Excessive network traffic -

Bob Goodwin bobgoodwin at wildblue.net
Thu Nov 15 18:22:00 UTC 2007 

Tim wrote:
> On Sun, 2007-11-11 at 14:59 -0500, Bob Goodwin wrote:
>   
>> I have a system diagram you can view at:
>>
>> http://users.wildblue.net/bobgoodwin/sys071031.png
>>     
>
> Well, looking at your network, you could use MRTG with the 192.168.1.1
> device to measure the traffic going through your LAN (and for anything
> outside that managed to connect to it through your wireless networking).
> All your LAN traffic (including intruders) goes through it before making
> out to your microwave internet connection.
>
> I think you'd only need to try and directly measure the wildblue
> receiver if it was capable of wireless connections directly with someone
> else.  Is it wired to the dish, or does it use a wireless link between
> the receiver box and the dish?
>
> You could probably, also, use MRTG on the other wireless LAN
> switches/bridges, to see which ones are the busy ones.  Though that'd
> mean a plethora of different graphs.  If you wanted to trace out where
> the traffic was coming from, I think you'd want to log your 192.168.1.1
> device quite thoroughly, when run a logging analysis tool on it, rather
> than just a MRTG graph.
>
>   
Yes, I agree, I really don't want graphical information.  I was just 
curious to see mrtg work, unfortunately I haven't had any success with 
it and my problems with usage are demanding immediate attention!

"tcpdump" looks like it should produce the kind if information I need 
and it certainly cranks out a long list in short order but I haven't 
been able to find anything of significance [to me] in it?  Although it's 
being fed from the ethernet hub connected at the modem before the router 
most of what I see is dns inquiries from box10 [192.168.1.10] connected 
to it?

Linksys identifies the hub as "EFAH05W - EtherFast® 10/100 5-port 
Auto-Sensing Hub."  I'm not sure what it "auto-senses?" but I hope it is 
passing everything it sees at its input.

I also tried "iptraf" which collected data for a couple of days but 
showed something on the order of 20 mB received while Wildblue claimed I 
used a lot more.  See my notes below:

            11/12/2007 17:05:25 949 8626

            11/13/2007 03:17:39 1001 9072   +446 mB in 8 hours and 12
            minutes!


            Almost half a gigaByte download increase overnight, plus 52
            mB uploaded!

            The curious thing is that this does not agree with my
            measurements of data transferred at the ethernet connection
            at the Wildblue receiver over the last 58.43 hours?  I show
            show 18.3 mB incoming and 2.1 mB outgoing.  Am I only seeing
            traffic addressed to my computer?  I need to verify that
            part of my test setup.

This morning my activity has continued to go up despite our best efforts 
to control it.

           11/15/2007 12:20:13 1231 10177

Any suggestions as to how best to use tcpdump or iptraf would be 
appreciated.  I'm not even certain that my attempt to measure activity 
has not caused an increase?  I guess I'm really in over my head ...

Bob Goodwin

More information about the fedora-list mailing list