Server Traffic Monitor

Stythys · 2009-01-20 02:09:28

At the moment I'm running ntop, and part of the summary shows a last-minute review of all the traffic going through various ports on the server. Is there a way with ntop, or another similar program, that keeps that information over longer periods of time?

fukawi2 · 2009-01-20 05:28:46

perhaps iptraf if you left it running...?

DonVla · 2009-01-20 10:21:05

Stythys wrote:

At the moment I'm running ntop, and part of the summary shows a last-minute review of all the traffic going through various ports on the server. Is there a way with ntop, or another similar program, that keeps that information over longer periods of time?

atop, but it's a daemon (http://www.atcomputing.nl/Tools/atop/whyatop.html)

joephantom · 2009-01-21 05:16:02

tcpdump, argus, tcpflow, tcpdstat, wireshark suite, etherape, etc. Most of those program aren't in pacman repositories or in AUR. I'm planning to start mantaining packages of security/networking. Possibly you will see soon enough some of those programs in AUR.

There are plenty of network monitoring programs. Each tool has it own purpose. ¿Why do you need to monitor network traffic? ¿What information do you need? With some more info, maybe, I can suggest you one program in particular.

Stythys · 2009-01-21 05:25:56

thanks joe...specifically, I want to track the usage of specific ports on a month-to-month basis. any ideas for that?

tomk · 2009-01-21 07:21:56

joephantom wrote:

tcpdump, argus, tcpflow, tcpdstat, wireshark suite, etherape, etc. Most of those program aren't in pacman repositories or in AUR.

For the record: tcpdump, wireshark and etherape are in extra, tcpflow is in community, and argus is in the AUR.

Stythys · 2009-01-27 08:38:55

so joe...what do you recommend? =P

Jeffers0n · 2009-01-27 23:24:05

Not sure if it does what you're looking for, but you might want to look at Nagios.

Stythys · 2009-02-03 19:31:04

alrighty, so I finally got something working. Basically I would use a program like tcpdump to capture stuff on a specific port, output it to a .pcap file, and download that to my comp and read it with wireshark. I tested this by monitoring ssh and sending an 18MB file over, and that's when I discovered a small problem. The .pcap file was 18MB as well =P. I assume it's capturing a lot of unnecessary data I don't need. Is there any way to filter this out and only keep the total amount of traffic that got transferred?

DonVla · 2009-02-04 10:33:52

@Stythys
once again: atop.
from the faq:
"
Disk and network activity per process
In combination with optional kernel patches it shows process-level counters concerning disk I/O and network activity.
"

Stythys · 2009-02-09 05:19:31

maybe I'm just being a noob but...

atop looks just like 'top', where it only displays the top processes, and you can't track specific ports, starting from different dates. As I said, I had a working system earlier, but it's just the file size is so large. Is there no way around that?

Arch Linux

#1 2009-01-20 02:09:28

Server Traffic Monitor

#2 2009-01-20 05:28:46

Re: Server Traffic Monitor

#3 2009-01-20 10:21:05

Re: Server Traffic Monitor

#4 2009-01-21 05:16:02

Re: Server Traffic Monitor

#5 2009-01-21 05:25:56

Re: Server Traffic Monitor

#6 2009-01-21 07:21:56

Re: Server Traffic Monitor

#7 2009-01-27 08:38:55

Re: Server Traffic Monitor

#8 2009-01-27 23:24:05

Re: Server Traffic Monitor

#9 2009-02-03 19:31:04

Re: Server Traffic Monitor

#10 2009-02-04 10:33:52

Re: Server Traffic Monitor

#11 2009-02-09 05:19:31

Re: Server Traffic Monitor

Board footer