this kind of problem. I hope the software can check the network in LAN(all pc or apply filter to 1PC) activity status like command "netstat" or is better combine function with captures packets.
what kind of router do you have? from the architecture you allude to, wireshark is actually useless, as if all machiens are connected to a switch, the traffic from each PC will only be sent to the destination, i.e. the net, and will not be visible to a sniffer on another machine. this is as opposed to using and older hub, which does copy all traffic everywhere in a very innefficient, but useful, manner. so the only point that will see all the traffic is the router itself (assuming the switch is totally unmanaged dumb layer 2 switch.) if the router itself has no capactiy to provide information, then you could look to obtain a hub elsewhere and insert that between the switch and the router and then connect your sniffer PC to that hub. then you could see all the traffic.
The only way is to set up a machine as a gateway thru which all traffic passes. So this machine would be set up between your switch and the internet.
Only then you can monitor all traffic, for example using jnettop. I use that tool all the time to pick out bandwidth hogging users. As an additional benefit you can install traffic shaping on that Linux machine to limit those users.
You can continue to use that Linux machine for other purposes, you'd only need 2 NIC's. (To keep it simple, theoretically, 1 NIC would do as well)
The long ping times are caused by a continuously full output buffer in your (perhaps ADSL) modem.It is kept full all the time by outgoing traffic, and your ping packet is put at the end of that que.
Traffic shaping in the gateway machine does away with that, and takes care that the output buffer does not fill up.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.
how to check the network activity status on LAN.
