LinuxQuestions.org
Visit the LQ Articles and Editorials section
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Networking
User Name
Password
Linux - Networking This forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.

Notices

Reply
 
LinkBack Search this Thread
Old 11-08-2012, 12:23 PM   #1
nabcoengineer
LQ Newbie
 
Registered: Nov 2012
Location: Columbus, Ohio
Distribution: Ubuntu and DSL
Posts: 3

Rep: Reputation: Disabled
Capture all WAN activity


Hi all. This is my first post here and I hope I am not re-opening something old. I want to build a Linux machine that sits between my gateway device and my cable modem and logs all activity in and out of my building. Primarily I just want to see where all the bandwidth is going (like a combined 320 gig in August). Is there a way to do this that does not involve great expenditures of either money or time? I have lots of parts lying around with which make a fairly good machine and I have been using Linux for a bunch of years now. Desktop is not a necessity, I can use a terminal just fine.
 
Old 11-08-2012, 12:53 PM   #2
unSpawn
Moderator
 
Registered: May 2001
Posts: 26,534
Blog Entries: 51

Rep: Reputation: 2602Reputation: 2602Reputation: 2602Reputation: 2602Reputation: 2602Reputation: 2602Reputation: 2602Reputation: 2602Reputation: 2602Reputation: 2602Reputation: 2602
Quote:
Originally Posted by nabcoengineer View Post
logs all activity
tcpdump + assorted tools (tcpstat, tcpflow, tcptrace, etc, etc), Ntop, you name it (see also your distro's repo's, Sourcforge, Savannah.nongnu, Berlioz and The-Site-Formerly-Known-As-Freshmeat).
 
Old 11-08-2012, 01:02 PM   #3
nabcoengineer
LQ Newbie
 
Registered: Nov 2012
Location: Columbus, Ohio
Distribution: Ubuntu and DSL
Posts: 3

Original Poster
Rep: Reputation: Disabled
Thanks for the reply. I think a clarification is in order. What I really need to know is how to do this or do I even have to do this to get the information I want. Since all my switches are, well, switches I can't just plug a system into a port and see all the traffic and since my modem only has one port I can't plug in there either. So, do I need to build a system with 2 network cards and use some software to capture everything? I am sorry if this sounds like a rather simplistic problem but for some reason I just can't get my mind wrapped around it.
 
Old 11-08-2012, 07:54 PM   #4
unSpawn
Moderator
 
Registered: May 2001
Posts: 26,534
Blog Entries: 51

Rep: Reputation: 2602Reputation: 2602Reputation: 2602Reputation: 2602Reputation: 2602Reputation: 2602Reputation: 2602Reputation: 2602Reputation: 2602Reputation: 2602Reputation: 2602
Apart from the clarification surprises, in short if you run a packet capture app on a machine with two ethernet devices in bridge mode + promiscuous mode + without assigned IP addresses you should have your traffic pass-tru. Search for "snort inline" to get the idea.
 
Old 11-09-2012, 08:47 AM   #5
nabcoengineer
LQ Newbie
 
Registered: Nov 2012
Location: Columbus, Ohio
Distribution: Ubuntu and DSL
Posts: 3

Original Poster
Rep: Reputation: Disabled
Thank you. I will do that.
 
Old 11-13-2012, 01:27 PM   #6
JaseP
Senior Member
 
Registered: Jun 2002
Location: Eastern PA, USA
Distribution: K/Ubuntu 10.04/12.04, Scientific Linux 6.3, Android-x86, Maemo
Posts: 1,658

Rep: Reputation: 138Reputation: 138
Depending on what kind of router you have, you may be able to flash it to use DD-WRT or OpenWRT and use a plugin for monitoring/logging network traffic.

One such tool, no longer under active development, is wrtbwmon,... a small shell script that can be run on various Linux powered routers. There are other projects referenced on the Google code page for the script;

See;
http://code.google.com/p/wrtbwmon/
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off
Trackbacks are Off
Pingbacks are On
Refbacks are Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Exact time of image capture and Unicap library for video capture devices Dstruct0 Programming 3 09-10-2011 06:34 PM
Malicious Activity, Packet Capture file attached shahmeer75 Linux - Security 6 05-26-2010 04:25 PM
FreeS/Wan Vs. OpenS/Wan Vs. StrongS/Wan bkankur Linux - Security 1 03-01-2005 09:27 AM
WAN : unable to ping to WAN ckl Linux - Networking 0 11-18-2004 01:56 AM


All times are GMT -5. The time now is 12:56 PM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration