im at uni, and my internet is realy slow. i want to see if i can find out who in my house is using all the bandwidth (no one is admiting it), or wether its a virus or spyware on someone machine. i friend once showed me a network monitoring tool that displayed graphicaly all the computers on your network, and then showed there outgoing and ingoing connections with red (i think they were red) cones, with the size dictating the bandwidth usage. i cannot for the life of me remember what its called. i have XP on my pc, but network tools for that seem to limit you to just that machine, so i want to put something on my SuSE 10.0 installation on my laptop. i would like to know what this program i remember is called, or the name of another one thats equaly as good. it must show me who is using howmuch bandwith (preferably p2p networks too), and also must be easy to instal. im a complete noob with linux, so i need something easy to set up, or that comes with a installation guide. Cheers!

would look at ntop, its a first class network stats package, but you need to be aware that if you are all connected to the internet via a switch you will only see traffic destined for your PC and broadcasts, which won't help you much.

i realy need to be able to see all connections on my LAN. i need to find out where my bandwidth goes!

On a switched network you can't, unless the switch is intelligent enough to give you this information and you have access to it, or you can scope the uplink that is common to everyone. The only ways to do that are to interpose a hub between the switch and whatever it is uplinked to, or to mirror the uplink port, again assuming you have a good enough switch.

Maybe ettercap?

edit:
or iptraf?

You still won't see everything if its a switched network.

Well... I see everything in one of the company I work. Do you know ettercap? Its the most scaring tool for average windows network admins
I recommend you testing it, depending on the security of the network you are on, you will be surprised. (*)

You have a lot of other tools for running complex attacks that relies on the same mechanisms

(*) To make things clear, do not run it if you don't have the permission from your net/security admins, it can be easily detected and can cause great damage on your network.

If the company uses hubs, you will see everything. If you are connected to a mirror port of an active switch uplink then you will see everything. From the normal port on an normal switch you will only see traffic that is destined for your PC's MAC address and broadcasts/multicasts.

Passive monitoring tools all suffer from this basic limitation. The port stealing mechanisms that ettercap uses are not going to help you with general stats collection for an entire network. It will allow you to sniff single hosts, but as the MAC table must be set and reset for every stolen frame its hardly something you can do on a large scale. If its only a small network you could sniff each one in turn with ettercap and hope that you get to the offender before he's finished.

Who said it was a passive tool?

No-one did, I just didn't write that very well.

I agree for all the rest though