lubasi wrote:
How can i interprate the #tail -f /var/logs/messages to determin which machine is doing kazaa or any other P2P???consuming the bandwidth.
By default /var/log/messages will not record any thing about traffic that is passing through the system. You can add IPTables rules that will cause matched packets to be logged via Syslog which you can then see in /var/log/messages. However to get a better idea of what traffic is running on your network, consider TCPDump or a GUI front end like Etherial. This will give you a real time report of what traffic is flowing in to / out of / through your system (presuming you sniff the correct interface). You can tell from this, which computer is consuming more bandwidth than it should based on the frequency of the source / destination IP showing up in TCPDump's output. You could add rules to IPTables that match specific IPs in question and watch the hit counters to see which system(s) are incrementing their counters at an exceptional rate. One (or more) system(s) should jump out at you as being the culprit(s).
And how do i block these popular P2P???
First you need to find out more about the type of P2P traffic that you are experiencing so that you can more accurately filter it out / rate limit it. I will say that you may have better luck with rate limiting. If you completely block a users access to something they will find a different method to get to what they want to get to. If your users switch to something else you then have to learn about that too. Where as if you let your users use one system but control the amount of bandwidth consumed and / or the priority you may not play the above game nearly as often. My family has a saying, "Give 20% to get 80% of what you want.". Grant. . . .
