check which IP using bandwidth

qwertyjjj · 11-07-2010, 02:23 PM

Is there a way to check which IP is using the most bandwidth at any one time?
I have a proxy server running and occasionally some users download videos instead of stream them, which hogs the bandwidth on their connection and denies other users access.

Awatto · 11-07-2010, 04:48 PM

I think ntop will do what you're looking for.

tiredofbilkyyaforallican · 11-07-2010, 06:05 PM

Thank you for the app.This may well help me find out if someone is "stealing"my internet.

qwertyjjj · 11-08-2010, 01:59 AM

I am trying to run ntop but get this error:
[root ntop]# /usr/local/bin/ntop -i "eth0,tun0,tun1" -d -L -u ntop -P /usr/local/var/ntop --skip-version-check --use-syslog=daemon
-bash: /usr/local/bin/ntop: No such file or directory
[root ntop]#

This is following the how to at: http://www.cyberciti.biz/faq/howto-i...-fedora-linux/

Code:

[root lib]# ntop -i "eth0,tun0,tun1" -d -L -u ntop -P /usr/local/var/ntop --skip-version-check --use-syslog=daemon
Mon Nov  8 08:03:58 2010  NOTE: Interface merge enabled by default
Mon Nov  8 08:03:58 2010  Initializing gdbm databases
[root lib]# pidof ntop

[root lib]#

linuxlover.chaitanya · 11-08-2010, 03:08 AM

Check for the log messages. Your ntop seems to die as soon as it starts.

qwertyjjj · 11-08-2010, 03:33 AM

Quote:

Originally Posted by linuxlover.chaitanya

Check for the log messages. Your ntop seems to die as soon as it starts.

Is it ntop.log? That file does not seem to exist.

This is the conf:

Code:

# tells ntop the user id to run as
--user ntop

#save messages into the system log
--use-syslog=daemon

# sets the directory that ntop runs from
--db-file-path /var/lib/ntop

# the amount and severity of messages that ntop will put out
--trace-level 3

# limit ntop to listening on a specific interface and port
--http-server 127.0.0.1:3000 --https-server 127.0.0.1:3001

# Under certain circumstances, the sched_yield() function causes the ntop web
# server to lock up.  It shouldn't happen, but it does.  This option causes
# ntop to skip those calls, at a tiny performance penalty.
--disable-schedyield

# disables "phone home" behavior
--skip-version-check=yes

linuxlover.chaitanya · 11-08-2010, 03:33 AM

You could check the system log file messages in /var/log. You should get the idea there.

qwertyjjj · 11-08-2010, 03:40 AM

Code:

Nov  8 08:07:54 serverxx-xxx-xxx-198 kernel: ip_conntrack version 2.4 (7525 buckets, 60200 max) - 228 bytes per conntrack
Nov  8 08:08:16 serverxx-xxx-xxx-198 ntop[23934]:   THREADMGMT[t3086866656]: ntop RUNSTATE: PREINIT(1)
Nov  8 08:08:16 serverxx-xxx-xxx-198 ntop[23934]:   THREADMGMT[t3086866656]: ntop RUNSTATE: INIT(2)
Nov  8 08:08:16 serverxx-xxx-xxx-198 ntop[23934]:   ntop v.3.3.9 Fedora RPM
Nov  8 08:08:16 serverxx-xxx-xxx-198 ntop[23934]:   Configured on Oct 26 2009  1:22:21, built on Oct 26 2009 01:22:27.
Nov  8 08:08:16 serverxx-xxx-xxx-198 ntop[23934]:   Copyright 1998-2007 by Luca Deri <deri@ntop.org>
Nov  8 08:08:16 serverxx-xxx-xxx-198 ntop[23934]:   Get the freshest ntop from http://www.ntop.org/
Nov  8 08:08:16 serverxx-xxx-xxx-198 ntop[23934]:   NOTE: ntop is running from 'ntop'
Nov  8 08:08:16 serverxx-xxx-xxx-198 ntop[23934]:   NOTE: (but see warning on man page for the --instance parameter)
Nov  8 08:08:16 serverxx-xxx-xxx-198 ntop[23934]:   NOTE: ntop libraries are in '/usr/lib'
Nov  8 08:08:16 serverxx-xxx-xxx-198 ntop[23934]:   Initializing ntop
Nov  8 08:08:16 serverxx-xxx-xxx-198 ntop[23934]:   No patterns to load: protocol guessing disabled.
Nov  8 08:08:16 serverxx-xxx-xxx-198 kernel: device eth0 entered promiscuous mode
Nov  8 08:08:16 serverxx-xxx-xxx-198 ntop[23934]:   **WARNING** Truncated network size (device eth0) to 1024 hosts (real netmask 255.255.252.0)
Nov  8 08:08:16 serverxx-xxx-xxx-198 ntop[23934]:   Checking eth0 for additional devices
Nov  8 08:08:16 serverxx-xxx-xxx-198 ntop[23934]:   Added virtual interface: 'eth0:0'
Nov  8 08:08:16 serverxx-xxx-xxx-198 ntop[23934]:   Resetting traffic statistics for device eth0
Nov  8 08:08:16 serverxx-xxx-xxx-198 ntop[23934]:   Initializing device eth0 (0)
Nov  8 08:08:16 serverxx-xxx-xxx-198 ntop[23934]:   DLT: Device 0 [eth0] is 1, mtu 1514, header 14
Nov  8 08:08:16 serverxx-xxx-xxx-198 ntop[23934]:   **ERROR** pcap_open_live(): 'ioctl: No such device'
Nov  8 08:08:16 serverxx-xxx-xxx-198 ntop[23934]:   Please correct the problem or select a different interface using the -i flag
Nov  8 08:08:16 serverxx-xxx-xxx-198 ntop[23934]:   **FATAL_ERROR** Not root, ntop shutting down...
Nov  8 08:08:16 serverxx-xxx-xxx-198 ntop[23934]:   CLEANUP[t3086866656]: ntop caught signal 2 [state=2]
Nov  8 08:08:16 serverxx-xxx-xxx-198 ntop[23934]:   ntop is now quitting...
Nov  8 08:08:16 serverxx-xxx-xxx-198 kernel: device eth0 left promiscuous mode
Nov  8 09:32:05 serverxx-xxx-xxx-198 ntop[25619]:   THREADMGMT[t3086158048]: ntop RUNSTATE: PREINIT(1)
Nov  8 09:32:05 serverxx-xxx-xxx-198 ntop[25619]:   THREADMGMT[t3086158048]: ntop RUNSTATE: INIT(2)
Nov  8 09:32:05 serverxx-xxx-xxx-198 ntop[25619]:   ntop v.3.3.9 Fedora RPM
Nov  8 09:32:05 serverxx-xxx-xxx-198 ntop[25619]:   Configured on Oct 26 2009  1:22:21, built on Oct 26 2009 01:22:27.
Nov  8 09:32:05 serverxx-xxx-xxx-198 ntop[25619]:   Copyright 1998-2007 by Luca Deri <deri@ntop.org>
Nov  8 09:32:05 serverxx-xxx-xxx-198 ntop[25619]:   Get the freshest ntop from http://www.ntop.org/
Nov  8 09:32:05 serverxx-xxx-xxx-198 ntop[25619]:   NOTE: ntop is running from 'ntop'
Nov  8 09:32:05 serverxx-xxx-xxx-198 ntop[25619]:   NOTE: (but see warning on man page for the --instance parameter)
Nov  8 09:32:05 serverxx-xxx-xxx-198 ntop[25619]:   NOTE: ntop libraries are in '/usr/lib'
Nov  8 09:32:05 serverxx-xxx-xxx-198 ntop[25619]:   Initializing ntop
Nov  8 09:32:05 serverxx-xxx-xxx-198 ntop[25619]:   No patterns to load: protocol guessing disabled.
Nov  8 09:32:05 serverxx-xxx-xxx-198 ntop[25619]:   **WARNING** Truncated network size (device eth0) to 1024 hosts (real netmask 255.255.252.0)
Nov  8 09:32:05 serverxx-xxx-xxx-198 ntop[25619]:   Checking eth0 for additional devices
Nov  8 09:32:05 serverxx-xxx-xxx-198 ntop[25619]:   Added virtual interface: 'eth0:0'
Nov  8 09:32:05 serverxx-xxx-xxx-198 ntop[25619]:   Resetting traffic statistics for device eth0
Nov  8 09:32:05 serverxx-xxx-xxx-198 ntop[25619]:   Initializing device eth0 (0)
Nov  8 09:32:05 serverxx-xxx-xxx-198 kernel: device eth0 entered promiscuous mode
Nov  8 09:32:05 serverxx-xxx-xxx-198 ntop[25619]:   DLT: Device 0 [eth0] is 1, mtu 1514, header 14
Nov  8 09:32:05 serverxx-xxx-xxx-198 ntop[25619]:   **ERROR** pcap_open_live(): 'ioctl: No such device'
Nov  8 09:32:05 serverxx-xxx-xxx-198 ntop[25619]:   Please correct the problem or select a different interface using the -i flag
Nov  8 09:32:05 serverxx-xxx-xxx-198 ntop[25619]:   **FATAL_ERROR** Not root, ntop shutting down...
Nov  8 09:32:05 serverxx-xxx-xxx-198 ntop[25619]:   CLEANUP[t3086158048]: ntop caught signal 2 [state=2]
Nov  8 09:32:05 serverxx-xxx-xxx-198 ntop[25619]:   ntop is now quitting...
Nov  8 09:32:05 serverxx-xxx-xxx-198 kernel: device eth0 left promiscuous mode

linuxlover.chaitanya · 11-08-2010, 04:00 AM

Your configuration file will have no effect if you are running it from command line.

Can you see this:

Code:

Initializing ntop
Nov  8 08:08:16 serverxx-xxx-xxx-198 ntop[23934]:   No patterns to load: protocol guessing disabled.
Nov  8 08:08:16 serverxx-xxx-xxx-198 kernel: device eth0 entered promiscuous mode
Nov  8 08:08:16 serverxx-xxx-xxx-198 ntop[23934]:   **WARNING** Truncated network size (device eth0) to 1024 hosts (real netmask 255.255.252.0)
Nov  8 08:08:16 serverxx-xxx-xxx-198 ntop[23934]:   Checking eth0 for additional devices
Nov  8 08:08:16 serverxx-xxx-xxx-198 ntop[23934]:   Added virtual interface: 'eth0:0'
Nov  8 08:08:16 serverxx-xxx-xxx-198 ntop[23934]:   Resetting traffic statistics for device eth0
Nov  8 08:08:16 serverxx-xxx-xxx-198 ntop[23934]:   Initializing device eth0 (0)
Nov  8 08:08:16 serverxx-xxx-xxx-198 ntop[23934]:   DLT: Device 0 [eth0] is 1, mtu 1514, header 14
Nov  8 08:08:16 serverxx-xxx-xxx-198 ntop[23934]:   **ERROR** pcap_open_live(): 'ioctl: No such device'
Nov  8 08:08:16 serverxx-xxx-xxx-198 ntop[23934]:   Please correct the problem or select a different interface using the -i flag
Nov  8 08:08:16 serverxx-xxx-xxx-198 ntop[23934]:   **FATAL_ERROR** Not root, ntop shutting down...
Nov  8 08:08:16 serverxx-xxx-xxx-198 ntop[23934]:   CLEANUP[t3086866656]: ntop caught signal 2 [state=2]
Nov  8 08:08:16 serverxx-xxx-xxx-198 ntop[23934]:   ntop is now quitting...

qwertyjjj · 11-08-2010, 04:07 AM

Quote:

Originally Posted by linuxlover.chaitanya

Your configuration file will have no effect if you are running it from command line.

Can you see this:

Code:

Initializing ntop
Nov  8 08:08:16 serverxx-xxx-xxx-198 ntop[23934]:   No patterns to load: protocol guessing disabled.
Nov  8 08:08:16 serverxx-xxx-xxx-198 kernel: device eth0 entered promiscuous mode
Nov  8 08:08:16 serverxx-xxx-xxx-198 ntop[23934]:   **WARNING** Truncated network size (device eth0) to 1024 hosts (real netmask 255.255.252.0)
Nov  8 08:08:16 serverxx-xxx-xxx-198 ntop[23934]:   Checking eth0 for additional devices
Nov  8 08:08:16 serverxx-xxx-xxx-198 ntop[23934]:   Added virtual interface: 'eth0:0'
Nov  8 08:08:16 serverxx-xxx-xxx-198 ntop[23934]:   Resetting traffic statistics for device eth0
Nov  8 08:08:16 serverxx-xxx-xxx-198 ntop[23934]:   Initializing device eth0 (0)
Nov  8 08:08:16 serverxx-xxx-xxx-198 ntop[23934]:   DLT: Device 0 [eth0] is 1, mtu 1514, header 14
Nov  8 08:08:16 serverxx-xxx-xxx-198 ntop[23934]:   **ERROR** pcap_open_live(): 'ioctl: No such device'
Nov  8 08:08:16 serverxx-xxx-xxx-198 ntop[23934]:   Please correct the problem or select a different interface using the -i flag
Nov  8 08:08:16 serverxx-xxx-xxx-198 ntop[23934]:   **FATAL_ERROR** Not root, ntop shutting down...
Nov  8 08:08:16 serverxx-xxx-xxx-198 ntop[23934]:   CLEANUP[t3086866656]: ntop caught signal 2 [state=2]
Nov  8 08:08:16 serverxx-xxx-xxx-198 ntop[23934]:   ntop is now quitting...

But what is the problem?
I am running it as root so am not sure what the issue is...

linuxlover.chaitanya · 11-08-2010, 04:20 AM

No usually you do not run ntop as root but as its own user. Why dont you try to configure the config file and run ntop as service. I do this.

linuxlover.chaitanya · 11-08-2010, 04:24 AM

Well I would suggest using your repositories to install ntop rather than compiling it from source. You can uninstall the current installation and then use yum to install a fresh copy. Also make sure you are deleting all the database files after uninstall is finished.

qwertyjjj · 11-08-2010, 04:24 AM

Quote:

Originally Posted by linuxlover.chaitanya

No usually you do not run ntop as root but as its own user. Why dont you try to configure the config file and run ntop as service. I do this.

How can I run it as a service?
Do I login as ntop and then do this? I cannot login as ntop as it says password denied even though I set the password eaerlier.
ntop -i "eth0,tun0,tun1" -d -L -u ntop -P /usr/local/var/ntop --skip-version-check --use-syslog=daemon

qwertyjjj · 11-08-2010, 04:27 AM

Quote:

Originally Posted by linuxlover.chaitanya

Well I would suggest using your repositories to install ntop rather than compiling it from source. You can uninstall the current installation and then use yum to install a fresh copy. Also make sure you are deleting all the database files after uninstall is finished.

I used yum install to install it already.

linuxlover.chaitanya · 11-08-2010, 04:28 AM

See my earlier post. If you installed ntop from source we can not say if the installation was clean. What I would suggest you is a clean installation from yum repositories.