LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Linux - Networking (https://www.linuxquestions.org/questions/linux-networking-3/)
-   -   Live Bandwidth Monitoring @ IP Addr Level. (https://www.linuxquestions.org/questions/linux-networking-3/live-bandwidth-monitoring-%40-ip-addr-level-459618/)

thekillerbean 06-29-2006 08:30 PM
Live Bandwidth Monitoring @ IP Addr Level.
 
Just a short while ago either a user in our organization was downloading a rather hefty file or an email with a hefty attachment was coming in to our Exchange server. Either way, it brought the network down to a crawl - well, as far as the internet goes. When I was finally notified that the network was "down" whatever it was had ceased transmitting, and hence I was unable to pinpoint the problem.

We do use ntop on our Linux firewall box for historical analysis and will eventually get to the root of the problem. However, I'm looking for a live monitor with network statistics for the last 1, 5, 15 minutes just like top does detailing which ip addresses have the highest bandwidth use. Is there such a tool or do I need a pinch?

My next option is to implement bandwidth throttling/shaping. I've had some experience with HTB at home where I use it to help satisfy my hunger for bits from the bittorrent community! This is a last resort for now, although I seem to have a case for it now that upper management have seen how quickly eBay enjoyment can come to a screeching halt!

Cheers,
tkb.

win32sux 06-29-2006 10:34 PM
i've used bandwidthd before and loved it: http://bandwidthd.sourceforge.net/

avijitp 06-29-2006 11:05 PM
You can check vnstat from http://humdi.net/vnstat/

and

bmon from the http://suug.ch/~tgr/bmon/

thekillerbean 06-29-2006 11:10 PM
Thanks win32sux.

I'll definitely install this one as it appears to have more data than ntop - I'm using a really old version of ntop so that might be an issue.

After posting here I also did some googling and came up with the following: http://www.linux.com/article.pl?sid=05/12/15/177232. They are using iptables to track each and every IP that might traverse the firewall which is probably what I want although it might result in a performance hit. However, I could create a script that I could fire off for a short duration until I'm able to detect the faulting IP and slow it down - again using iptables.

I see HTB as a much better option - the problem is that I want to migrate up to kernel version 2.6 before implementing it! Some higher ups here believe it might break something during the build knocking us off the internet. Unfortunately, whenever a short term fix is identified, it ends up being a long term fix! Oh well, I'll win the fight one day!

Cheers,
tkb.

cyberatom 07-14-2006 02:09 AM
MRTG is very nice too.

mrtg [dot] org


All times are GMT -5. The time now is 11:33 AM.