[nSLUG] Linux nat router and finding the bandwidth hog

francis picabia fpicabia at gmail.com
Tue Apr 22 09:41:14 ADT 2014


On Eastlink and using a Linux box as the router,
with some iptables for port forwarding and nat.

When someone in the house is using up excessive
bandwidth, I'd like to know what it is.

I've looked at some tools I can run on the router.

nload will make a live ascii graph on eth0 or eth1.
That shows the sum. Now how to see where the
bulk is heading?

lsof -Pni is a command I often use to see connections to services, but it
doesn't show nat traffic.

There is netstat-nat, which is interesting but I don't understand
what it is reporting.  For example, after a Windows system is powered
off, netstat-nat is still reporting connections established.

There is ntop, which would seem to be a solution, but I'm yet to find
a succinct view in there to reveal what service and IP is using
up the bandwidth.

There is also wireshark, which is always useful if you already know what
you want to filter for, but I don't know of a recipe for finding the
bandwidth
hog.

Ideally, I'd like something as quick and simple as ncdu,
but for a Linux router with nat.  If that isn't possible with
one command, then a series of checks in wireshark, ntop,
or something similar would be good.  I'd like it to show
which internal IP and type of traffic is using up most of
the bandwidth.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://nslug.ns.ca/pipermail/nslug/attachments/20140422/bd68a5a4/attachment.html>


More information about the nSLUG mailing list