[nSLUG] Linux nat router and finding the bandwidth hog

Chris R. Thompson chris.thompson at solutioninc.com
Tue Apr 22 15:07:03 ADT 2014

Hello All,

for starters, I specify the interface I want to watch by doing iftop -I ethX
you can get an actual proper graph within by doing shift-l which makes it a bit nicer.
the usage is such that the top offenders are at the top
filter them out by doing 'L' and pasting the ip address of said abuser

I'm not sure what type of traffic it is you are looking for, but if it's torrenting traffic you can go one step further as the user will have multiples of streams open, 

view them by (from in iftop) doing 't' in there

If this is the case you may want to impliment something like hash limiting in your packet filter to limit the total number of connections per minute allowed. 

as well it's important to state that tc is still helpful in this matter for control

as well iperf would allow you to properly configure your bandwidth by testing the actual throughput of the system so you can properly gage what is appropriate vs inappropriate as far as traffic and load alike. 

your conntrack tables would also become pretty well loaded if someone is abusing by torrent..

Best of Luck.

On 14-04-22 02:45 PM, francis picabia wrote:

	I like what I've seen in iftop  - it is a ncurses app appropriate
	for lightweight firewall install.  Interesting, but I'm not sure if
	I'm seeing all nat traffic on it.  It is great they can display a bar
	graph on throughput per connection and per direction
	at the same time.  Very concise and sorted, so it might
	point out the top consumer.
	nc is interesting, but only after I have some metric of what is excessive.
	Otherwise I could be giving too little bandwidth to something that needs it.
	On Tue, Apr 22, 2014 at 1:51 PM, Dave Flogeras <dflogeras2 at gmail.com> <mailto:dflogeras2 at gmail.com>  wrote:

		On Tue, Apr 22, 2014 at 9:57 AM, Dave Flogeras <dflogeras2 at gmail.com> <mailto:dflogeras2 at gmail.com> wrote:

			Two great text (ncurses) utilities I use regularly are iptop and more
			recently, iptraf-ng.  Hopefully your distro has them, but if not

		I apologize, the first one is 'iftop' not 'iptop'.  I always mix that up
		(and more so with ifconfig (linux) and ipconfig (win32))
		nSLUG mailing list
		nSLUG at nslug.ns.ca


	nSLUG mailing list
	nSLUG at nslug.ns.ca


Christopher Thompson | Client Care | SolutionInc Limited
Office: +1.902.420-0077 | Fax: +1.902.420.0233

Email: chris.thompson at solutioninc.com
Website: www.solutioninc.com <http://www.solutioninc.com/> 

SolutionInc Limited - Simplifying Internet Access

SolutionInc Limited - Simplifying Internet Access With operations in more than 45 countries worldwide, SolutionInc is an established global leader in 
Internet, centralized hotspot connectivity, billing and management solutions. SolutionInc provides software and services to the hospitality and 
telecommunications industries through its award-winning, patented technology software products: SolutionIP(tm) and SolutionIP(tm) Enterprise. 
Through 700,000+ touch points, SolutionIP(tm) allows people to easily and securely connect to the Internet from locations such as hotel rooms, convention
 centres, universities, restaurants and airports. Patent Information <http://www.solutioninc.com/patents/>  

If you have received this e-mail in error, please notify me immediately at 902 420 0077 or reply by e-mail to the sender and destroy the original communication.

 Thank you.

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://nslug.ns.ca/pipermail/nslug/attachments/20140422/d468b11f/attachment.html>

More information about the nSLUG mailing list