nixCraft
Linux / UNIX Tech Support Forum
Linux: Find Out Top Traffic Generating IP Address
This is a discussion on Linux: Find Out Top Traffic Generating IP Address within the Networking, Firewalls and Security forums, part of the Mastering Servers category; Hello, I have some unusual uploads on the server that last a few minutes but are at least double normal ...
|
Register free or login to your existing account and remove all advertisements. |
|
|||||||
| Networking, Firewalls and Security No it's not a secret. Talk about firewalls and security issues. |
 |
|
|
LinkBack | Thread Tools | Display Modes |
08-25-2008, 06:54 PM
|
|||
|
|||
Linux: Find Out Top Traffic Generating IP Address
Hello,
I have some unusual uploads on the server that last a few minutes but are at least double normal traffic, would like to track the ip that is doing the upload. I tried out: Code:
tcpdump -e -n -c 30000 -i eth0 >>/root/tcp_c.txt
cat /root/tcp_c.txt | awk '{print $10}'|sort|uniq -c|sort -nk 1
what should I filter to see only incoming trafic ? Last edited by nixcraft; 08-26-2008 at 12:04 AM. Reason: Typo and title fixed 
|
| Sponsored Links | ||
|
|
|
08-26-2008, 12:06 AM
|
||||
|
||||
|
Is this related to Web server or FTP server? Do you want information about whole network?
__________________
Rocky Jr.  What's wrong? I hope I am not making you uncomfortable...  Never send a boy to do a mans job. 
|
|
08-26-2008, 02:05 AM
|
|||
|
|||
|
sorry if I posted in wrong section but I consider this as bash commands, and sintax.
I want this in a web hosting server, this also includes an ftp server, and it is 1 machine receiving this trafic so not related to a whole network. the sintax I tryed is generating a top of encounterd ip`s but I don`t know if this is the best aproach, what I tryed only counts packets, I don`t know if it is correct. Regards,
|
|
08-26-2008, 02:27 AM
|
||||
|
||||
|
Here is the list of tools and commands:
Try netstat command: Get Detailed Information About Particular IP address Connections Using netstat Command You also need to use tool called ntop which is Webbased GUI tool: Redhat Enterprise Linux 5 / CentOS 5 monitor and track TCP connections on the network (eth0) tcptrack command displays the status of TCP connections that it sees on a given network interface: Redhat Enterprise Linux 5 / CentOS 5 monitor and track TCP connections on the network (eth0) You also need to use something called apachetop HTH
__________________
Rocky Jr. What's wrong? I hope I am not making you uncomfortable... Never send a boy to do a mans job.
|
|
08-26-2008, 01:12 PM
|
|||
|
|||
|
thanks for useful info I knew about some of them already, what I am interested in is to count incoming traffic on the server on port 80 from all ip`s like a top 10 for 2 minutes period.
|
|
Currently Active Users Viewing This Thread: 1 (0 members and 1 guests) |
|
| Thread Tools | |
| Display Modes | |
Linear Mode
|
|
|
||||
| Thread | Thread Starter | Forum | Replies | Last Post |
| Find Duplicate IP Address / Subnet with arping | dougp23 | Networking, Firewalls and Security | 2 | 08-03-2008 08:20 PM |
| Failure generating SSL Cert | satimis | Mail Servers | 0 | 02-22-2008 06:30 PM |
| A script for generating cPanel backup and send as email | vivekv | Shell scripting | 0 | 10-20-2007 09:28 PM |
| Grep ip address in Linux or UNIX | sweta | Getting started tutorials | 0 | 07-27-2007 07:47 AM |
| Howto change ip address in Linux | chiku | Networking, Firewalls and Security | 1 | 04-29-2007 05:51 PM |
All times are GMT +5.5. The time now is 01:02 PM.
