Packet sniffing
From Noah.org
Jump to navigationJump to search
Packet Sniffing
I had some bandwidth hogs. I had to find some tools to track usage.
pktstat
This is my favorite for quick views of the bandwidth. Information is compact and easy to read. Also show URL if a HTTP GET or POST request.
pktstat -i eth1 -n -t
interface: eth1 bps % desc 695.0k 22% tcp 207.46.13.28:80 <-> 66.93.78.242:1917 └ GET /msdownload/update/v3-19990518/cabpool/windowsmedia-kb911564- 531.0k 17% tcp 207.46.13.28:80 <-> 66.93.78.242:1918 └ GET /msdownload/update/v3-19990518/cabpool/windowsxp-kb923689-x86 181.2k 5% tcp 66.93.78.242:49175 <-> 87.117.201.178:7480 86.6k 2% tcp 66.93.78.242:58282 <-> 69.80.212.131:22 41.0k 1% tcp 66.93.78.242:2951 <-> 69.88.152.10:80 32.7k 1% tcp 66.93.78.242:3143 <-> 69.88.152.10:80
iftop
Generates bar graphs showing bandwidth per connection. Show both origin and destination address, so heavy users can be identified.
iptraf
Useful for monitoring bandwidth per MAC address.
driftnet
This is mostly useless, but stupid fun.
http://www.ex-parrot.com/~chris/driftnet/