sorry, the correct name is bandwidthd <br><br><div class="gmail_quote">2010/6/9 Fabio T. Leitao <span dir="ltr"><<a href="mailto:fabio.tleitao@gmail.com">fabio.tleitao@gmail.com</a>></span><br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex;">
I also know (and use in a customer firewall) bandwithd... it plots a decent web report of traffic per network, per IP, several protocols...<br><br><div class="gmail_quote">2010/6/8 Bill <span dir="ltr"><<a href="mailto:beau@billbeau.net" target="_blank">beau@billbeau.net</a>></span><div>
<div></div><div class="h5"><br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">I think mrtg is a little better. It graphs it out for ya so you can see<br>
where the peaks are. It is a fantastic tool to see in a quick glance<br>
what is going on with traffic and loads. If your working in say a data<br>
center where you need to monitor several routers you can graph each and<br>
every port. It was a great tool for DOS attacks we could see real quick<br>
where the trouble was.<br>
<div><div></div><div><br>
On 6/8/2010 11:32 AM, Jorge Armando Medina wrote:<br>
> Bill wrote:<br>
><br>
>> I also use snmp and mrtg. I like seeing how much traffic is coming<br>
>> through during the night.<br>
>><br>
>><br>
> vnstat is good for that, here a example:<br>
><br>
> # vnstat -i eth1 -d<br>
><br>
> eth1 / daily<br>
><br>
> day rx | tx | total<br>
> ------------------------+-------------+----------------------------------------<br>
> 10.05. 1.55 GB | 614.03 MB | 2.15 GB %%%%%%:::<br>
> 11.05. 1.95 GB | 830.82 MB | 2.76 GB %%%%%%%%::::<br>
> 12.05. 1.79 GB | 897.25 MB | 2.66 GB %%%%%%%%::::<br>
> 13.05. 1.75 GB | 885.00 MB | 2.61 GB %%%%%%%::::<br>
> 14.05. 2.31 GB | 845.42 MB | 3.14 GB %%%%%%%%%%::::<br>
> 15.05. 504.79 MB | 372.75 MB | 877.54 MB %%:<br>
> 16.05. 43.93 MB | 92.58 MB | 136.51 MB<br>
> 17.05. 1.35 GB | 746.94 MB | 2.08 GB %%%%%%:::<br>
> 18.05. 1.91 GB | 1.14 GB | 3.05 GB %%%%%%%%:::::<br>
> 19.05. 1.38 GB | 943.80 MB | 2.30 GB %%%%%%::::<br>
> 20.05. 1.29 GB | 852.66 MB | 2.12 GB %%%%%::::<br>
> 21.05. 1.40 GB | 729.03 MB | 2.11 GB %%%%%%:::<br>
> 22.05. 394.85 MB | 280.23 MB | 675.08 MB %%:<br>
> 23.05. 78.72 MB | 184.89 MB | 263.61 MB :<br>
> 24.05. 1.42 GB | 838.88 MB | 2.24 GB %%%%%%::::<br>
> 25.05. 1.50 GB | 871.23 MB | 2.35 GB %%%%%%::::<br>
> 26.05. 1.61 GB | 893.04 MB | 2.48 GB %%%%%%%::::<br>
> 27.05. 1.67 GB | 993.82 MB | 2.65 GB %%%%%%%%::::<br>
> 28.05. 1.57 GB | 1.71 GB | 3.29 GB %%%%%%%::::::::<br>
> 29.05. 718.45 MB | 360.40 MB | 1.05 GB %%%:<br>
> 30.05. 44.14 MB | 81.51 MB | 125.65 MB<br>
> 31.05. 1.04 GB | 775.54 MB | 1.80 GB %%%%%:::<br>
> 01.06. 1.15 GB | 642.65 MB | 1.78 GB %%%%%:::<br>
> 02.06. 1.56 GB | 1.12 GB | 2.68 GB %%%%%%%:::::<br>
> 03.06. 3.85 GB | 1.62 GB | 5.47 GB<br>
> %%%%%%%%%%%%%%%%%%:::::::<br>
> 04.06. 2.32 GB | 1.49 GB | 3.81 GB %%%%%%%%%%:::::::<br>
> 05.06. 876.30 MB | 449.40 MB | 1.29 GB %%%::<br>
> 06.06. 117.62 MB | 158.43 MB | 276.05 MB :<br>
> 07.06. 1.99 GB | 1.38 GB | 3.37 GB %%%%%%%%%::::::<br>
> 08.06. 981.30 MB | 712.62 MB | 1.65 GB %%%%:::<br>
> ------------------------+-------------+----------------------------------------<br>
> estimated 1.70 GB | 1.23 GB | 2.93 GB<br>
><br>
> Best regards.<br>
><br>
>> On 6/8/2010 8:52 AM, Eric Peters wrote:<br>
>><br>
>><br>
>>> I agree, proactively monitoring your network, makes for good practice,<br>
>>> and also peace of mind. Security through obscurity, and passive<br>
>>> reactionary monitoring is just asking for your network to be abused.<br>
>>> Here are just some tools that I use on a daily basis which<br>
>>> would easily detect p2p traffic and other abuses.<br>
>>><br>
>>> Ntop = /ntop/ is a network traffic probe that shows the network<br>
>>> usage, similar to what the popular top Unix command does, but prettier!<br>
>>> Snort = /Snort/ is a free and open source network intrusion<br>
>>> prevention system (NIPS) and network intrusion detection system (NIDS)<br>
>>> Snorby = Great front end for Snort, I'm currently working on a howto<br>
>>> for this under Ubuntu 10.4<br>
>>> ET Rules = Emerging Threats is an open source community project with<br>
>>> the fastest moving and most diverse Snort Signature set and firewall<br>
>>> rules available<br>
>>> Wireshark = /Wireshark/ is a network protocol analyzer<br>
>>> nmap = Security Scanner For Network Exploration& computer scanning<br>
>>><br>
>>> I'm curious as to what everyone else is using? Did I leave anything out?<br>
>>> What's your thoughts on this subject?<br>
>>><br>
>>><br>
>>> Cheers,<br>
>>> Eric<br>
>>><br>
>>><br>
>>> On Sat, Jun 5, 2010 at 5:53 PM, Michael Sanders<<a href="mailto:dsanders@jsu.edu" target="_blank">dsanders@jsu.edu</a><br>
>>> <mailto:<a href="mailto:dsanders@jsu.edu" target="_blank">dsanders@jsu.edu</a>>> wrote:<br>
>>><br>
>>> I second Paul that is the way to go, once one finds out they have<br>
>>> eyes on them, it "can" fix it's self. We had a problem with an<br>
>>> individual serving up files and the big bad record industry sent a<br>
>>> letter. That gave us the right to cut the user off. Once turned back<br>
>>> on behavior changed. You will get some flack on the front end but<br>
>>> over time a majority of the community will get in line.<br>
>>><br>
>>> Danny Michael Sanders<br>
>>> IT Support Analyst<br>
>>><br>
>>> ----- "Paul Graydon"<<a href="mailto:paul@paulgraydon.co.uk" target="_blank">paul@paulgraydon.co.uk</a><br>
>>> <mailto:<a href="mailto:paul@paulgraydon.co.uk" target="_blank">paul@paulgraydon.co.uk</a>>> wrote:<br>
>>> > That will help, but realistically you're going to have to block<br>
>>> every "high port" to stop P2P through that method.<br>
>>> ><br>
>>> > The only way to effectively block P2P is to do packet sniffing<br>
>>> and analysis.. and that's just one big hassle.<br>
>>> ><br>
>>> > My belief is this is usually the wrong way to tackle the problem,<br>
>>> looking for a technical solution to a human resource problem.<br>
>>> > User education (and LARTing if necessary) is the key. Using<br>
>>> software like Cacti to monitor and graph per-port traffic stats,<br>
>>> identify the largest bandwidth users and then focus on them and find<br>
>>> out just why they're using up so much bandwidth.<br>
>>> > It's remarkable just how soon the problem all goes away after you<br>
>>> find just one or two individuals who are abusing the network<br>
>>> infrastructure and explain to them what the disciplinary procedures<br>
>>> are (or enact if it's appropriate and you have concrete evidence.)<br>
>>> The message soon spreads!<br>
>>> ><br>
>>> > Paul<br>
>>> ><br>
>>> > On 06/04/2010 05:03 AM, Greyson Farias wrote:<br>
>>><br>
>>> Hello,<br>
>>> ><br>
>>> > You can use these iptables rules, because I don't like, don't<br>
>>> use and I don't wanna learn ufw. hehehehehe<br>
>>> ><br>
>>> > # Block P2P connections<br>
>>> > iptables -A FORWARD -p tcp --dport 1214:1215 -j DROP<br>
>>> > iptables -A FORWARD -p udp --dport 1214:1215 -j DROP<br>
>>> > iptables -A FORWARD -p tcp --dport 1981 -j DROP<br>
>>> > iptables -A FORWARD -p udp --dport 1981 -j DROP<br>
>>> > iptables -A FORWARD -p tcp --dport 2037 -j DROP<br>
>>> > iptables -A FORWARD -p udp --dport 2037 -j DROP<br>
>>> > iptables -A FORWARD -p tcp --dport 3501 -j DROP<br>
>>> > iptables -A FORWARD -p udp --dport 3501 -j DROP<br>
>>> > iptables -A FORWARD -p tcp --dport 3531 -j DROP<br>
>>> > iptables -A FORWARD -p udp --dport 3531 -j DROP<br>
>>> > iptables -A FORWARD -p tcp --dport 3587 -j DROP<br>
>>> > iptables -A FORWARD -p udp --dport 3587 -j DROP<br>
>>> > iptables -A FORWARD -p tcp --dport 3955 -j DROP<br>
>>> > iptables -A FORWARD -p udp --dport 3955 -j DROP<br>
>>> > iptables -A FORWARD -p tcp --dport 4242 -j DROP<br>
>>> > iptables -A FORWARD -p udp --dport 4242 -j DROP<br>
>>> > iptables -A FORWARD -p tcp --dport 4661:4672 -j DROP<br>
>>> > iptables -A FORWARD -p udp --dport 4661:4672 -j DROP<br>
>>> > iptables -A FORWARD -p tcp --dport 4688 -j DROP<br>
>>> > iptables -A FORWARD -p udp --dport 4688 -j DROP<br>
>>> > iptables -A FORWARD -p tcp --dport 5121 -j DROP<br>
>>> > iptables -A FORWARD -p udp --dport 5121 -j DROP<br>
>>> > iptables -A FORWARD -p tcp --dport 5662 -j DROP<br>
>>> > iptables -A FORWARD -p udp --dport 5662 -j DROP<br>
>>> > iptables -A FORWARD -p tcp --dport 6085:6086 -j DROP<br>
>>> > iptables -A FORWARD -p udp --dport 6085:6086 -j DROP<br>
>>> > iptables -A FORWARD -p tcp --dport 6346:6347 -j DROP<br>
>>> > iptables -A FORWARD -p udp --dport 6346:6347 -j DROP<br>
>>> > iptables -A FORWARD -p tcp --dport 6699 -j DROP<br>
>>> > iptables -A FORWARD -p udp --dport 6699 -j DROP<br>
>>> > iptables -A FORWARD -p udp --dport 6881:6889 -j DROP<br>
>>> > iptables -A FORWARD -p tcp --dport 6881:6889 -j DROP<br>
>>> > iptables -A FORWARD -p tcp --dport 8473 -j DROP<br>
>>> > iptables -A FORWARD -p udp --dport 8473 -j DROP<br>
>>> ><br>
>>> ><br>
>>> ><br>
>>> ><br>
>>> > 2010/6/4 Kaushal Shriyan<<a href="mailto:kaushalshriyan@gmail.com" target="_blank">kaushalshriyan@gmail.com</a><br>
>>> <mailto:<a href="mailto:kaushalshriyan@gmail.com" target="_blank">kaushalshriyan@gmail.com</a>>><br>
>>> ><br>
>>><br>
>>> Hi,<br>
>>> ><br>
>>> > is there a howto for blocking p2p traffic on ubuntu 10.04<br>
>>> server ?<br>
>>> ><br>
>>> > Thanks,<br>
>>> ><br>
>>> > Kaushal<br>
>>> ><br>
>>> > --<br>
>>> > ubuntu-server mailing list<br>
>>> > <a href="mailto:ubuntu-server@lists.ubuntu.com" target="_blank">ubuntu-server@lists.ubuntu.com</a><br>
>>> <mailto:<a href="mailto:ubuntu-server@lists.ubuntu.com" target="_blank">ubuntu-server@lists.ubuntu.com</a>><br>
>>> > <a href="https://lists.ubuntu.com/mailman/listinfo/ubuntu-server" target="_blank">https://lists.ubuntu.com/mailman/listinfo/ubuntu-server</a><br>
>>> > More info: <a href="https://wiki.ubuntu.com/ServerTeam" target="_blank">https://wiki.ubuntu.com/ServerTeam</a><br>
>>> ><br>
>>><br>
>>><br>
>>> ><br>
>>><br>
>>> > --<br>
>>> > Greyson Farias<br>
>>> > Técnico em Informática - CREA/AC 9329TD<br>
>>> > Ubuntu user<br>
>>> > Eu prefiro receber documentos em ODF.<br>
>>> > <a href="http://ubuntu.com/download/getubuntu" target="_blank">http://ubuntu.com/download/getubuntu</a><br>
>>> > Blog Ubuntu Acre: <a href="http://ubuntu-ac.org" target="_blank">http://ubuntu-ac.org</a><br>
>>> ><br>
>>><br>
>>><br>
>>> ><br>
>>> ><br>
>>><br>
>>> --<br>
>>> ubuntu-server mailing list<br>
>>> <a href="mailto:ubuntu-server@lists.ubuntu.com" target="_blank">ubuntu-server@lists.ubuntu.com</a><mailto:<a href="mailto:ubuntu-server@lists.ubuntu.com" target="_blank">ubuntu-server@lists.ubuntu.com</a>><br>
>>> <a href="https://lists.ubuntu.com/mailman/listinfo/ubuntu-server" target="_blank">https://lists.ubuntu.com/mailman/listinfo/ubuntu-server</a><br>
>>> More info: <a href="https://wiki.ubuntu.com/ServerTeam" target="_blank">https://wiki.ubuntu.com/ServerTeam</a><br>
>>><br>
>>><br>
>>><br>
>>><br>
>><br>
>><br>
><br>
><br>
<br>
--<br>
</div></div><div><div></div><div>ubuntu-server mailing list<br>
<a href="mailto:ubuntu-server@lists.ubuntu.com" target="_blank">ubuntu-server@lists.ubuntu.com</a><br>
<a href="https://lists.ubuntu.com/mailman/listinfo/ubuntu-server" target="_blank">https://lists.ubuntu.com/mailman/listinfo/ubuntu-server</a><br>
More info: <a href="https://wiki.ubuntu.com/ServerTeam" target="_blank">https://wiki.ubuntu.com/ServerTeam</a><br>
</div></div></blockquote></div></div></div><font color="#888888"><br><br clear="all"><br>-- <br>Fábio Leitão<br>..-. .- -... .. --- .-.. . .. - .- --- ...-.-<br><br>
</font></blockquote></div><br><br clear="all"><br>-- <br>Fábio Leitão<br>..-. .- -... .. --- .-.. . .. - .- --- ...-.-<br><br>