3

I have seen a consistent spike in traffic over my network since Monday morning and I don't know where it's coming from!

I don't have netflow routers (like I would like), I have IPCop firewalls.

Is there any way that's built in to Linux that I can see where the packets are coming from/to? Like a built in packet capture?

If there's not, how do I go about finding where this traffic's coming from?

blsub6
  • 1,101
  • 6
  • 25
  • 44

3 Answers3

1

Get SSH access into the IPCop box and run iftop. This should give you a real time view of what's happening.

Niall Donegan
  • 3,859
  • 19
  • 17
  • 1
    I found the jerk that was using all my bandwidth and unplugged him! Thank you, I see myself using this much in the future :) – blsub6 Feb 25 '11 at 18:31
1

Moving forward I would recommend you looking into a piece of software called Argus. It generates flow data, similar to (net|j)flows, by watching either pcap files or a promiscuous network interface.

Scott Pack
  • 14,717
  • 10
  • 51
  • 83
0

Run tcpdump on your ipcop and you will see where the traffic is coming from and going to, IP addresses and ports.

rems
  • 2,240
  • 13
  • 11