[gentoo-user] How to see network activity?

[gentoo-user] How to see network activity?

[Boris Sobolev]

Hi folks, 

I would like to see the network activoity going in an out of my box.
Any command to use for that?

Thanks.
Boris

-- 
gentoo-user@gentoo.org mailing list

Re: [gentoo-user] How to see network activity?

[Richard Fish]

On 8/9/06, Boris Sobolev <immunogene@gmail.com> wrote:
> Hi folks,
>
> I would like to see the network activoity going in an out of my box.
> Any command to use for that?

Do you mean a packet analyzer?  Then you want wireshark.

If you just want to see bandwidth, net-analyzer/nload, or any of the
dozens more like it, some with GUIs, some with web interfaces, in the
net-analyzer group.  Also most "desklet" applications like
superkaramba have some kind of network utilization widget.

-Richard
-- 
gentoo-user@gentoo.org mailing list

Re: [gentoo-user] How to see network activity?

[Richard Fish]

On 8/9/06, Boris Sobolev <immunogene@gmail.com> wrote:
> Hi folks,
>
> I would like to see the network activoity going in an out of my box.
> Any command to use for that?

Do you mean a packet analyzer?  Then you want wireshark.

If you just want to see bandwidth, net-analyzer/nload, or any of the
dozens more like it, some with GUIs, some with web interfaces, in the
net-analyzer group.  Also most "desklet" applications like
superkaramba have some kind of network utilization widget.

-Richard
-- 
gentoo-user@gentoo.org mailing list

Re: [gentoo-user] How to see network activity?

[Boris Sobolev]

I' m not sure if I need packet analyzer or another tool.
I can see network activity on my dsl modem led. Right
before I switched to Gentoo, my windows box has
died for a couple of days ( it had no firewall).
It was bunch of viruses, worms and god knows what
else. When I turned firewall, it blocked endless probes.
I suspect the same thing hapening now. Aside from
I need a firewall ( and I deliberatly do not install one,) 
how can I track an activities that generate that traffic?

Thanks. Boris

On 10:46 Wed 09 Aug     , Richard Fish wrote:
> On 8/9/06, Boris Sobolev <immunogene@gmail.com> wrote:
> >Hi folks,
> >
> >I would like to see the network activoity going in an out of my box.
> >Any command to use for that?
> 
> Do you mean a packet analyzer?  Then you want wireshark.
> 
> If you just want to see bandwidth, net-analyzer/nload, or any of the
> dozens more like it, some with GUIs, some with web interfaces, in the
> net-analyzer group.  Also most "desklet" applications like
> superkaramba have some kind of network utilization widget.
> 
> -Richard
> -- 
> gentoo-user@gentoo.org mailing list

-- 
gentoo-user@gentoo.org mailing list

Re: [gentoo-user] How to see network activity?

[Hans-Werner Hilse]

Hi,

On Wed, 9 Aug 2006 22:03:55 +0400
Boris Sobolev <immunogene@gmail.com> wrote:

> I' m not sure if I need packet analyzer or another tool.

A packet analyzer would be fine, I think. Although me as a CLI-junkie
would have suggested tcpdump instead of wireshark :-) Emerge tcpdump,
and as root do
$ tcpdump -vvni ppp0

> I can see network activity on my dsl modem led.

Oh, totally normal behaviour. There's a lot of noise on the 'net, you
know ;-) my modem's led blinks continously due to a lot of incoming
requests to ports like 135 (worms), 4xxx-6xxx (P2P)...

> Right before I switched to Gentoo, my windows box has
> died for a couple of days ( it had no firewall).
> It was bunch of viruses, worms and god knows what
> else. When I turned firewall, it blocked endless probes.
> I suspect the same thing hapening now. Aside from
> I need a firewall ( and I deliberatly do not install one,) 
> how can I track an activities that generate that traffic?

Rule #1: Not reliably on the machine itself. But above mentioned
'tcpdump' is a start. But if there's a rootkit on the machine, it is
free to censor its own traffic. (that's true for both Windows and Linux)

But why do you think you need a firewall? If you're not running
services with security holes, or use strange network protocols, you
should be somewhat safe. (that's just Linux :-) )

Well, I highly suggest to setup iptables, but it is very unlikely that
it caused harm to your system that you didn't set it up yet.

-hwh
-- 
gentoo-user@gentoo.org mailing list

Re: [gentoo-user] How to see network activity?

[Richard Fish]

On 8/9/06, Hans-Werner Hilse <hilse@web.de> wrote:
> A packet analyzer would be fine, I think. Although me as a CLI-junkie
> would have suggested tcpdump instead of wireshark :-) Emerge tcpdump,

wireshark works even for CLI-junkies...just run "tshark" :-)

-Richard
-- 
gentoo-user@gentoo.org mailing list

Re: [gentoo-user] How to see network activity?

[Richard Fish]

On 8/9/06, Boris Sobolev <immunogene@gmail.com> wrote:
> I suspect the same thing hapening now. Aside from
> I need a firewall ( and I deliberatly do not install one,)
> how can I track an activities that generate that traffic?

If you just want to log TCP connection attempts and UDP packets sent
to your machine, the iptables LOG target can do that.  Beware of
logging to much though, or your messages file will get enormous.

-Richard
-- 
gentoo-user@gentoo.org mailing list

Re: [gentoo-user] How to see network activity?

[Thomas Cort]

[-- Attachment #1: Type: text/plain, Size: 292 bytes --]

iptraf

On Wed, 9 Aug 2006 21:15:42 +0400
Boris Sobolev <immunogene@gmail.com> wrote:

> Hi folks, 
> 
> I would like to see the network activoity going in an out of my box.
> Any command to use for that?
> 
> Thanks.
> Boris
> 
> -- 
> gentoo-user@gentoo.org mailing list
> 

[-- Attachment #2: Type: application/pgp-signature, Size: 189 bytes --]

Re: [gentoo-user] How to see network activity?

[Uwe Thiem]

On 09 August 2006 18:15, Boris Sobolev wrote:
> Hi folks,
>
> I would like to see the network activoity going in an out of my box.
> Any command to use for that?

If you use KDE anyway try ksysguard.

Uwe

-- 
Mark Twain: I rather decline two drinks than a German adjective.
http://www.SysEx.com.na
-- 
gentoo-user@gentoo.org mailing list

Re: [gentoo-user] How to see network activity?

[Norman Rieß]

Boris Sobolev schrieb:
> Hi folks, 
>
> I would like to see the network activoity going in an out of my box.
> Any command to use for that?
>
> Thanks.
> Boris
>
>   
iftop
is nice to watch, what connetions are currently open an how many traffic 
they produce.
-- 
gentoo-user@gentoo.org mailing list

Re: [gentoo-user] How to see network activity?

[michael]

[-- Warning: decoded text below may be mangled, UTF-8 assumed --]
[-- Attachment #1: Type: TEXT/PLAIN; charset=X-UNKNOWN; format=flowed, Size: 1031 bytes --]

this has been a fascinating conversation. thanks boris for starting it.
i've tested almost everything that has been mentioned.

i often have to monitor my computers over slow text-only ssh sessions, so my
focus may be a bit different from others.

tcpdump (and ethereal/wireshark) of course can not be beat for looking inside
packets.

to see what connections are open and how much data they are transferring, in a
telnet/ssh situation i like bmon and iftop. i especially appreciate the
"graphical" feature of bmon.

in real graphical environments, i like etherape.

thanks to everyone who has contributed so much wisdom


On Thu, 10 Aug 2006, Norman Rieß wrote:

> Boris Sobolev schrieb:
>>  Hi folks, 
>>
>>  I would like to see the network activoity going in an out of my box.
>>  Any command to use for that?
>>
>>  Thanks.
>>  Boris
>>
>> 
> iftop
> is nice to watch, what connetions are currently open an how many traffic they 
> produce.
> -- 
> gentoo-user@gentoo.org mailing list
>
>
>

Re: [gentoo-user] How to see network activity?

[gentuxx]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

michael@michaelshiloh.com wrote:
> this has been a fascinating conversation. thanks boris for starting it.
> i've tested almost everything that has been mentioned.
>
> i often have to monitor my computers over slow text-only ssh
> sessions, so my
> focus may be a bit different from others.
>
> tcpdump (and ethereal/wireshark) of course can not be beat for
> looking inside
> packets.
>
> to see what connections are open and how much data they are
> transferring, in a
> telnet/ssh situation i like bmon and iftop. i especially appreciate the
> "graphical" feature of bmon.
>
> in real graphical environments, i like etherape.
>
> thanks to everyone who has contributed so much wisdom
>
>
> On Thu, 10 Aug 2006, Norman Rie? wrote:
>
>> Boris Sobolev schrieb:
>>>  Hi folks,
>>>  I would like to see the network activoity going in an out of my box.
>>>  Any command to use for that?
>>>
>>>  Thanks.
>>>  Boris
>>>
>>>
>> iftop
>> is nice to watch, what connetions are currently open an how many
>> traffic they produce.
>> --
>> gentoo-user@gentoo.org mailing list
>>
>>
>>
For the graphically challenged, or the CLI initiated, try bwm-ng.  I
initially came across it because of its mention on Richard Bejtlich's
blog.  And fortunately there was an ebuild for it in portage!  But
it's a pretty cool tool, nonetheless.

I too have tried a few of the different tools mentioned.  I have loved
etherape for quite some time (years).  Good to know that there's an
ebuild for it!  I had almost forgotten all about it until Michael
mentioned it.

- --
gentux
echo "hfouvyyAhnbjm/dpn" | perl -pe 's/(.)/chr(ord($1)-1)/ge'

gentux's gpg fingerprint ==> 5495 0388 67FF 0B89 1239  D840 4CF0 39E2
18D3 4A9E
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.5 (GNU/Linux)

iD8DBQFE2tJOTPA54hjTSp4RAqCfAKClqK/MDzkqduqB3w013rqs/dS0dwCfYxi/
zkuA233QSyU69ZDXuwmUE7w=
=o7Cc
-----END PGP SIGNATURE-----

-- 
gentoo-user@gentoo.org mailing list

Re: [gentoo-user] How to see network activity?

[michael]

On Wed, 9 Aug 2006, gentuxx wrote:

> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> michael@michaelshiloh.com wrote:
>> this has been a fascinating conversation. thanks boris for starting it.
>> i've tested almost everything that has been mentioned.
>>
>> i often have to monitor my computers over slow text-only ssh
>> sessions, so my
>> focus may be a bit different from others.
>>
>> tcpdump (and ethereal/wireshark) of course can not be beat for
>> looking inside
>> packets.
>>
>> to see what connections are open and how much data they are
>> transferring, in a
>> telnet/ssh situation i like bmon and iftop. i especially appreciate the
>> "graphical" feature of bmon.
>>
>> in real graphical environments, i like etherape.
>>
>> thanks to everyone who has contributed so much wisdom
>>
>>
>> On Thu, 10 Aug 2006, Norman Rie? wrote:
>>
>>> Boris Sobolev schrieb:
>>>>  Hi folks,
>>>>  I would like to see the network activoity going in an out of my box.
>>>>  Any command to use for that?
>>>>
>>>>  Thanks.
>>>>  Boris
>>>>
>>>>
>>> iftop
>>> is nice to watch, what connetions are currently open an how many
>>> traffic they produce.
>>> --
>>> gentoo-user@gentoo.org mailing list
>>>
>>>
>>>
> For the graphically challenged, or the CLI initiated, try bwm-ng.  I
> initially came across it because of its mention on Richard Bejtlich's
> blog.  And fortunately there was an ebuild for it in portage!  But
> it's a pretty cool tool, nonetheless.
>
> I too have tried a few of the different tools mentioned.  I have loved
> etherape for quite some time (years).  Good to know that there's an
> ebuild for it!  I had almost forgotten all about it until Michael
> mentioned it.
>
> - --
> gentux

another 2 great advantages of etherape:

1. looks cool

2. i think our brains can better process a lot of information as visual
patterns. i have to concentrate more to read all the fields in iftop or bmon,
but a quick glance at etherape gives me a very good sense of "it looks ok" or
"something seems wrong". etherape is one of those things i always like to
leave running, so my brain imprints on the patterns of normal behavior and i
can more rapidly spot something out of the ordinary. i try to teach this
principle to all my students: know what your system looks like normally, so
you can spot something out of the ordinary.
-- 
gentoo-user@gentoo.org mailing list

Re: [gentoo-user] How to see network activity?

[Thomas Harold]

Boris Sobolev wrote:
> Hi folks, 
> 
> I would like to see the network activity going in an out of my box.
> Any command to use for that?

I haven't seen "nettop" mentioned yet.  It's more of a traffic flow tool 
showing the bits/sec and packets/sec in a tree format.  Works in a 
terminal window (all text).
-- 
gentoo-user@gentoo.org mailing list