Okey thanks for tcpdump. But got a problem. I cant seem to realy figure out what those lines mean? say these four (4) lines: 08:01:42.131982 IP 192.168.0.71.1054 > mail.parliament.gov.zm.squid: . ack 6755 win 65535 08:01:42.225114 IP 213.155.151.150.http > 192.168.0.183.3011: P 1:334(333) ack 170 win 5840 08:01:42.229863 IP 192.168.0.183.3011 > 213.155.151.150.http: F 170:170(0) ack 334 win 63907 08:01:42.229968 IP 213.155.151.150.http > 192.168.0.183.3011: F 334:334(0) ack 171 win 5840 Okey seen the date part, the IP address then looks like the port on which the connection is listening on is appended to the requesting IP address then the greater than???? confused from that point. Anything i can use to graph this information???? Teddy L. > > > >---- Original Message ---- >From: pablo@xxxxxxxxxxxxx >To: netfilter@xxxxxxxxxxxxxxxxxxx >Subject: RE: Someone is using too much bandwidth??? >Date: Tue, 21 Nov 2006 13:13:12 -0500 > >> >> >>> -----Original Message----- >>> From: netfilter-bounces@xxxxxxxxxxxxxxxxxxx >>> [mailto:netfilter-bounces@xxxxxxxxxxxxxxxxxxx] On Behalf Of lubasi >>> Sent: Tuesday, November 21, 2006 12:22 PM >>> To: netfilter@xxxxxxxxxxxxxxxxxxx >>> Subject: RE: Someone is using too much bandwidth??? >>> >>> Hello, >>> >>> Indeed its true, and i dont know what machine it is. >> >>You could setup an iptables rule to log all traffic or do what I >believe may >>be simpler: use tcpdump >> >>Let's say you have two NIC's on your machine: >> >> >> // Internet // - [eth0] - [gateway] - [eth1] - // Internal Network >>// >> >>You can run tcpdump on your Internet Network: >> >> tcpdump -i eth1 >> >>If you've ssh'd to your gateway machine from your Internal Network, >your >>host and ssh information will also be spewed. Probably not what you >want. >> >>A simple tweak will handle it: >> >> tcpdump -i eth1 not host your.IP.address.here >> >>The above should give you some quick answers. >> >>Cheers, >>--- >>Pablo Sanchez - Blueoak Database Engineering, Inc >>Ph: 819.459.1926 Toll free: 888.459.1926 >>Cell: 819.918.9731 Pgr: pablo_p@xxxxxxxxxxxxx >>Fax: 603.720.7723 (US) ------------------------------------------------------ Teddy L. Nyambe Open Source Zambia www.opensource.org.zm +260 97 760473 * Know that today is yesterday's future Be the change you want to see in the world * To Err is Human, but to really mess things up, you need a PC
