On Thu, 2008-06-26 at 11:24 -0700, Gus Wirth wrote: > R P Herrold wrote: > > On Thu, 26 Jun 2008, Gus Wirth wrote: > > > >> I have a group of machines on a switch that are suffering from one or > >> more of them hogging the available bandwidth to the outside. I have > >> configured the switch to set up a monitoring port so I can grab all > >> the traffic going to/from the outside world. What I need now is some > >> way of analyzing the packet stream to figure out who is using the most > >> bandwidth and when. I know all the MAC addresses of the individual > >> machines so I can trace them that way. > > > > I think you are thinking too hard, unless it is intra-network traffic > > you are concerned about (unlikely as you mention 'outside'). > > I thought thinking was good? ;) > > > bandwidthd if you can hop up to the IP layer > > > > http://bandwidthd.sourceforge.net/ has done a nice job here -- trivial > > to build and configure > > This looks like exactly what I need. > > The reason I mention MAC addresses is because the machines on the > network use DHCP. I know that most of the time the DHCP lease mechanism > will reassign the same IP address to the requesting machine, but there > may be circumstances where it doesn't happen. There is also the (remote) > possibility that a particular machine may have more than one IP address. > > The bandwidthd program has the option to log to a database. Maybe a > small tweak will allow recording the MAC address also for data analysis > at a later time. > > Thanks, > > Gus > > If it's acceptable to dump huge amounts of data, then analyze them manually, wireshark does a good job - once you understand its filter syntax.
But if I understand what you're trying to do (which is hardly distinguishable from magic to me, as usual), you want to extract statistics in real time. Christoph -- [email protected] http://www.kernel-panic.org/cgi-bin/mailman/listinfo/kplug-list
