?
Solved

Linux & BandwidthD

Posted on 2010-11-22
9
Medium Priority
?
663 Views
Last Modified: 2012-05-10
Let me explain my network a little bit before coming to the problem.

I have a Windows Network with only one Linux machine running Red Hat Enterprise 5 and Squid 3.0 serving as a proxy server and gateway to the Internet. I have a Fiber Optic link terminated at a Cisco 1841. The router has a real IP and is connected to Linux box through a cross over cable. There is a second NIC on Linux box which has a local IP and is facing my local network. I am running PRTG on a Windows machine to monitor bandwidth coming from ISP by listening to router’s real IP. I am also running bandwidthD on Linux box to monitor bandwidth usage.

In this scenario, none of my local computer can bypass Linux box to access the Internet directly. Every one has to go through Linux. BandwidthD is recording every single computer’s access and puts it on its charts.

I have my own Mail Server running Mdaemon on a local IP. The NAT is done through IPTables on Linux.

Now the probem:
Many times our Internet becomes deadly slow. When we check PRTG, it shows that we are utilizing 100% of our available bandwidth while bandwidthD  doesn’t show any computer consuming that bandwidth. It’s a real mystry for me because I – technically – think that none of the computer can bypass the proxy server (or Linux- to be more precise). Then where in the world that bandwidth is going?

Another issue is that sometimes bandwidthD shows that either Mail Server or Proxy itself sends Gigs of data out. I am wondering is this a normal behaviour?

I am really feeling helpless at the moment  because I’m not familiar with packet sniffing etc and one of my friend says that it’s the only option to find out what’s going on. Please advise.
Thanks.

Imran
0
Comment
Question by:ikhanr74
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
9 Comments
 
LVL 4

Expert Comment

by:pablomorales
ID: 34188526
It could be that your email server is having to process a bunch of spam.

Try installing ntop on the Linux machine. Ntop will monitor the usage by protocol and IP address and tell you where the bandwidth is going.

Happy hunting.
0
 
LVL 9

Expert Comment

by:bz43
ID: 34190579
I don't have an answer for you.  Only think if you're going to get into packet analysis here's a good way to start.  It's a book named "Practical Packet Analysis" at  http://nostarch.com/packet.htm

0
 

Author Comment

by:ikhanr74
ID: 34193624
Thanks a lot bz43.
I will look into it.

Imran
0
Percona Live Europe 2017 | Sep 25 - 27, 2017

The Percona Live Open Source Database Conference Europe 2017 is the premier event for the diverse and active European open source database community, as well as businesses that develop and use open source database software.

 

Author Comment

by:ikhanr74
ID: 34193631
Thank you pablomoralis for your suggestion.
I think there's some kind of software which is keeping bandwidthD from logging it's activity.

Thanks.

Imran
0
 
LVL 4

Expert Comment

by:pablomorales
ID: 34197064
Bandwidthd seems kind of limited to me. Try ntop it is able to give more specific information. Also It seems you are not the only person with a problem regarding regarding traffic counts:

http://sourceforge.net/projects/bandwidthd/forums/forum/308609/topic/3895818

I think that to do packet analysis is overkill. However you could use wireshark's statistics functions to validate your bandwidthd counts.

0
 

Author Comment

by:ikhanr74
ID: 34202474
Thank you guys. It's really helpful to have friends like you around.
I will install nTop as soon as I can and let you guys know the results.

Thanks once again for your help and support.

Imran
0
 
LVL 7

Expert Comment

by:stephenhoekstra
ID: 34211210
Use 'iftop' for a realtime diagnostic of what's passing through your interfaces.  You could need to add the RPMforge repo to install it.

I used bandwidthd for a while but found it was inaccurate and preferred vnstat.  Perhaps run the two in conjunction to make sure bandwidthd is giving the correct stats.  While vnstat doesn't show client usage, only totals, you shoudl be able to get totals through things such as proxy and mail logs unless you have a need for users to access the internet directly.


0
 

Accepted Solution

by:
ikhanr74 earned 0 total points
ID: 34256378
Thank you guys.
It's solved. I used IPTRAF and found out that my port 8080 was compromised. Somebody was using it from outside my network.
I used IPTables to block anything that's not on my network to use either Squid or Dansguardian.

Thank you all for your thoughts.

Imran
0
 

Author Closing Comment

by:ikhanr74
ID: 34289770
nTop as suggested by many experts, didn't work well.
My own search on the Internet and personal help from a friend led to IPTraf which worked better and helped me solve the problem.
0

Featured Post

Get MongoDB database support online, now!

At Percona’s web store you can order your MongoDB database support needs in minutes. No hassles, no fuss, just pick and click. Pay online with a credit card. Handle your MongoDB database support now!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Large and small networks have one same need, Service monitoring. Service monitoring consists of watch services of the several servers in the network. To monitor means that the administrator will receive an alert when a service is down or it's state …
Introduction Many times we come across a slowness or instability between two hosts, and almost always we blame the poor networking guys, just because they're an easy target.  Sometimes we forget that other factors including disk bottlenecks, CPU …
Here's a very brief overview of the methods PRTG Network Monitor (https://www.paessler.com/prtg) offers for monitoring bandwidth, to help you decide which methods you´d like to investigate in more detail.  The methods are covered in more detail in o…
How to Install VMware Tools in Red Hat Enterprise Linux 6.4 (RHEL 6.4) Step-by-Step Tutorial
Suggested Courses
Course of the Month8 days, 3 hours left to enroll

765 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question