Networking :: Monitoring Traffic Between Interfaces?
Jun 28, 2011
I have a UBUNTU server 10.04 LTS with 3 network interfaces (eth0,1,2) with eth0 is connected to my lan and others connected to two different ISPs , I am looking for a very flexible and complete monitoring tool which can monitor all of the traffic of incoming and outgoing of any interface and SPECIALLY can show me which local client made connection to which interface for connecting to internet in online mode not offline and it is good to have online web base interface I mean the interface shows the measured data in real time mode. I fount some tools like iftop and iptraf and many others in this url: http://www.ubuntugeek.com/bandwidth-...for-linux.html but non of them are suitable for my net I mean none of them have good web real time data and non of them shows "which local client made connection to which interface for connecting to internet".
I have the following setup: Client A, having 2 network interfaces, eth0 and eth1, both with the IP address 192.168.1.1/32. Client B, also having 2 network interfaces, eth0 and eth1, with the IP addresses 192.168.1.2. The routing table on client A has one entry: 192.168.1.2 dev eth0 The routing table on client B has one entry: 192.168.1.2 dev eth1. Basically the idea is to send the upload traffic one one interface and the download traffic on the other interface. (Client B could serve as a gateway). However, with this setup, well... nothing works. The packets received by Client B are ignored. Does the linux kernel have anything against routing packets coming from an interface, although he thinks the source is on another interface?
I am manually capturing and injecting Ethernet traffic (using lib_net/lib_pcap libraries) for an application. At the moment , both capturing and injecting are done on the same physical interface (e.g. eth0). The problem is that all the traffic that I inject, are captured again by my application causing an unwanted feedback of injected traffic. This caused that I had to implement traffic filtering when capturing traffic, which is consuming resources and eventually will become too complicated to support.
I have tried using virtual interfaces to separate the capturing and injecting streams, but that also presented the same problem as all the traffic from eth0 is forwarded to both eth0:1 and eth0:2. If possible I would like both streams to go through 1 physical device, using more PDs will be the last resort. I am also looking at using TUN/TAP devices to try and separate the two streams, maybe writing a user-space program that lies between the physical device and the TUN/TAP devices to do the routing of traffic.
I've read up some of the posts on this forum, but can't seem to find an answer. I have a web service within an Apache Tomcat instance installed on a Redhat linux server. I only have shell access to the server, and need to monitor outbound network traffic from my web service. Is there a unix command that will allow me to monitor all outbound traffic? I'm thinking fiddler, but a unix version? I've heard of things like ntop and iptraf, but I don't think those will help me in this instance.
what rules I need to use to only allow traffic between 2 interfaces (which are part of a linux bridge) using ebtables?
So let's say I have if0, if1, if2. I want if1 to communicate with if0. I also want if2 to be able to communicate with if0. But I don't want if1 and if2 to communicate with each other.
I am using CentOS 5.4 and did a yum install of cacti. I installed all the necessay packages, like net-snmp, php net snmp and all that. Everything else works but I can't for the life figure out how to monitor traffic on eth0. I do not have any SNMP Interface Statistics or alike in either the Associated Graph Templates or Associated Data Queries.
Heres the output of "snmpwalk localhost -c public -v2c" , SNMPv2-MIB::sysDescr.0 = STRING: Linux xxx.xxxx.net 2.6.18-164.6.1.el5xen #1 SMP Tue Nov 3 17:53:47 EST 2009 i686 SNMPv2-MIB::sysObjectID.0 = OID: NET-SNMP-MIB::netSnmpAgentOIDs.10 DISMAN-EVENT-MIB::sysUpTimeInstance = Timeticks: (7515443) 20:52:34.43
[Code]...
I am trying to monitor the interfaces on the local computer only.
I have a service, which calls other services. I need to verify that my service is hitting the right end points of the other service, since the end points of the other dependent service are specified in configs, and are different for different stages - development vs production. Is there any tool which can tell me what end points are being contacted from my host?
my servers are configured with:Ubuntu 10.10 server 64bit;Lighttpd MySQL-Server I need to make graphs for traffic (bandwidth usage) and cpu load every month. I tried to configure mrtg but after 48h, it didn't produce graphs.(I can't install apache2)
Can you provide some form of monitoring on this server or recommend any server-side applications that could monitor the status, in high detail, including traffic, etc?
Is there a program that monitors and displays 'who' is on your wireless Internet signal that one may not be aware of? Like, the ability to see when someone that you don't know is accessing your locked wireless?
I want to know that squid in 5 min ago and 1 hour ago how much traffic transferred for monitoring purposes?? where can I get this info from running squid? of course I get I have to note that access.log is disabled for some reasons.
I have a laptop connected to internet via wlan0. I also have eth0 interface and with it I share internet. I want to modify/filter all the traffic passing by the first laptop, something like this:
I know that in FreeBSD it is possible to use ipfw for that purpose, because it build-in into kernel. We set for example rule Code: Select allipfw add divert 2000 ip from any to 1.0.1.1
and we can use our own application to process those packets, reinject them forward etc. It will work also fast, because as I said, it build into kernel.
Is there any standart Linux-based solution to do the same? I found some info about netmap-ipfw. Is this a correct solution? Or I have to use for example IP-aliases and iptables to do that?
I need to process all the IP-packets, not only TCP/UDP/etc-protocol. Solution also must be very fast.
I was reading a magazine article today which was a discussion of internet detective work for tracking down ip addresses which attempt an ssh login to your machine. I have never really paid much attention to network security since I only run a small home network. I have WPA encryption and a firewall on my router. But while reading this article, I remembered that I myself has seen log files in the past that inidicated someone somewhere had attempted to log into my machine (attempts all failed). This had happened a few times, but I never really considered it a threat.
But, the more I read about home computers becoming "zombies" for criminals, I guess I am getting a little paranoid in my old age, particularly since my wife does quite a bit of business on the net with credit cards. I have four computers connected to the net and each other on this network, and would like to be able to easily detect attempted log ins and deal with them quickly.
So my reason for posting is to ask if someone could recommend a novice-friendly application for monitoring traffic to check this intermittently. I have read bodhi.zazen's excellent tutorial on snort, but I it appears to be written for large lan's or web servers and is over-kill for a small home network.
There is a big problem with opensuse 11.4 and virtual interfaces.Until 11.2 outgoing traffic by default was sent by the eth0 address nevertheless which virtual interfaces did exist if any was used.Now there seems to be sent by the last interface listed with ifconfig.The outgoing address in this case will be 10.0.0.3.This is very problematic with smtp control etc.
I'm running ASSP on Ubuntu 10.04.1 it's mostly working fine. I have one problem which has been bugging me for some time. I don't want to filter outbound mail, but if I can relay (proxy) my outbound mail through ASSP, then it can automatically add to the whitelist.
As ASSP is a proxy, I need a server to send it to once ASSP receives it. I've tried my ISP, but this failed and they weren't willing to confirm if a connection attempt was received at their end.
Can anyone help me with troubleshooting steps or a better suggestion for how I can set this up. I'd love to know why my ISP setup didn't work, but I don't know a tool for monitoring IP traffic in Ubuntu SE, in windows I use Wireshark is there any equivalent I can setup for Ubuntu or a tool I can use in windows which will show all traffic, Ubuntu and windows server are on the same netgear switch, not sure it's smart enough to copy all traffic to another port for monitoring.
I have a weird issue that I have not seen on any forum. My jaunty on DELL studio laptop seems connected to net, but I can not access any network service (ssh, firefox etc.). But when I connect a cable the cable lights blink as it should be and in wireless connection my wifi light blinks.
It was working 2 days ago without problem, and I have not done big changes recently.I removed and reinstalled network-manager and network-manager-gnome. Nothing changed. I see a message in each restart as follows (when Openafs is starting). I can reproduce it with "/etc/init.d/openafs-client restart"
Code:
ADVISEADDR:error in specifying interfaces: no existing ip interfaces found
I have 3 Interfaces for a different LAN's and when I start one interface the another interfaces goes down.How can it's possible?I configure my ethernets as:
If I try to add a new interface (eth1) to /etc/network/interfaces, I get
Code: * Reconfiguring network interfaces... SIOCSIFADDR: No such device eth1: ERROR while getting interface flags: No such device SIOCSIFNETMASK: No such device
[Code]...
How do I add 2 interfaces and get anyone of them to work, as available ?
I need to set up my centOS computer as a firewall in my home network. Ive got 2 interfaces, eth0 and eth1. I want to allow and forward all traffic on eth0 and block all traffic on eth1 except ssh, ping(icmp) and DNS. How do I do this? Ive tried some editing in /etc/sysconfig/iptables but no luck.
I wanted to tell my server to block all traffic but US only traffic. So i followed this guide:[URL].. Now I know, it's the best way to help prevent hackers/crackers (doesn't matter to me what they are called. I just have to stop them). My server only deals with US clients anyways so might as well just start right there for my server's security before getting into the brute force and injection preventions. So I got it all done compiled everything moved to the proper directory. I then started to setup my iptables. Like so
Recently I notice that when I'm connected to an vpn server (pptpd) and I'm using it as a default gateway my download and upload speed decreases almost to the half of the usual speed. I made a test using iptables in order to count how much GRE packets are generated (except the real traffic itself) in that way:
Code: iptables -I INPUT -p gre -j ACCEPT iptables -I OUTPUT -p gre -j ACCEPT
iptables -I FORWARD -s 172.16.10.101 -j ACCEPT iptables -I FORWARD -d 172.16.10.101 -j ACCEPT The first 2 rules match all GRE packets between the pptpd server and client, and the next rules - the traffic between the server and the client.
When I turn the counters to zero and begin to generate traffic (to browse, to download etc.) I see that the GRE packets are even more than these in the FORWARD chain.
So, my question is first of all is my test correct and is it true that so much gre traffic is being generated during the browsing (it becames clear that the traffic is double than if the pptpd wasn't used as a gateway) and if yes - can that traffic be reduced?
I'm on an embedded system that doesn't have Gnome, and I'm trying to startup networking automatically using /etc/network/interfaces. Here's what I have.
[Code]....
eth0 comes up just fine. wlan0 comes up, but it's unable to acquire a DHCP address. I added the following lines to /etc/rc.local, and wlan0 comes up all the way, but I'm not too crazy about this hack.
We have something on our network that is reaking havoc with our content filter. I am trying to track it down, but so far I have been unsuccessful. We have approximately 500 devices in 100+ different locations spread across 9 states. Looking at each computer is not really feasible.
I need a machine that can sit in between our network and our internet connection and graphically monitor in real time and logs how much traffic each device is sending and receiving. It would need to sit inline so it has to have two nics and be able to pass traffic. The machine also needs to be transparent. Reconfiguration of our routers or workstations is not an option.
I have used ethereal and wireshark before. Ethereal may be a viable option, but wireshark seems to provide lots of information, but no practical way to make use of it. how to set up the box to be a transparent device on the network that will allow internet bound traffic to flow (freely)?
I'm testing some network setups, and bought two dirt-cheap USB network interfaces. My plan was to attach these two to an embedded device (sheevaplug) and mess with firewall setups. However, the two interfaces are absolutely identical; they have the same MAC, and lsusb -v is the same for both, line by line (except for device number, which tells the order the devices are plugged in, I believe?). Also, this is a single usb bus (single port, with a hub).
Now, obviously I can't make much of a firewall setup if I can't tell the interfaces apart. I realize I probably hit a brick wall, but does anyone have thoughts on this?
I am renting a VPS from[URL].They do not supply a webhosting panel for restarting/shutting down or for seeing monthly bandwidth consumtion. I am running CentOS 5.3. I was wondering if theres any programs that you can install to view monthly/daily bandwidth consumption on our server?
I have two interfaces, gprs0 and gprs1, both connected to the Internet from the same HW device, but through two different access points I just read another blog entry with a guy who had two network cards, using one as a back up - I guess this is a little similar, but should be much easier I am guessing - I am just lost Using ifconfig (IP address given by the network) and route to setup the connection,
ifconfig gprs0 10.20.30.40 up route add default dev gprs0 ping 66.102.7.99 works fine afterwards
[code]....
There is data being transmitted and received to device again, I guess the kernel just doesn't know where the incoming data should go without the correct routing tables? Or what exactly is going on?The question I have is how do I configure the device to do the correct routing, using only the ifconfig and route commands? Maybe too trivial for you guys, but I am getting tired of goofing around not knowing what is up and down anymore
I installed the latest release of Kubuntu on to my dell laptop about 3 days ago, I fell asleep last night and woke up to my laptop not being connected to my wireless(it was when I fell asleep, it didnt reboot or anything overnight an dno one touched it), so I plugged in an ethernet cable and it still did not detect an internet connection, then finally it connected through my phones mobile internet via Usb.
However none of the built in networking devices are working, I have them all enabled.My WLAN Interface says "Unmanaged" and Networking interface complains the cable is unplugged even when it is not.I know you guys will need some additional info from me to help me.I just used my mobile broadband to install Wicd network manager but thats just a temporary fix, as it doesnt fix my ethernet issue and I want to be able to use the network manager itself to manage my networks.
Im looking for a program to monitor the ammount of bandwidth usage per network. Ex: I have lots of networks connected to one server, and i would like to know for example how much is the average bandwitdh usage for network 172.16.2.0/24 and 172.16.5.0/24 for one hour, for example.
I am connected with LAN. We have many computers with different OS viz.linux, windows etc. Now I want to know the bandwidth every computer is getting and using. Is there any Ubuntu packages to monitor this?