Ubuntu Servers :: How To Monitor LAN Web Traffic
May 24, 2010
I have a number of computers on a LAN. There are 3 laptops and 1 desktop, all running windows. I also have a Ubuntu server in the garage which servers up files to all those on the LAN. The server is not visible outside of the LAN for security reasons. Now, I want to track all traffic from any computer in my house that is coming and going in and out from the inter-tubes. I do not want to add this as a service to my current server as (a) it is behind the LAN and (b) I don't want to mess with security issues with that server.
I think I could set up a computer (an extra) which is between the modem and the router with two ethernet cards which would be able to monitor all traffic coming and going. This computer would, obviously, be exposed to all potential attacks as it wouldn't be behind the router's firewall. I'm not sure exactly how that would like or what software to use.
View 2 Replies
ADVERTISEMENT
Feb 3, 2010
What is the setup required in order for a 2 NIC machine to only forward traffic ?
I am planning to set up a machine between the LAN and Router like this:
LAN <--> machine <--> router <--> internet
This machine will only forward traffic. I will use it with ntop, squid, maybe snort
or maybe Untangle if I find it satisfactory.
Is my scenario fiable ?
I want to forward traffic, use ntop and squid on it.
View 2 Replies
View Related
Apr 27, 2010
We have something on our network that is reaking havoc with our content filter. I am trying to track it down, but so far I have been unsuccessful. We have approximately 500 devices in 100+ different locations spread across 9 states. Looking at each computer is not really feasible.
I need a machine that can sit in between our network and our internet connection and graphically monitor in real time and logs how much traffic each device is sending and receiving. It would need to sit inline so it has to have two nics and be able to pass traffic. The machine also needs to be transparent. Reconfiguration of our routers or workstations is not an option.
I have used ethereal and wireshark before. Ethereal may be a viable option, but wireshark seems to provide lots of information, but no practical way to make use of it. how to set up the box to be a transparent device on the network that will allow internet bound traffic to flow (freely)?
View 3 Replies
View Related
Jan 20, 2010
Does anyone knows of any open source proxy/web traffic monitoring application so I can run reports on users web browsing for Linux? Something equivalent to websense? but free I'm not really concern about blocking any traffic only running reports.
View 2 Replies
View Related
Jan 20, 2011
Is there an easy way to monitor network traffic? I want to make sure my kids are surfing safe...
View 5 Replies
View Related
Sep 27, 2010
what I want to achieve is just to be able to say to who ever is killing our relatively fast connect that they aren't the only person using the network. Everyone just says "I hardly download anything." which is obviously untruthful as normally I can download at 1.5 MB/s but now loading even google.com takes way too long (same with pinging and all other sites). Once I do this, I can determine whether or not I need to call my ISP and do the long 'on hold' dance and "have you tried rebooting the router" BS.
View 8 Replies
View Related
Jan 8, 2010
is it possible to see the router traffic using a remote system? can those packet headers b modified for marking purpose?
View 5 Replies
View Related
Dec 18, 2010
How will I monitor the traffic of tun0 ?
View 5 Replies
View Related
Sep 27, 2009
Recently I notice that when I'm connected to an vpn server (pptpd) and I'm using it as a default gateway my download and upload speed decreases almost to the half of the usual speed. I made a test using iptables in order to count how much GRE packets are generated (except the real traffic itself) in that way:
Code:
iptables -I INPUT -p gre -j ACCEPT
iptables -I OUTPUT -p gre -j ACCEPT
iptables -I FORWARD -s 172.16.10.101 -j ACCEPT
iptables -I FORWARD -d 172.16.10.101 -j ACCEPT
The first 2 rules match all GRE packets between the pptpd server and client, and the next rules - the traffic between the server and the client.
When I turn the counters to zero and begin to generate traffic (to browse, to download etc.) I see that the GRE packets are even more than these in the FORWARD chain.
So, my question is first of all is my test correct and is it true that so much gre traffic is being generated during the browsing (it becames clear that the traffic is double than if the pptpd wasn't used as a gateway) and if yes - can that traffic be reduced?
View 3 Replies
View Related
Mar 9, 2009
Is there a nice easy to use tool that displays (in KB/s) the internet traffic from every IP on a network?
Currently I'm using iptraf, but it's very hard to understand at times.
A little info on my network:
I'm using SNAT for internet sharing.
View 4 Replies
View Related
Dec 14, 2010
I have two Linux processes communicating via a nameless pipe. How can monitor the traffic in the pipe? How can I inject data into the pipe? I have root access and know the pipe inode.
View 2 Replies
View Related
Jan 22, 2010
I am on a slow Internet connection and it really makes me mad if something gets downloaded in background (like automatic update of any software) without my knowledge.
How can I monitor my network traffic sorted according to the "which binary file is using how much"? I can find the total transfer rate in "System Monitor" in Gnome, but what if I want to find for individual process. There are softwares like netmonitor in Windows, but how can I achieve that in UBUNTU LINUX.
GUI application will be nice, command line software will also be fine..
View 2 Replies
View Related
Mar 8, 2011
Ubuntu system monitor applet doesn't show internet traffic although my wireless is working just fine. I use a conky to monitor bandwidth through vnstat and had no problem till I upgraded to maverick.
**ifconfig
wlan0 Link encap:Ethernet HWaddr 00:24:d2:c4:3e:da
inet adr:192.168.0.100 Bcast:192.168.0.255 Masque:255.255.255.0
adr inet6: fe80::224:d2ff:fec4:3eda/64 Scope:Lien
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
[Code]...
View 1 Replies
View Related
Aug 23, 2009
I have a 2 machine LAN with both machines having an ethernet card and a wireless card. There is a Netgear router, both eth and WiFi, allowing both machines to access the internet.
On my Linux machine I am looking for some software that allows me to keep track of my broadband usage on that machine, excluding traffic between the two machines.
There are numerous such programmes for this in XP, which use Winpcap and a GUI frontend. The "other" machine on my LAN is XP and uses just such a program.
View 4 Replies
View Related
Apr 19, 2011
Is there a graphic tool that can monitor the traffic over a USB port?
ie like system monitor for network traffic but over a specific port?
View 1 Replies
View Related
Dec 26, 2008
Does anyone maybe know of a client app for Windows/Linux that polls the Linux (Ubuntu) Gateway and checks (in almost real-time) what the bandwidth usage is? Something like KInternet (which is SuSE only as far as I know) where you can see a graph showing how much kbps is sent and received per second.
View 11 Replies
View Related
Sep 14, 2010
I am connected to a network with free traffic inside it and post-paid outer traffic. So I need a way to be able to separately monitor the download traffic from inside and outside the network. All the solutions I`ve found for now offer monitoring of ALL up/down traffic.
So, I want to get separate statistics on these:
1 — 81.89.188.0/23, 217.197.9.0/24
2. — 81.89.186.0/23
3. — 81.89.178.0/23
4. — 81.89.176.0/23
5. — 81.89.180.0/24
9. — 217.197.12.0/24
[Code]...
UPD: I`m connected to the internet through the network`s gate, so all the traffic comes through eth0. I wish to separate traffic incoming from the IPs on top from all other traffic
View 9 Replies
View Related
Oct 29, 2009
is there a utility with which I can get the current traffice towards a given host, for example;
command 87.255.33.32
22000
View 1 Replies
View Related
Jul 28, 2011
I need a simple traffic monitor for Linux, that counts the traffic in a specific wireless network because I have volume restrictions on that one.I tried it using the following iptables rule:
[code]...
iptables -m mac -A INPUT -p all --mac-source <mac-address> ! -s 10.0.0.0/8
where <mac-address> is the router's one. 10.0.0.0/8 is the local subnet. What I actually want is something like --routed-through <mac-address>. Also, is there some way to gather iptables's statistics? Or is there maybe another tool that does what I want (reliable)?
View 3 Replies
View Related
Nov 8, 2010
I would like to be able to monitor which programs are allowed to access the internet, but a search for programs to do this has turned up nothing. Preferably, I would like a notification to come up every time an application uses the internet. Is there any (n00b friendly) software available to do that?
View 2 Replies
View Related
Jun 2, 2011
My kind isp had set up a authoratitive dns server that can't be cancelled that points to the wrong ip address. Hence I need to take all the traffic going into server A at the ip address aa.aa.aa.aa and send it all onto server B at ip address bb.bb.bb.bb. After much head scratching, I managed to achieve it as follows:- On the server at ip address A, set up following :-
iptables -t nat -A PREROUTING -d aa.aa.aa.aa -j DNAT --to bb.bb.bb.bb
iptables -t nat -A POSTROUTING -d bb.bb.bb.bb -j MASQUERADE
View 1 Replies
View Related
Aug 9, 2010
I know this has probably been solved multiple times, but I've searched the forum to no avail. I have a PPTP server setup properly with all ports forwarded correctly. A remote machine can connect and authenticate just fine. They get their IP assigned and everything.
The problem is that no traffic is being routed through the tunnel. Or, rather it is but the server doesn't seem to handle it. In a web browser I just get an error message. On a windows client I ran ipconfig and found a gateway address had not been assigned through the VPN tunnel. Could this be the problem? If so, how can I fix it?
View 1 Replies
View Related
Apr 8, 2011
my servers are configured with:Ubuntu 10.10 server 64bit;Lighttpd MySQL-Server I need to make graphs for traffic (bandwidth usage) and cpu load every month. I tried to configure mrtg but after 48h, it didn't produce graphs.(I can't install apache2)
[Code]...
View 6 Replies
View Related
Nov 20, 2010
I'm looking for a powerful network traffic monitor that can do all of the following (or at least a combination of tools that can do the following):
Tell me how much data was downloaded/uploaded on an interface this month and the previous month tell me how the traffic was used throughout the monthshow which internal IPs (IPs in the 192.168.1.0/24 network) used how much traffic show which ports/protocols on those IPs used all that traffic
Hhow LIVE traffic flow statistics that can tell me total speed of traffic going through an interface as well asshow which internal IPs (IPs in the 192.168.1.0/24 network) are using how much of the traffic show which ports/protocols on those IPs are using that traffic
This tool will run on a linux router through which all my internal PCs are connected to the Internet. This means the tool(s) need to work with NAT (traffic being forwarded and not necessarily destined for the interfaced being monitored).
The distribution being run doesn't have a package manager so any packages or dependencies have to be manually compiled and SCPed over file by file. For this reason, the tool/tools need to be simple (things like vnstat, not things like ntop that have their own web interface).
I know that vnstat can tell me the first bullet point so it's only there incase there's a tool out there that can do everything. If there's a tool that can only do the second or third bullet point, that's great too - I'll just keep using vnstat and look for something else to do the other task.
View 6 Replies
View Related
Mar 22, 2011
I am running Ubuntu Server 10.10. I have installed OpenVPN using this guide I have set up everything correctly as this guide says, but I am having problems with the config file. I want to securely route all traffic on the client to the server, how ever the server will not start. My config is below:
Quote:
#################################################
# Sample OpenVPN 2.0 config file for #
# multi-client server. #
# #
# This file is for the server side #
[Code]......
The servers ip is 10.0.0.65 and I want to assign the clients the ip range of 10.0.0.200 to 10.0.0.20 When I try to start the server I get the message Fail.
View 8 Replies
View Related
Jan 11, 2010
I'm using Ubuntu server 9.10 with 2 NICS (Internet-router-eth0, eth1-LAN). I use iptables to generate rules for 20 computers, but when I execute the script, ALL TRAFFIC DROPS, including the server. What am I doing wrong?
Code:
#!/bin/sh
#eth0 192.168.0.50 - connected to Internet
#eth1 192.168.1.51 - connected to LAN
#192.168.1.52 - workstation1
#set default policies
iptables -P INPUT DROP
[Code]...
iptables -A FORWARD -i eth1 -o eth0 -p tcp --dport 80 -s 192.168.1.52 -j ACCEPT. The reason I'm doing this is, I just want to open necessary ports in the server and restrict LAN usage.
View 2 Replies
View Related
Jan 29, 2010
I have a server on my router on the DMZ. All outside traffic goes to it. This server has Apache running and the domain mysite.com resolves to the the DMZ web server. I have a second server on the LAN that also has apache running. I want to set up another domain, myothersite.com to resolve to the second server on the LAN. Since the main server is on DMZ I have the DNS A records for myothersite.com pointing to the public IP that the DMZ is on.
How do I get myothersite.com to resolve to the second webserver on the LAN? What configuration do I need to do on my DMZ server so it routes traffic for myothersite.com to the other server on teh LAN? Do I use BIND DNS? If so please advise on how to set that up. BIND DNS seems confusing and I having trouble knowing how to configuring it. Is there another option besides BIND?
View 2 Replies
View Related
Mar 7, 2010
I want to know that how can i store network traffic in MySql Database. What i want to do is identify no of client requests hitting a server throughout the day...I have to store no. of request hitting a server in every 15 mins and insert that into database so that i can obtain a network traffic pattern.
I searched for a tool but cudn't find any that satisfy my requirements..
View 3 Replies
View Related
Feb 3, 2011
I have an Ubuntu VPS running 10.10 x86_64
This is what is in my /etc/network/interfaces right now.
Code:
auto eth0
iface eth0 inet static
address 67.202.x.x
gateway 67.202.x.1
netmask 255.255.255.0
auto lo
iface lo inet loopback
My server.conf
code....
I can get the VPN server running and everything connects fine from the client. I just don't know how to tunnel all the traffic through the VPS because it involves making the bridge which I'm having trouble with. What exactly am I supposed to put in /etc/network/interfaces?
View 1 Replies
View Related
Sep 2, 2010
I'm running ASSP on Ubuntu 10.04.1 it's mostly working fine. I have one problem which has been bugging me for some time. I don't want to filter outbound mail, but if I can relay (proxy) my outbound mail through ASSP, then it can automatically add to the whitelist.
As ASSP is a proxy, I need a server to send it to once ASSP receives it. I've tried my ISP, but this failed and they weren't willing to confirm if a connection attempt was received at their end.
Current setup
Inbound
mx -> router -> ASSP -> Exchange 2003
Outbound
Exchange 2003 -> mx
I'd like to setup outbound as either
Exchange 2003 -> ASSP -> <ISP> SMTP relay
Exchange 2003 -> ASSP -> <relay running on Ubuntu eg postfix>
Can anyone help me with troubleshooting steps or a better suggestion for how I can set this up. I'd love to know why my ISP setup didn't work, but I don't know a tool for monitoring IP traffic in Ubuntu SE, in windows I use Wireshark is there any equivalent I can setup for Ubuntu or a tool I can use in windows which will show all traffic, Ubuntu and windows server are on the same netgear switch, not sure it's smart enough to copy all traffic to another port for monitoring.
View 4 Replies
View Related
