Jul 112013

On server it’s useful to monitor, and collect, data about the use of your bandwidth, in the past I’ve wrote an article about “Monitor your bandwidth from the Linux shell” and I’ve also presented 4 useful tools that you can use to have a real time monitoring of the bandwidth:

IPTState : This software is a top-like interface to your netfilter connection-tracking table. Using iptstate you interactively watch where traffic crossing your netfilter/iptables firewall is going, sort by various criteria, limit the view by various criteria. But it doesn’t stop there: as of version 2.2.0 you can even delete states from the table!

pktstat displays a real-time list of active connections seen on a network interface, and how much bandwidth is being used. Partially decodes HTTP and FTP protocols to show what filename is being transferred. X11 application names are also shown.

NetHogs is a small ‘net top’ tool. Instead of breaking the traffic down per protocol or per subnet, like most tools do, it groups bandwidth by process. NetHogs does not rely on a special kernel module to be loaded. If there’s suddenly a lot of network traffic, you can fire up NetHogs and immediately see which PID is causing this. This makes it easy to indentify programs that have gone wild and are suddenly taking up your bandwidth.

IPTraf is a console-based network statistics utility for Linux. It gathers a variety of figures such as TCP connection packet and byte counts, interface statistics and activity indicators, TCP/UDP traffic breakdowns, and LAN station packet and byte counts.

They are all good I suggest to read my old articles to have a small introduction about them, today I want to show you vnstat, this small program has something more than the others, it can show real time statistics, but the feature that this small program shines it’s its ability to collect data over a long period of time.
Continue reading »

flattr this!

Mar 222012

This is an article of mine, first published on Wazi
You can read the first part here

In this article we’ll see how apply BPF filters to wireshark to show the details of an HTTP session, an e-mail session and how to monitor who is visiting a certain site from our local network.
Finally I will make a summary of the most useful filters to use with Wireshark.

Here’s another classic example – an HTTP session. As before, start Wireshark and start capturing the traffic from the interface that goes out. Today, most HTTP traffic is compressed to speed up the exchange of information, so by default Wireshark decompresses the body part of HTTP packets. You can click on Edit -> Preferences -> Protocols -> HTTP and verify that “Uncompress entity bodies” is checked.
Continue reading »

flattr this!