This discussion has been locked.

You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Monitor all IP traffic from a specific internal or external host

How can I monitor all IP traffic from a specific internal or external host, without interruption of traffic ?

Regards John

ps. I have a internal host and want to see 'real time' all from and to traffic and ports used

This thread was automatically locked due to age.

0 Jack Daniel over 14 years ago

Hello John,

Whenever possible, I like to use a hardware tap and dedicated *nix box for captures. But out here in the real world, I usually either go with a SPAN (or mirror, or whatever your switch vendor calls it) port on the internal client's switch port feeding a capture system (running tcpdump, Wireshark, Netwitness, etc) -or- use tcpdump from a root shell on the ASG.

The tap and SPAN options require set up in advance if you don't want to break the connection(s), so while tcpdump directly on the ASG is not my favorite method, it is often the best answer in cases like yours.

Of course, just running netstat on the client may be easier- but that requires both access to the client and trusting it to report properly.
Cancel
Vote Up 0 Vote Down

Cancel
0 BarryG over 14 years ago

IFTop is also available on the console; you should be able to use the Filter option to only show the relevant host.

Barry
Cancel
Vote Up 0 Vote Down

Cancel
0 rockstaddy over 14 years ago in reply to BarryG

Thanks to BarryG! That's something I'm searching for a long time. [:)]

Is there something (maybe a tool) i can write down a dump or log which client has used a bandwith at a specific time. Such a mirroring on a switch. I've tried to do this with a TCPdump but I can't find a tool to analyze this. Whireshark can't display the information our customer need.

Regards
Cancel
Vote Up 0 Vote Down

Cancel