Excessive network traffic -
Rick Stevens
rstevens at internap.com
Thu Nov 15 19:58:31 UTC 2007
On Thu, 2007-11-15 at 13:22 -0500, Bob Goodwin wrote:
> Tim wrote:
> > On Sun, 2007-11-11 at 14:59 -0500, Bob Goodwin wrote:
> >
> >> I have a system diagram you can view at:
> >>
> >> http://users.wildblue.net/bobgoodwin/sys071031.png
> >>
> >
> > Well, looking at your network, you could use MRTG with the 192.168.1.1
> > device to measure the traffic going through your LAN (and for anything
> > outside that managed to connect to it through your wireless networking).
> > All your LAN traffic (including intruders) goes through it before making
> > out to your microwave internet connection.
> >
> > I think you'd only need to try and directly measure the wildblue
> > receiver if it was capable of wireless connections directly with someone
> > else. Is it wired to the dish, or does it use a wireless link between
> > the receiver box and the dish?
> >
> > You could probably, also, use MRTG on the other wireless LAN
> > switches/bridges, to see which ones are the busy ones. Though that'd
> > mean a plethora of different graphs. If you wanted to trace out where
> > the traffic was coming from, I think you'd want to log your 192.168.1.1
> > device quite thoroughly, when run a logging analysis tool on it, rather
> > than just a MRTG graph.
> >
> >
> Yes, I agree, I really don't want graphical information. I was just
> curious to see mrtg work, unfortunately I haven't had any success with
> it and my problems with usage are demanding immediate attention!
>
> "tcpdump" looks like it should produce the kind if information I need
> and it certainly cranks out a long list in short order but I haven't
> been able to find anything of significance [to me] in it? Although it's
> being fed from the ethernet hub connected at the modem before the router
> most of what I see is dns inquiries from box10 [192.168.1.10] connected
> to it?
Try a filter on tcpdump like:
tcpdump ip and not net 192.168.1.0 mask 255.255.255.0
That will cause the system to dump any packets NOT destined for your
network.
> Linksys identifies the hub as "EFAH05W - EtherFast® 10/100 5-port
> Auto-Sensing Hub." I'm not sure what it "auto-senses?" but I hope it is
> passing everything it sees at its input.
It autosenses between 10Mbps and 100Mbps links.
>
> I also tried "iptraf" which collected data for a couple of days but
> showed something on the order of 20 mB received while Wildblue claimed I
> used a lot more. See my notes below:
>
> 11/12/2007 17:05:25 949 8626
>
> 11/13/2007 03:17:39 1001 9072 +446 mB in 8 hours and 12
> minutes!
>
>
> Almost half a gigaByte download increase overnight, plus 52
> mB uploaded!
>
> The curious thing is that this does not agree with my
> measurements of data transferred at the ethernet connection
> at the Wildblue receiver over the last 58.43 hours? I show
> show 18.3 mB incoming and 2.1 mB outgoing. Am I only seeing
> traffic addressed to my computer? I need to verify that
> part of my test setup.
>
> This morning my activity has continued to go up despite our best efforts
> to control it.
>
> 11/15/2007 12:20:13 1231 10177
>
> Any suggestions as to how best to use tcpdump or iptraf would be
> appreciated. I'm not even certain that my attempt to measure activity
> has not caused an increase? I guess I'm really in over my head ...
>
> Bob Goodwin
>
----------------------------------------------------------------------
- Rick Stevens, Principal Engineer rstevens at internap.com -
- CDN Systems, Internap, Inc. http://www.internap.com -
- -
- We have enough youth, how about a fountain of SMART? -
----------------------------------------------------------------------
More information about the fedora-list
mailing list