[unisog] Inbound traffiic from Internet

Michael Holstein michael.holstein at csuohio.edu
Wed Jun 14 21:17:34 GMT 2006

Football frenzy .. chalk it up to the world cup.

You'll need to do some sort of inspection to classify the traffic .. and 
while Packeteer is the gold standard for such things, there are a few 
freebies that do it well .. notably Linux Bandwidth Arbitrator (a 
commercial version is called NetEqualizer) :


Takes a bit of tweaking to get right, but works well and is free.


Michael Holstein CISSP GCIA
Cleveland State University

Velasquez Venegas Jaime Omar wrote:
> Hi there.
> I’ve been analyzing inbound traffic from Internet to our lan since some 
> portion of that traffic (specifically http traffic) seems to be causing 
> a high rise on the percentage use of bandwidth.On the other 
> hand,bandwith usage from our lan to Internet seems to be pretty low, 
> around 20% of the incoming traffic explained above.
> Several captures at peak times of the problematic traffic lead me to 
> conclude that it should be some way of streaming over http (i.e 
> youtube.com , yahoo broadcasts bcst.yahoo.com,winamp 
> playlists,etc..).Ethereal captures shows a number of “continuation or 
> non-http traffic” events which makes me conclude that.
> Given this, I tried one of the Cisco QoS solution which is Nbar and 
> applied to the wan interface at the inbound (that is from Internet to 
> our lan) but I’ve had no success with trying to “detect” this “streaming 
> over http” traffic in order to put a limit on it.
> Has anyone faced this problem? How woul I solve this with nbar? Am I 
> using the right tool? (and no, I can’t use a Packeteer box for the 
> moment J ).
> Thanks
> Jaime
> ------------------------------------------------------------------------
> _______________________________________________
> unisog mailing list
> unisog at lists.sans.org
> http://www.dshield.org/mailman/listinfo/unisog

More information about the unisog mailing list