[unisog] Inbound traffiic from Internet

Peter Van Epp vanepp at sfu.ca
Wed Jun 14 21:11:31 GMT 2006


On Wed, Jun 14, 2006 at 03:08:13PM -0500, Velasquez Venegas Jaime Omar wrote:
> Hi there.
> 
>  
> 
> I've been analyzing inbound traffic from Internet to our lan since some
> portion of that traffic (specifically http traffic) seems to be causing
> a high rise on the percentage use of bandwidth.On the other
> hand,bandwith usage from our lan to Internet seems to be pretty low,
> around 20% of the incoming traffic explained above.
> 

	Don't know anything about nbar and do have a packeteer which keeps
most of the lid on. My link is %65/%44 in/out http at the moment with default
being next at 9/15% but link utilization is below %50 total so I'm not in
trouble. For the stuff that the packeteer doesn't yet know (something called
thunder in the P2P world currently) argus (http://www.qosient.com/argus)
and perl scripts (ftp.sfu.ca/pub/unix/argus/argus.traffic.perl.tar.gz) tell
me traffic level and destination distribution by IP. When someone (usually 
with a P2P program or compromised either of which can be picked out by eye
in the raw argus logs) starts getting up at the same traffic levels as the 
server they get asked why which seems to work (and may work for you as well)
or in the case of an obvious compromise get whacked off the network til 
cleaned up. 

Peter Van Epp / Operations and Technical Support 
Simon Fraser University, Burnaby, B.C. Canada


More information about the unisog mailing list