Bandwidth Accounting With Unix? 17
LegoB writes: "I am a student at a small, under-connected college. Despite our bandwidth woes, the administration is hesitant at buying a larger pipe, feeling that our current connection is being overly taxed by things like Napster, streaming media, and other non-educational (and non-constructive) traffic. Rather than have them start limiting certain applications, I would like to propose another alternative: bandwidth accounting. I'm hoping to find that Unix, in addition to being used as a router, can also be used as a bandwdith meter. What software packages do I need to track bandwidth by time, IP, and hopefully MAC address without massive kernel hacking?"
IPaudit is nice (Score:4)
A link to the Freshmeat page is here [freshmeat.net]. I scoured Freshmeat for a userspace/rootspace solution for a bandwidth meter and IPAudit was the best because of it's simplicity. I personally prefer piping data into a perl program to parse the data than to let it become "Someone Else's Problem". The overhead is low and a parsing script isn't that hard to work out, the one I use (actually it's a suite of 2 programs) took 2 days to code and another week to tweak the filtering rules.
I also made a cute little web interface for the higher ups (computer illiterate) to browse through the user's usage - and it wasn't that hard to make. Oh, I don't release it 'cause it's a mess, one day I'll document it and release it, until then - sorry...
Google (Score:1)
Some more links:
http://www.aspfree.co m/a uthors/chrisk/monitorsunnyline.asp [aspfree.com]
Old Slashdot story on Packet shaping....
http://slashdot.org/asksl ash dot/99/07/06/1433234.shtml [slashdot.org]
The joys of a search engine...
Malk-a-mite
On a side note (Score:3)
Give up the idea of bandwidth accounting--you'll just give numbers to the fears.
Now hiring experienced client- & server-side developers
IPMeter (Score:2)
i've used ipac (Score:1)
at a former employeer we replaced a firewall appliance w/ a linux box in one of those cute mini cases (not rackmountable though) and set up ipac to gather stats every so often, and another box to periodically get those and graph them.... it mysteriously stopped working since i last checked, but it was working fine before hand, i probably screwed up something or other.
toast
When Linux 2.4 comes out... (Score:1)
You can also use the logging module to log particular firewall/NAT ruels to gain more detailed info.
For more info check out the netfilter home page [kernelnotes.org].
Linux 2.2 does this, but not as nicely and without the logging functionality.
IPac works great for me (Score:1)
Re:When Linux 2.4 comes out... (Score:1)
"Linux 2.2 comes with everything to manage bandwidth in ways comparable to high-end dedicated bandwidth management systems."
Cisco, ipacct and device cloning (Score:3)
If you have a spare PC that can have Linux installed and be connected to the ethernet segment serving your Internet access router, something like ipaudit may be enough. It can monitor TCP/UDP ports, which you can't do with ipac.
If you have an ethernet switch serving the access router (quite likely), you will need to set up the switch to 'span' or 'mirror' the port serving the router to another port (serving your monitoring box). This just replicates (broadcasts) the traffic seen in and outbound on the access router's switch port, into the monitoring port.
Alternatively you could put a hub between the switch and the router, but your network manager is unlikely to be happy about this.
Commercial tools to do this are astonishingly expensive, by the way - there are things called RMON2 probes that do more or less what ipacct does, but with more features and SNMP-accessible MIBs for the results. Bandwidth management boxes such as Packeteer do something similar, but these are also quite expensive.
If any entrepreneur out there feels like doing embedded Linux or BSD boxes that monitor and maybe shape traffic (Linux's queuing features in 2.2 or later are very comprehensive), you would have quite a market. Even more so if you worked on cish (an open source emulation of the Cisco command line interface) so that standard QoS management tools could configure your box just like a Cisco router. Another useful standard to look at is RTFM (real-time traffic flow management) from the IETF, implemented by Netramet, which is supported by ipmeter.
Of course, I have an ulterior motive
Some useful links:
- cish - http://freshmeat.net/projects/cish/
- IPaudit - http://freshmeat.net/projects/ipaudit/
- IPmeter - http://www.ipmeter.com/
- NetraMet - http://www.auckland.ac.nz/net/NeTraMet/
- RTFM and other tools - http://www.mathematik.uni-stuttgart.de/~floeff/sl
- RTFM home - http://www.auckland.ac.nz/net/Internet/rtfm/
Re:On a side note (Score:1)
What about RADIUS? (Score:1)
Cistron and Livingston
Shawn
Re:On a side note (Score:2)
You're saying, "Look. I use it for stuff I want and I'll pay for the privilege." That's commendable.
But it is also a sure way to become persona non grata with the other students!
Now hiring experienced client- & server-side developers
Re:What about RADIUS? (Score:2)
RADIUS has no bandwidth monitoring functionality in it whatsoever.
Put the pretty little buzzwords down and step away from the keyboard.
Packeteer (Score:1)
http://www.packeteer.com [packeteer.com]
NTOP and MRTG (Score:1)
NTOP stands for Network TOP and displays usage broken down by machine and protocol. I have successfully implemented this on RedHat 5.1 running on a 486 with 6 meg of RAM and a 500 meg HDD. I install the NTOP servers between the LAN and the router, connected to a hub where they can look at the traffic. Check out http://www.ntop.org [ntop.org] for screenshots, etc.
MRTG is the Multi-Router Traffic Grapher. MRTG interrogates devices such as routers, switches and servers by using SNMP, and displays the results for a day, week, month and year on a webpage. For MRTG you need a slightly more meaty machine - I'm currently monitoring 12 sites every five minutes, using a P133 with 32M of RAM and a 1Gig HDD. (Mandrake 6.1 for this one). Site for this one is http://ee-staff.ethz.ch
I don't know if the above will be of any use - I think you'll have more luck with MRTG.
Good luck!
Matt (matt_brunton@hotmail.com)
Re:NTOP and MRTG (Score:2)
MRTG is a nice tool, but limited by what SNMP/RMON2 MIBs are available in typical routers and switches - by far the majority of routers and most low to mid-end switches do not support RMON2, which is the only SNMP MIB that would let you monitor bandwidth by TCP/UDP port.
IPaudit or IPmeter are the best open source options I have found; IPaudit can just sniff the network like ntop.
Re:NTOP and MRTG (Score:1)
I think I will check out IPaudit; there are some failings in NTOP, admittedly (for example, you can't easily export data you've gathered).
Matt