On Mon, 26 Mar 2012 10:47:10 +0530, J. wrote in message <20120326104710.2d336...@shiva.selfip.org>:
> > Hello, > > This is an office environment where client's PC are connected with a > hub ..really? A box that behaves like a properly set up coax wire? And therefore, _not_ a switch? > and that hub is connected with the gateway debian box. ...that you have checked out ok for rootkits? A skilfully set up rootkit might check Debian mirrors for which md5sums to feed you when you try run rootkit checks. _Etc._ > How can I monitor the bandwidth at the gateway server to check which sites are > eating maximum bandwidth. ..I'd set up 2 new boxes, one with 3 nics, 2 for the invisible bridge outside or inside your Debian gw box, and one for your laptop or monitoring-and-control box that you keep disconnected from your office clientele lan, you may want an "admin lan" secured from your office lan. ..if your gw box is clean, you probably have one or more hijacked wintendos doing spam to child porn or terrorism, so you wanna tell cops you trust, and get a lawyer. Your office workers are probably innocent because they are clueless, even if they are stupid enough to break some silly rule on "security." But, there _are_ some bad e.g. pedo networks that we all like to see in jail. ..I used my bridge boxes primarily as bandwidth throttles, "my lan" was an early wifi isp service and we were shot down by Telenor's drive on adsl modems with "wireless" lan's. ;o) > I have used iftop / ntop etc..... ..me 2. ;o) ..to collect ntop data, combine cron and wget on a log server box. > but still unable to get the proper report i.e. when I visit youtube or do a > torrent download from my own client box; I can't see the presence of > those connection through iftop / ntop. ..is why I doubt you have an hub and guess you have a switch. > Could anyone suggest a proper > tool for this ? Or am I missing the right technique needed for iftop > etc ? ..try an invisible bridge. ;o) > Thanks > > -- ..med vennlig hilsen = with Kind Regards from Arnt Karlsen ...with a number of polar bear hunters in his ancestry... Scenarios always come in sets of three: best case, worst case, and just in case. -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/20120327124818.2a134...@nb6.lan
