You are not logged in.
At the moment I'm running ntop, and part of the summary shows a last-minute review of all the traffic going through various ports on the server. Is there a way with ntop, or another similar program, that keeps that information over longer periods of time?
[home page] -- [code / configs]
"Once you go Arch, you must remain there for life or else Allan will track you down and break you."
-- Bregol
Offline
perhaps iptraf if you left it running...?
Are you familiar with our Forum Rules, and How To Ask Questions The Smart Way?
BlueHackers // fscanary // resticctl
Offline
At the moment I'm running ntop, and part of the summary shows a last-minute review of all the traffic going through various ports on the server. Is there a way with ntop, or another similar program, that keeps that information over longer periods of time?
atop, but it's a daemon (http://www.atcomputing.nl/Tools/atop/whyatop.html)
Offline
tcpdump, argus, tcpflow, tcpdstat, wireshark suite, etherape, etc. Most of those program aren't in pacman repositories or in AUR. I'm planning to start mantaining packages of security/networking. Possibly you will see soon enough some of those programs in AUR.
There are plenty of network monitoring programs. Each tool has it own purpose. ¿Why do you need to monitor network traffic? ¿What information do you need? With some more info, maybe, I can suggest you one program in particular.
By striving to do the impossible, man has always achieved what is possible. Those who have cautiously done no more than they believed possible have never taken a single step forward - Mikhail Bakunin
Offline
thanks joe...specifically, I want to track the usage of specific ports on a month-to-month basis. any ideas for that?
[home page] -- [code / configs]
"Once you go Arch, you must remain there for life or else Allan will track you down and break you."
-- Bregol
Offline
tcpdump, argus, tcpflow, tcpdstat, wireshark suite, etherape, etc. Most of those program aren't in pacman repositories or in AUR.
For the record: tcpdump, wireshark and etherape are in extra, tcpflow is in community, and argus is in the AUR.
Offline
so joe...what do you recommend? =P
[home page] -- [code / configs]
"Once you go Arch, you must remain there for life or else Allan will track you down and break you."
-- Bregol
Offline
Not sure if it does what you're looking for, but you might want to look at Nagios.
Offline
alrighty, so I finally got something working. Basically I would use a program like tcpdump to capture stuff on a specific port, output it to a .pcap file, and download that to my comp and read it with wireshark. I tested this by monitoring ssh and sending an 18MB file over, and that's when I discovered a small problem. The .pcap file was 18MB as well =P. I assume it's capturing a lot of unnecessary data I don't need. Is there any way to filter this out and only keep the total amount of traffic that got transferred?
[home page] -- [code / configs]
"Once you go Arch, you must remain there for life or else Allan will track you down and break you."
-- Bregol
Offline
@Stythys
once again: atop.
from the faq:
"
Disk and network activity per process
In combination with optional kernel patches it shows process-level counters concerning disk I/O and network activity.
"
Offline
maybe I'm just being a noob but...
atop looks just like 'top', where it only displays the top processes, and you can't track specific ports, starting from different dates. As I said, I had a working system earlier, but it's just the file size is so large. Is there no way around that?
[home page] -- [code / configs]
"Once you go Arch, you must remain there for life or else Allan will track you down and break you."
-- Bregol
Offline