LinuxQuestions.org
Help answer threads with 0 replies.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Security
User Name
Password
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices


Reply
  Search this Thread
Old 10-09-2007, 04:07 PM   #1
lumix
Member
 
Registered: Mar 2007
Distribution: Hardy (Gnome on Ubuntu 8.04) on Compaq N600c laptop
Posts: 323

Rep: Reputation: 30
What linux based tool can help me monitor (http, ftp, etc) usage BY HOST?


In other words:

the more functionality the merrier, but I need:

1) what hosts are the top ten http users? (and where did they go?)
2) what hosts are using instant messaging
3) etc.

thanks.
 
Old 10-09-2007, 04:22 PM   #2
acid_kewpie
Moderator
 
Registered: Jun 2001
Location: UK
Distribution: Gentoo, RHEL, Fedora, Centos
Posts: 43,417

Rep: Reputation: 1975Reputation: 1975Reputation: 1975Reputation: 1975Reputation: 1975Reputation: 1975Reputation: 1975Reputation: 1975Reputation: 1975Reputation: 1975Reputation: 1975
you've really said nothign useful about your topology... http users? what http? general internet? what network architecture do you have at your disposal? proxies?? out of the blue i'd suggest looking at ntop, but form the minimal description i really have no idea if it's what you actually are looking for.
 
Old 10-09-2007, 05:36 PM   #3
uid0sd
Member
 
Registered: Aug 2006
Distribution: Mac OS X, Debian, Ubuntu
Posts: 37

Rep: Reputation: 15
I agree your question is pretty vague but how about using 'iftop'?

http://ex-parrot.com/~pdw/iftop/
 
Old 10-10-2007, 02:05 AM   #4
netlogic
Member
 
Registered: Jun 2007
Posts: 36

Rep: Reputation: 15
Are you looking for a bandwidth monitoring tool for your Linux router? I'm not understanding your question. If you are, there are plenty to choose.
 
Old 10-10-2007, 09:31 AM   #5
lumix
Member
 
Registered: Mar 2007
Distribution: Hardy (Gnome on Ubuntu 8.04) on Compaq N600c laptop
Posts: 323

Original Poster
Rep: Reputation: 30
Okay, I didn't think this was all that vague, but I'll try to explain a different way.


Let's take a simple small business network, to make things simple. I have one router, zero servers and 20 workstations. I want to monitor and/or compile reports about who the top 10 users of http bandwidth are/were over the last hour/day/week/etc.

Whether it's bar graphs, line graphs, or tables, I want to know which host (really, very difficult to do this by actual user, I imagine) was associated with the greatest number of http bytes over some time period.

Does that make sense?

Thanks.
 
Old 10-10-2007, 10:29 AM   #6
acid_kewpie
Moderator
 
Registered: Jun 2001
Location: UK
Distribution: Gentoo, RHEL, Fedora, Centos
Posts: 43,417

Rep: Reputation: 1975Reputation: 1975Reputation: 1975Reputation: 1975Reputation: 1975Reputation: 1975Reputation: 1975Reputation: 1975Reputation: 1975Reputation: 1975Reputation: 1975
to obtain these details without any other changes at all, then as i originally suggested, ntop. that in itself requires visibility of inbound / outbound network traffic though. at the simplest level you could place an old hub (*NOT* a switch...) between the internal switch and your router. this will let another machine connected to that hub to see all traffic on all ports. ntop can then see all traffic going anywhere.

moving on to a more integrated solution, use a linux server to sit betwen the internal nodes and the rest of the network. you can then run a squid proxy server on that if your users are only using http services. this would allow a higher level of analysis, and as part of that you prevent any one going directly to the internet for any other service. you could then add user level authentication too. alternatively ntop can also still run very well in this arhcitecture, better actually than the hub method above. if you don't wish to configure these individual services, a firewall distro like ipcop will contain these services, and can be very simply customized to suit your needs.
 
Old 10-10-2007, 01:54 PM   #7
lumix
Member
 
Registered: Mar 2007
Distribution: Hardy (Gnome on Ubuntu 8.04) on Compaq N600c laptop
Posts: 323

Original Poster
Rep: Reputation: 30
Ntop...

hmmm, I'll check it out, thanks.

Naturally, no matter the solution (unless some WS-based solution), this requires some point of total visibility. Most decent switches have a port for just such an occasion. Some even have the ability to assign them at will.

Last edited by lumix; 10-10-2007 at 01:58 PM.
 
Old 10-10-2007, 02:33 PM   #8
acid_kewpie
Moderator
 
Registered: Jun 2001
Location: UK
Distribution: Gentoo, RHEL, Fedora, Centos
Posts: 43,417

Rep: Reputation: 1975Reputation: 1975Reputation: 1975Reputation: 1975Reputation: 1975Reputation: 1975Reputation: 1975Reputation: 1975Reputation: 1975Reputation: 1975Reputation: 1975
well yes. i could suggest that you buy and install a cisco 3750E catalyst stack with rspan support, but that wasn't suitable for the level of implementation suggested... sounds like the switches i work with day in day out would cost more than your entire LAN
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
Monitoring traffic tool/web based(non-cgi?)/non-SNMP/low CPU usage/non-real time pe2338 Linux - Networking 3 05-04-2006 01:00 PM
Need Help In Building a Web-based Firewall Configuration Tool for Linux(RH9-iptables) eason Linux - General 1 02-21-2004 05:34 PM
MS Office client - Linux host based shared calendar testerman Linux - Software 0 02-05-2004 09:42 AM

LinuxQuestions.org > Forums > Linux Forums > Linux - Security

All times are GMT -5. The time now is 01:01 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration