sorry, the correct name is*bandwidthd*
2010/6/9 Fabio T. Leitao <fabio.tleitao@gmail.com>
I also know (and use in a customer firewall) bandwithd... it plots a decent web report of traffic per network, per IP, several protocols...
2010/6/8 Bill <beau@billbeau.net>
I think mrtg is a little better. It graphs it out for ya so you can see
where the peaks are. It is a fantastic tool to see in a quick glance
what is going on with traffic and loads. If your working in say a data
center where you need to monitor several routers you can graph each and
every port. It was a great tool for DOS attacks we could see real quick
where the trouble was.
On 6/8/2010 11:32 AM, Jorge Armando Medina wrote:
> Bill wrote:
>
>> I also use snmp and mrtg. I like seeing how much traffic is coming
>> through during the night.
>>
>>
> vnstat is good for that, here a example:
>
> # vnstat -i eth1 -d
>
> * eth1 */ *daily
>
> * * *day * * * * rx * * *| * * tx * * *| *total
> ------------------------+-------------+----------------------------------------
> * * 10.05. * * *1.55 GB *| *614.03 MB *| * *2.15 GB * %%%%%%:::
> * * 11.05. * * *1.95 GB *| *830.82 MB *| * *2.76 GB * %%%%%%%%::::
> * * 12.05. * * *1.79 GB *| *897.25 MB *| * *2.66 GB * %%%%%%%%::::
> * * 13.05. * * *1.75 GB *| *885.00 MB *| * *2.61 GB * %%%%%%%::::
> * * 14.05. * * *2.31 GB *| *845.42 MB *| * *3.14 GB * %%%%%%%%%%::::
> * * 15.05. * *504.79 MB *| *372.75 MB *| *877.54 MB * %%:
> * * 16.05. * * 43.93 MB *| * 92.58 MB *| *136.51 MB
> * * 17.05. * * *1.35 GB *| *746.94 MB *| * *2.08 GB * %%%%%%:::
> * * 18.05. * * *1.91 GB *| * *1.14 GB *| * *3.05 GB * %%%%%%%%:::::
> * * 19.05. * * *1.38 GB *| *943.80 MB *| * *2.30 GB * %%%%%%::::
> * * 20.05. * * *1.29 GB *| *852.66 MB *| * *2.12 GB * %%%%%::::
> * * 21.05. * * *1.40 GB *| *729.03 MB *| * *2.11 GB * %%%%%%:::
> * * 22.05. * *394.85 MB *| *280.23 MB *| *675.08 MB * %%:
> * * 23.05. * * 78.72 MB *| *184.89 MB *| *263.61 MB * :
> * * 24.05. * * *1.42 GB *| *838.88 MB *| * *2.24 GB * %%%%%%::::
> * * 25.05. * * *1.50 GB *| *871.23 MB *| * *2.35 GB * %%%%%%::::
> * * 26.05. * * *1.61 GB *| *893.04 MB *| * *2.48 GB * %%%%%%%::::
> * * 27.05. * * *1.67 GB *| *993.82 MB *| * *2.65 GB * %%%%%%%%::::
> * * 28.05. * * *1.57 GB *| * *1.71 GB *| * *3.29 GB * %%%%%%%::::::::
> * * 29.05. * *718.45 MB *| *360.40 MB *| * *1.05 GB * %%%:
> * * 30.05. * * 44.14 MB *| * 81.51 MB *| *125.65 MB
> * * 31.05. * * *1.04 GB *| *775.54 MB *| * *1.80 GB * %%%%%:::
> * * 01.06. * * *1.15 GB *| *642.65 MB *| * *1.78 GB * %%%%%:::
> * * 02.06. * * *1.56 GB *| * *1.12 GB *| * *2.68 GB * %%%%%%%:::::
> * * 03.06. * * *3.85 GB *| * *1.62 GB *| * *5.47 GB
> %%%%%%%%%%%%%%%%%%:::::::
> * * 04.06. * * *2.32 GB *| * *1.49 GB *| * *3.81 GB * %%%%%%%%%%:::::::
> * * 05.06. * *876.30 MB *| *449.40 MB *| * *1.29 GB * %%%::
> * * 06.06. * *117.62 MB *| *158.43 MB *| *276.05 MB * :
> * * 07.06. * * *1.99 GB *| * *1.38 GB *| * *3.37 GB * %%%%%%%%%::::::
> * * 08.06. * *981.30 MB *| *712.62 MB *| * *1.65 GB * %%%%:::
> ------------------------+-------------+----------------------------------------
> * estimated * * 1.70 GB *| * *1.23 GB *| * *2.93 GB
>
> Best regards.
>
>> On 6/8/2010 8:52 AM, Eric Peters wrote:
>>
>>
>>> I agree, proactively monitoring your network, makes for good practice,
>>> and also peace of mind. Security through obscurity, and passive
>>> reactionary monitoring is just asking for your network to be abused.
>>> Here are just some tools that I use on a daily basis which
>>> would easily detect p2p traffic and other abuses.
>>>
>>> Ntop * * * *= /ntop/ is a network traffic probe that shows the network
>>> usage, similar to what the popular top Unix command does, but prettier!
>>> Snort * * * = /Snort/ is a free and open source network intrusion
>>> prevention system (NIPS) and network intrusion detection system (NIDS)
>>> Snorby * * = Great front end for Snort, I'm currently working on a howto
>>> for this under Ubuntu 10.4
>>> ET Rules *= Emerging Threats is an open source community project with
>>> the fastest moving and most diverse Snort Signature set and firewall
>>> rules available
>>> Wireshark = /Wireshark/ is a network protocol analyzer
>>> nmap * * * = Security Scanner For Network Exploration& *computer scanning
>>>
>>> I'm curious as to what everyone else is using? Did I leave anything out?
>>> What's your thoughts on this subject?
>>>
>>>
>>> Cheers,
>>> Eric
>>>
>>>
>>> On Sat, Jun 5, 2010 at 5:53 PM, Michael Sanders<dsanders@jsu.edu
>>> <mailto:dsanders@jsu.edu>> *wrote:
>>>
>>> * * *I second Paul that is the way to go, once one finds out they have
>>> * * *eyes on them, it "can" fix it's self. *We had a problem with an
>>> * * *individual serving up files and the big bad record industry sent a
>>> * * *letter. That gave us the right to cut the user off. Once turned back
>>> * * *on behavior changed. * You will get some flack on the front end but
>>> * * *over time a majority of the community will get in line.
>>>
>>> * * * * Danny Michael Sanders
>>> * * * * IT Support Analyst
>>>
>>> * * *----- "Paul Graydon"<paul@paulgraydon.co.uk
>>> * * *<mailto
aul@paulgraydon.co.uk>> *wrote:
>>> * * * > *That will help, but realistically you're going to have to block
>>> * * *every "high port" to stop P2P through that method.
>>> * * * >
>>> * * * > *The only way to effectively block P2P is to do packet sniffing
>>> * * *and analysis.. and that's just one big hassle.
>>> * * * >
>>> * * * > *My belief is this is usually the wrong way to tackle the problem,
>>> * * *looking for a technical solution to a human resource problem.
>>> * * * > *User education (and LARTing if necessary) is the key. *Using
>>> * * *software like Cacti to monitor and graph per-port traffic stats,
>>> * * *identify the largest bandwidth users and then focus on them and find
>>> * * *out just why they're using up so much bandwidth.
>>> * * * > *It's remarkable just how soon the problem all goes away after you
>>> * * *find just one or two individuals who are abusing the network
>>> * * *infrastructure and explain to them what the disciplinary procedures
>>> * * *are (or enact if it's appropriate and you have concrete evidence.)
>>> * * *The message soon spreads!
>>> * * * >
>>> * * * > *Paul
>>> * * * >
>>> * * * > *On 06/04/2010 05:03 AM, Greyson Farias wrote:
>>>
>>> * * * * *Hello,
>>> * * * * * >
>>> * * * * * > *You can use these iptables rules, because I don't like, don't
>>> * * * * *use and I don't wanna learn ufw. hehehehehe
>>> * * * * * >
>>> * * * * * > *# Block P2P connections
>>> * * * * * > *iptables -A FORWARD -p tcp --dport 1214:1215 -j DROP
>>> * * * * * > *iptables -A FORWARD -p udp --dport 1214:1215 -j DROP
>>> * * * * * > *iptables -A FORWARD -p tcp --dport 1981 -j DROP
>>> * * * * * > *iptables -A FORWARD -p udp --dport 1981 -j DROP
>>> * * * * * > *iptables -A FORWARD -p tcp --dport 2037 -j DROP
>>> * * * * * > *iptables -A FORWARD -p udp --dport 2037 -j DROP
>>> * * * * * > *iptables -A FORWARD -p tcp --dport 3501 -j DROP
>>> * * * * * > *iptables -A FORWARD -p udp --dport 3501 -j DROP
>>> * * * * * > *iptables -A FORWARD -p tcp --dport 3531 -j DROP
>>> * * * * * > *iptables -A FORWARD -p udp --dport 3531 -j DROP
>>> * * * * * > *iptables -A FORWARD -p tcp --dport 3587 -j DROP
>>> * * * * * > *iptables -A FORWARD -p udp --dport 3587 -j DROP
>>> * * * * * > *iptables -A FORWARD -p tcp --dport 3955 -j DROP
>>> * * * * * > *iptables -A FORWARD -p udp --dport 3955 -j DROP
>>> * * * * * > *iptables -A FORWARD -p tcp --dport 4242 -j DROP
>>> * * * * * > *iptables -A FORWARD -p udp --dport 4242 -j DROP
>>> * * * * * > *iptables -A FORWARD -p tcp --dport 4661:4672 -j DROP
>>> * * * * * > *iptables -A FORWARD -p udp --dport 4661:4672 -j DROP
>>> * * * * * > *iptables -A FORWARD -p tcp --dport 4688 -j DROP
>>> * * * * * > *iptables -A FORWARD -p udp --dport 4688 -j DROP
>>> * * * * * > *iptables -A FORWARD -p tcp --dport 5121 -j DROP
>>> * * * * * > *iptables -A FORWARD -p udp --dport 5121 -j DROP
>>> * * * * * > *iptables -A FORWARD -p tcp --dport 5662 -j DROP
>>> * * * * * > *iptables -A FORWARD -p udp --dport 5662 -j DROP
>>> * * * * * > *iptables -A FORWARD -p tcp --dport 6085:6086 -j DROP
>>> * * * * * > *iptables -A FORWARD -p udp --dport 6085:6086 -j DROP
>>> * * * * * > *iptables -A FORWARD -p tcp --dport 6346:6347 -j DROP
>>> * * * * * > *iptables -A FORWARD -p udp --dport 6346:6347 -j DROP
>>> * * * * * > *iptables -A FORWARD -p tcp --dport 6699 -j DROP
>>> * * * * * > *iptables -A FORWARD -p udp --dport 6699 -j DROP
>>> * * * * * > *iptables -A FORWARD -p udp --dport 6881:6889 -j DROP
>>> * * * * * > *iptables -A FORWARD -p tcp --dport 6881:6889 -j DROP
>>> * * * * * > *iptables -A FORWARD -p tcp --dport 8473 -j DROP
>>> * * * * * > *iptables -A FORWARD -p udp --dport 8473 -j DROP
>>> * * * * * >
>>> * * * * * >
>>> * * * * * >
>>> * * * * * >
>>> * * * * * > *2010/6/4 Kaushal Shriyan<kaushalshriyan@gmail.com
>>> * * * * *<mailto:kaushalshriyan@gmail.com>>
>>> * * * * * >
>>>
>>> * * * * * * *Hi,
>>> * * * * * * * >
>>> * * * * * * * > *is there a howto for blocking p2p traffic on ubuntu 10.04
>>> * * * * * * *server ?
>>> * * * * * * * >
>>> * * * * * * * > *Thanks,
>>> * * * * * * * >
>>> * * * * * * * > *Kaushal
>>> * * * * * * * >
>>> * * * * * * * > *--
>>> * * * * * * * > *ubuntu-server mailing list
>>> * * * * * * * > *ubuntu-server@lists.ubuntu.com
>>> * * * * * * *<mailto:ubuntu-server@lists.ubuntu.com>
>>> * * * * * * * > *https://lists.ubuntu.com/mailman/listinfo/ubuntu-server
>>> * * * * * * * > *More info: https://wiki.ubuntu.com/ServerTeam
>>> * * * * * * * >
>>>
>>>
>>> * * * * * >
>>>
>>> * * * * * > *--
>>> * * * * * > *Greyson Farias
>>> * * * * * > *Técnico em Informática - CREA/AC 9329TD
>>> * * * * * > *Ubuntu user
>>> * * * * * > *Eu prefiro receber documentos em ODF.
>>> * * * * * > *http://ubuntu.com/download/getubuntu
>>> * * * * * > *Blog Ubuntu Acre: http://ubuntu-ac.org
>>> * * * * * >
>>>
>>>
>>> * * * >
>>> * * * >
>>>
>>> * * *--
>>> * * *ubuntu-server mailing list
>>> * * *ubuntu-server@lists.ubuntu.com<mailto:ubuntu-server@lists.ubuntu.com>
>>> * * *https://lists.ubuntu.com/mailman/listinfo/ubuntu-server
>>> * * *More info: https://wiki.ubuntu.com/ServerTeam
>>>
>>>
>>>
>>>
>>
>>
>
>
--
ubuntu-server mailing list
ubuntu-server@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-server
More info: https://wiki.ubuntu.com/ServerTeam
--
Fábio Leitão
..-. .- -... .. --- *.-.. . .. - .- --- *...-.-
--
Fábio Leitão
..-. .- -... .. --- *.-.. . .. - .- --- *...-.-
--
ubuntu-server mailing list
ubuntu-server@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-server
More info: https://wiki.ubuntu.com/ServerTeam
block p2p traffic
