Categories

JavaScriptPHPHTMLCssPythonWordPressWeb developmentLinuxMySQLAndroidWindowsJavaC++ / C#LayoutReactUbuntuYiiDjangoProgramming1C-BitrixLaravelSystem administrationTelegramJSONDebianPostgreSQLIOSGoogleHtaccessWindows ServerGitMacOSGoogle ChromeCMSWooСommerceBootstrapNginxSQLUnityAPI
Make a leaderReport
A
A
Alexander2015-08-01 15:16:27
linux
Alexander, 2015-08-01 15:16:27

Find out which external IP receives the most traffic on the VPS?

Actually, how to find out which external IP goes to the most traffic on the VPS and preferably from which port.
Once or twice a month on a VPS (Linux, Debian 7) someone makes a very large (anomalous) outgoing traffic, I would like to know what IP this is happening from and what port it connects to.
In real time, there is no way to monitor the whole day with the same iptraf, I tried to write to them in the log - but I did not notice detailed traffic statistics there. We need a simple program that could write to the log, preferably in descending order of traffic for each IP.
Actually how to realize what you want?

Reply
Answer the question

Answer the question

In order to leave comments, you need to log in

3 answer(s)
Report
R
Ruslan Fedoseev, 2015-08-01
@martin74ua

you can run netflow directly on this server.
ipt_netflow module for iptables We
collect traffic with it, send it to the collector, it can be raised right there using flow-tools. Well, then a report through flow-report. The mana even has the example you need, as far as I remember.

Report
E
Ergil Osin, 2015-08-01
@Ernillew

iptraf-ng

Report
A
Alexander, 2015-08-01
@soperator

Tried this one too. Is it possible to write a full command to the log, so that the traffic for each IP is indicated there?
ran like this:
iptraf-ng -i eth0 -B -L /var/log/iptraf/traf.log
the output is:
Sat Aug 1 15:32:27 2015; ******** IP traffic monitor started ********
Sat Aug 1 15:32:27 2015; TCP; eth0; 176 bytes; from 192.168.1.1:1165 to 192.168.1.100:1935; first packet
Sat Aug 1 15:32:27 2015; TCP; eth0; 40 bytes; from 192.168.1.100:1935 to 192.168.1.1:1165; first packet
Sat Aug 1 15:32:32 2015; UDP; eth0; 71 bytes; from 192.168.1.10:62920 to 192.168.1.100:53
Sat Aug 1 15:32:32 2015; UDP; eth0; 71 bytes; from 192.168.1.100:53 to 192.168.1.10:62920
Sat Aug 1 15:32:40 2015; TCP; eth0; 64 bytes; from 192.168.1.17:60896 to 92.51.156.82:5938; first packet
Sat Aug 1 15:32:40 2015; TCP; eth0; 64 bytes; from 92.51.156.82:5938 to 192.168.1.17:60896; first packet
Sat Aug 1 15:32:41 2015; TCP; eth0; 46 bytes; from 192.168.1.17:56920 to 173.194.113.196:443; first packet
Sat Aug 1 15:32:41 2015; TCP; eth0; 52 bytes; from 173.194.113.196:443 to 192.168.1.17:56920; first packet
IP of the computer 192.168.1.100
At the time of the monitor, there was a lot of traffic from the address 192.168.1.100 to the address 192.168.1.1 and it can be seen if you run iptraf-ng graphically. In logs - it is not visible.

Similar questions
N
Nikita Reshetnyak2019-10-07 07:26:25
Why can't you hear the interlocutor in the absence of a tunnel between offices? 2Reply
M
medianoche2015-07-04 03:34:27
How to record tutoring? 8Reply
L
LexLoveG2019-12-11 04:38:10
How to edit .sav files? 3Reply
T
Tpy6okyp2016-08-22 18:10:34
How to combine 2-3 systems on one machine? 4Reply
O
Oleksandr Strykhotskyi2014-08-07 21:32:50
Why doesn't extensions.gnome.org see GNOME on the computer? 3Reply

Didn't find what you were looking for?

Ask your question

Ask a Question

731 491 924 answers to any question