Re: Bootp request

From: David Correa (tech@linux-tech.com)
Date: 01/25/02 

Date: Fri, 25 Jan 2002 12:30:03 -0800 (PST)
From: David Correa <tech@linux-tech.com>
To: security-discuss@linuxsecurity.com

Hi ya,

MRTG will not show individual service traffic.

http://www.stat.ee.ethz.ch/mrtg/rou-gw-switch-1-lp_127.0.0.12.html

I have never seen an SNMP MIB that counts port traffic. There are MIBs
that tell you if the port is on:
tcp.tcpConnTable.tcpConnEntry.tcpConnLocalPort.0.0.0.0.21.0.0.0.0.0 = 21
tcp.tcpConnTable.tcpConnEntry.tcpConnLocalPort.0.0.0.0.25.0.0.0.0.0 = 25
tcp.tcpConnTable.tcpConnEntry.tcpConnLocalPort.0.0.0.0.143.0.0.0.0.0 = 143

Traffic comes from the counters like
interfaces.ifTable.ifEntry.ifInUcastPkts.1 = Counter32: 353108

To look at the WWW traffic use stuff like analog and webalizer.
http://www.analog.cx/
http://www.mrunix.net/webalizer/

To look at the FTP transfer use /var/log/xferlog.

"Fri Jan 25 12:16:00 2002 1 onix.10.10.10.4 752615 \
    /home/tech/mystuff.tar.gz b _ o r tech ftp 0 * c "

"752615" bytes were the transfered.

To check the mail traffic use /var/log/maillog

"Jan 18 01:22:47 yunque qmail: \
  1011345767.988120 info msg 146520: bytes 3871 from \
  <owner@guess.edu> qp 31919 uid 502 "

"3871" bytes transfered

A simple PERL script can get/format all the information you need from
these logs.

Cheers,

> On Fri, 25 Jan 2002, bangieff wrote:
> Yep, mrtg/snmp is the answer I'd guess.
>
> - Martin
>
> > try mrtg
> >
> > Bangieff
> >
> > D writes:
> >
> > > Anyone know of something that will monitor bandwidth usage for an IP and
> > > give a basic stats page (Don't say ntop as its not really what i need)
> > >
> > > And split it down as in
> > >
> > > Mail 10 Gig
> > > WWW 2 Gig
> > > FTP 7 Gig

David Correa
http://www.linux-tech.com

------------------------------------------------------------------------
     To unsubscribe email security-discuss-request@linuxsecurity.com
         with "unsubscribe" in the subject of the message.