Yes, your linux box will work fine, and you can dump the traffic going through with ethereal or other software. Assuming you have private IPs, and one or a few public IP's, you would set the linux system to not only forward packets, but also masquearde them. If you wanted to have services available to the internet, you can use the portforwarding module (part of the experimental kernel code. Turn on the code maturity options: prompt for incomplete code, or something, in the first option in your kernel compilation: make menuconfig. Or just put in config_experimental=y in the kernel config file With that said, and your system up and running, how do you analyze traffic? dumping the network traffic on a well utilized t-1 won't tell you much. You'll be swamped with data. I'd suggest looking at some of these utilities. I'm sure there are many out there. I personally have not used any of these, but perhaps I will have some interest in messing with them: http://linux.davecentral.com/netmon.html IPTraf looks interesting. You can, just with netstat, see who's connected to what at any time. Use netstat -M to see masqueraded connections. IPTraf will do something similar, but will show you packets/sec, bytes/sec. It will also show based on services: web traffic/smtp/streaming video/chat, etc. Cory -----Original Message----- From: Garl R. Grigsby [mailto:[EMAIL PROTECTED]] Sent: Friday, January 19, 2001 3:55 PM To: eug-lug Subject: [EUG-LUG:386] Networking woes. I need some advise. I know that there is a lot of networking experience floating around this group, so I am hoping somebody can help me. My office currently has a T1 link to our main office. over the last couple of months the usage of this link has steadily increased to the point where we are running out of bandwidth, which is causing problems for several apps that need a full time connection to our main office. The problem is that nobody will admit to being the bandwidth hog. I have looked at using apps such as Ethereal and Sniffer Lan but all of our network is all run off of switches which, as I understand it, makes these devices almost useless. My idea is to build a dual nic'd linux box and connect it between our top level switch and our wan router. With this setup I should be able to see all of the network traffic that is traveling across the wan link, right? Now for my questions. Will this setup work? What will I have to setup to forward the traffic from one nic to the other, and still have ethereal see the traffic. Also how much of a machine will I need for this? Currently I am looking at using a Pentium Pro 200 with 128 MB of ram. Does anybody know of a package that would generate a html page of the T1 usage? Has anybody done this before? Thanks all, Garl -- ============================================================================ = Garl R. Grigsby Senior Customer Applications Engineering - Analysis Team ---------------------------------------------------------------------------- - Structural Dynamics Research Corporation Phone: (800)242-7372 TAO Americas Support Center FAX: (541)342-8277 1750 Willow Creek Circle Email: [EMAIL PROTECTED] Eugene, OR 97402 Internet: http://www.sdrc.com ============================================================================ = -FEA makes a good engineer great, and a poor engineer dangerous- ============================================================================ = PGP ID: 0xF2D845E7 PGP Fingerprint: 9C40 CB5E 1C51 CF58 E3F9 3F2C 8F1F F3EF F2D8 45E7 ============================================================================ =
