0

How can I display all network traffic of all hosts in my network? I can use a linux box of choice, can set eth0 to promiscuous mode and my router has all major protocols. I want to be able to tell which host causes which traffic from a central point within seconds. My ISP bandwidth is very low and some clients tend to eat it all. I want to find them quickly.

I know there are several monitoring solutions. I tried some of them. But it's too much effort to setup. I'm looking for a command line tool or a linux GUI tool, also for use in networks, where I cannot setup servers, but have to do such simple diagnostics.

And yes, there already are some answers here on SE. But most of them are a bit outdated and do recommend tools, which aren't under active development anymore.

A desired output would be something like this, at least: 

23.23.23.23 <-- 192.168.1.20:443 - 0.12 MB/s
34.34.34.34 <-- 192.168.1.30:443 - 0.23 MB/s
192.168.1.10:587 --> 12.12.12.12 - 23.45 MB/s
192.168.1.40:80 --> 45.45.45.45 - 0.34 MB/s
...

So one can tell that 192.168.1.10 is eating most of the bandwidth at the moment.

awado
  • 133
  • 8
  • tcpdump? wireshark? – Olaf Dietsche Mar 02 '19 at 13:31
  • Maybe this question https://serverfault.com/q/3326/141697 and this answer https://serverfault.com/a/3335/141697 does help. – Olaf Dietsche Mar 02 '19 at 13:38
  • Ask your router. – Michael Hampton Mar 02 '19 at 13:57
  • Yes, sure. I will have to ask my router. But: How? That's why I asked here on SE. I already used tcpdump and wireshark to analyze packets. But I could not find a simple way to get an useful display of current connections. – awado Mar 02 '19 at 15:28
  • @awado it depends entirely on the router. Many routers have `tcpdump` and would then allow you to display all network traffic. You would have to be a bit more specific in what "a useful display of current connections" means – Torin Mar 02 '19 at 16:11
  • @Torin: Please see my edit. Well, my router (and most of the others) doesn't have such commands like `tcpdump`. I wish it would have `conntrack`. So I have to do it from another host on its network via promiscuous mode, I guess. – awado Mar 03 '19 at 20:02

0 Answers0