Linux - NetworkingThis forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
I have a small office network with windows machines and a Linux internet access server (CentOS 5.4). For internet acces I use masquerade, so everione can access every internet service.
I periodicali have quite big traffic from one of the hosts, but I can't figure out which one is that?
Is there any linux command which will show me the bytes/packets (or any usefull infos) going to specific hosts?
You could throw a live DVD (I recommend Knoppix as it has tools like rkhunter chkrootkit and unhide on the DVD)into a machine and look at using network monitoring tools on the DVD and ssh to look at different machines on the network. Use your distributions repositories to see what they include in the way of network monitoring tools. There are SEVERAL. eg: Knoppix as root or sudo su: synaptic (opens up package manager). Browse the network section of manager and read descriptions.
It seems to me that you could improve your security by turning your Centos machine into a proxy server and restricting access to only http. No ftp,telnet or whatever else. I do not know enough about your network to comment further, however I would advise if you have Windows machines accessing the internet you disable file sharing, microsoft client, print sharing and telnet for starters and only allow tcp. Please start reading Security and Network related sections of linuxquestions.org
Not sure of a linux command that will do that, but if you can install applications on that box, install Ntop. It does what you're looking for, and plenty more. It's the sh*t. Really.
Yes I agree, ntop is a CLI program you can install with your package manager eg: YaST, Yum,aptitude etc. But there were a few things the OP said that really concerned me and I was trying to point them towards more tools for monitoring networks and security.
MazinOz has given a very nice way to monitor network traffic,it will be a nice option of having proxy sever and having only http access, it will surely work out. I was just wondering that is http and https will more good and in this s means security. It comes directly or we have to add this.
iptables is the way to go. The option "-m state state NEW" would just log new connections.
There's more to it than that, but search on iptables and logging. Then be sure your syslog is configured to dump firewall messages into your firewall log. Then be sure you are rotating that log...
"I was just wondering that is http and https will more good and in this s means security".
You need to configure /etc/squid.conf and designate http (80 or 8080 or 3128) and https (445) as ports to use. Most of the essential configuration is at the start of the file, or use Centos to setup proxy server. The network machines need to have the browser settings set up to go through the proxy server.
You can use SARG Squid Analysis Report Generator for monitoring Squid traffic. It gives daily, weekly and Monthly reports and provides many informations about Squid users activities: times, bytes, sites, etc...
I have used this one for managing my squid server monitoring.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.