Packet sniffing

From Noah.org
Revision as of 19:20, 1 February 2007 by Root (talk | contribs)
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to navigationJump to search


Packet Sniffing

I had some bandwidth hogs. I had to find some tools to track usage.

pktstat

This is my favorite for quick views of the bandwidth. Information is compact and easy to read. Also show URL if a HTTP GET or POST request. 

 pktstat -i eth1 -n -t

interface: eth1
   bps    % desc                                                               
695.0k  22% tcp 207.46.13.28:80 <-> 66.93.78.242:1917
            └ GET /msdownload/update/v3-19990518/cabpool/windowsmedia-kb911564-
531.0k  17% tcp 207.46.13.28:80 <-> 66.93.78.242:1918
            └ GET /msdownload/update/v3-19990518/cabpool/windowsxp-kb923689-x86
181.2k   5% tcp 66.93.78.242:49175 <-> 87.117.201.178:7480
 86.6k   2% tcp 66.93.78.242:58282 <-> 69.80.212.131:22
 41.0k   1% tcp 66.93.78.242:2951 <-> 69.88.152.10:80
 32.7k   1% tcp 66.93.78.242:3143 <-> 69.88.152.10:80

iftop

Generates bar graphs showing bandwidth per connection. Show both origin and destination address, so heavy users can be identified.

iptraf

Useful for monitoring bandwidth per MAC address.

driftnet

This is mostly useless, but stupid fun. 

 http://www.ex-parrot.com/~chris/driftnet/
Retrieved from "https://www.noah.org/mediawiki-1.34.2/index.php?title=Packet_sniffing&oldid=1915"