Linux Tools for Internet Monitoring?

David Bandel david.bandel
Thu Jun 14 04:22:09 PDT 2007 

On 6/14/07, Kirk <kingvold at gmail.com> wrote:
>
> I have recently put together an Ubuntu (full installation as available
> online) machine that I have tested and is working.  I have never gotten much
> past the novice stage with Linux but am competent.  Having said that, I am
> responsible for an Internet network in three buildings (approx 150 users)
> and the gateway modem to a VSAT system (1MB uplink/downlink, not shared).  I

Very little bandwidth for 150 users.

> am not surprised as we have continued to increase bandwidth that it gets
> sucked up.  I am of the opinion that the nature of Internet behavior and
> design of websites which include lots of graphics is as much to blame for
> slow Internet performance as weather conditions or other unknowns that can
> affect VSAT systems.  My request for advice has to do with what tools are
> available, if any, on Linux that will allow me to monitor network behavior.
> Can I tell if one machine is dominating bandwidth utilization on YouTube,
> operating Skype or downloading movies/music/porno/whatever?  Can I tell if
> one of my machines has been co-opted by malicious code and sending out SPAM
> or anything else?  The VSAT Internet provider will send me very generic
> graphs on usage but nothing of value.  I would like to be able to respond
> with more information at hand when I get constant complaints about "the
> crappy Internet."  If I know that something else is going on, I can pinpoint
> my efforts at improving how we utilize the bandwidth that is available.
>
> I'll take all suggestions and would be happy to contact anyone offline for a
> more specific conversation.  Thanks.

I would start by putting on a utility call tcptrack.  I use this when
I see my MRTG graph get near saturation on any of my 2Mb frame relays
(I have several).  You can quickly identify who your problem children
are, but it requires a knowledge of tcpdump and its syntax.

The only way to really help the situation, though, is to set up a
machine that monitors and clamps "abusive" traffic (or with a lot of
normal traffic, prioritizes interactive traffic) automagically.  If
you are very experienced with Linux, you can do this yourself,
otherwise I suggest looking at something like the "Bandwidth
Arbitrator".

The problem is only going to get worse, not better.

Ciao,

David A. Bandel
-- 
Focus on the dream, not the competition.
            - Nemesis Air Racing Team motto

More information about the Linux-users mailing list