Ubuntu: Monitoring inbound and outbound internet traffic



Question:

Is there software I can install to enable me to monitor inbound and outbound internet traffic for security reasons?

I recently installed ubuntu and loving it because of speed and interface. I want to do what I can to make this the greatest OS I've ever worked with. Can you provide suggestions as to what I should install or do?


Solution:1

I personally use vnstat which works quite nicely as it just sits in the background. You can query it for hourly, daily, monthy stats and there's a nice web based frontend to it called jvnstat.

Here's some examples from my website:-

alan@bishop:~$ vnstat -m    eth0  /  monthly       month        rx      |     tx      |    total    |   avg. rate  ------------------------+-------------+-------------+---------------    Dec '09     10.05 GiB |   38.33 GiB |   48.38 GiB |  151.54 kbit/s    Jan '10     10.83 GiB |   50.71 GiB |   61.55 GiB |  192.76 kbit/s    Feb '10      8.18 GiB |   63.24 GiB |   71.42 GiB |  247.65 kbit/s    Mar '10     10.43 GiB |   93.92 GiB |  104.35 GiB |  326.83 kbit/s    Apr '10     12.56 GiB |   85.59 GiB |   98.15 GiB |  317.63 kbit/s    May '10     12.70 GiB |   94.37 GiB |  107.07 GiB |  335.35 kbit/s    Jun '10     17.02 GiB |   95.04 GiB |  112.06 GiB |  362.66 kbit/s    Jul '10     33.18 GiB |  177.08 GiB |  210.26 GiB |  658.52 kbit/s    Aug '10     25.52 GiB |   37.25 GiB |   62.77 GiB |  196.60 kbit/s    Sep '10     20.70 GiB |   55.09 GiB |   75.79 GiB |  245.29 kbit/s    Oct '10     16.96 GiB |   60.15 GiB |   77.12 GiB |  241.52 kbit/s    Nov '10     23.97 GiB |   72.45 GiB |   96.41 GiB |  502.29 kbit/s  ------------------------+-------------+-------------+---------------  estimated     38.58 GiB |  116.62 GiB |  155.20 GiB |    alan@bishop:~$ vnstat -h  eth0                                                                     15:16   ^                                                                  t   |                                                                  t   |                                                                  t   |                                                            t    rt   |      t                                                    rt    rt   |      t              t                                     rt    rt   |      t              t                                   t rt rt rt  t   |      t     t  t  t  t     t     t     t                 t rt rt rt  t   |     rt     t  t  t  t     t     t     t              t rt rt rt rt rt   |  rt rt rt rt rt rt rt r  rt rt rt r  rt r  r  r  r  rt rt rt rt rt rt  -+--------------------------------------------------------------------------->   |  16 17 18 19 20 21 22 23 00 01 02 03 04 05 06 07 08 09 10 11 12 13 14 15     h  rx (KiB)   tx (KiB)      h  rx (KiB)   tx (KiB)      h  rx (KiB)   tx (KiB)  16      37374      32892    00      28233      90548    08      29588      18472  17      55325     148496    01      27162      32413    09      44442      48771  18      37293      23266    02      23543      75628    10      60487     111111  19      28184      79542    03      26526       9882    11     143143     177348  20      27952      75414    04      28217      76025    12     108370     100327  21      28963      78342    05      26732       9255    13     173459     227965  22      29337     118592    06      26586      13474    14      48390     110247  23      27454      15529    07      26874      11389    15      10813       8882  

vnstat is in the repositories and takes just a moment to setup. There's a nice guide on the debian administration website:-

http://www.debian-administration.org/articles/330


Solution:2

Network analyser tools:


Solution:3

I suggest you to install iptraf commandline tool.


Solution:4

That is a question requiring a very nontrivial answer. The following tools could all be useful to deflect an attack:

nmap -A  netstat -lnptu  kill  the /proc filesystem   iptables  the sentry tools suite  

These tools give you a lot of control if you know how to use them and will require some good "hobby time" to learn.


Solution:5

If your only interessted in how much traffic there is (not its destination) you could use a commandline tool called bmon.


Solution:6

As far as your first question is concerned you can use wireshark network analyser to monitor traffic on your network interfaces. some tutorials are here

http://www.wireshark.org/docs/


Solution:7

Cacti

Cacti is a complete network graphing solution designed to harness the power of RRDTool's data storage and graphing functionality. Cacti provides a fast poller, advanced graph templating, multiple data acquisition methods, and user management features out of the box. All of this is wrapped in an intuitive, easy to use interface that makes sense for LAN-sized installations up to complex networks with hundreds of devices.

enter image description here

Installation:

sudo apt-get install cacti  

Click this to read about Cacti features


Solution:8

Bandwidthd

BandwidthD tracks usage of TCP/IP network subnets and builds html files with graphs to display utilization. Charts are built by individual IPs, and by default display utilization over 2 day, 8 day, 40 day, and 400 day periods. Furthermore, each ip address's utilization can be logged out at intervals of 3.3 minutes, 10 minutes, 1 hour or 12 hours in cdf format, or to a backend database server. HTTP, TCP, UDP, ICMP, VPN, and P2P traffic are color coded.

enter image description here

Download from here.

Read more about here


Solution:9

speedometer

If you need a live monitoring of the inbound and outbound traffic rate across a network interface you can try speedometer. I found this command-line based tool very user-friendly.

Install speedometer:

sudo apt-get install speedometer  

Use the -rx and -tx options to display bytes received and transmitted on network interface. For example, if your network interface card name is eth0 use the following command:

speedometer -rx eth0 -tx eth0  

A live graph like the one shown blow will be displayed in the terminal window. By default, the graph is updated every second. You can change update intervals if you wish.

enter image description here

For more information read the man pages using man speedometer after installing.


Note:If u also have question or solution just comment us below or mail us on toontricks1994@gmail.com
Previous
Next Post »