[PLUG] Quick And Dirty Network Profiling
Michael Rasmussen
mikeraz at patch.com
Tue Sep 7 13:26:01 UTC 2004
On Tue, Sep 07, 2004 at 01:11:42PM -0700, Jason Van Cleve wrote:
> To begin with, I'd like a quick and dirty network monitor by which I can
> see where all that bandwidth is going. A high-level, packets-per-port
> type thing will do, something I can run for a few days and then check
> the averages. Could just be that someone has found something they liked
> in one of my Web sites and told all their friends. . . .
If you're running iptables as a firewall on the box[1] you can set it up to
log traffic through the firewall, cron a save every few hours, and compare
iterations to see what rule is getting exercised.
pflogsumm is very good at summarizing postfix logs - it will identify top
senders and receivers by message and byte count.
Since you're running a web server (assuming apache) you can grab whatever
weblog summary tool and see what files (images?) are being downloaded.
Alternatively a little Perlfu for 200, success, messages and you can
extract what web stuff is the bulk of your outbound bytes.
> If I determine it is indeed my mail service, how might I determine how
> it's being abused?
Are you getting a lot of spam? If your bandwidth is measured both ways
you might be getting billed for the priviledge of spammers sending you
their stuff.
--
Michael Rasmussen, Portland Oregon
Be appropriate && Follow your curiosity
http://meme.patch.com/memes/BicycleRiding
Get Fixed: http://www.dampfixie.org
The fortune cookie says:
"You tweachewous miscweant!"
-- Elmer Fudd
More information about the PLUG
mailing list