Monitoring Bandwith on Linux box

Taking care of your Linux box.
Post Reply
JazzyB
Lance Naik
Posts: 22
Joined: Mon Nov 12, 2007 10:59 am

Monitoring Bandwith on Linux box

Post by JazzyB »

Dear all

I am using squid on redhat9. Some pc in my network is generating spam traffic. Router log shows my squid wan ip. Is there any software that display In & Out traffic in squid and maintain log file or any command that shows nat table in squid.
For port 80 i am using sarg. I need solution for rest of ports.

:?:
lambda
Major General
Posts: 3452
Joined: Tue May 27, 2003 7:04 pm
Location: Lahore
Contact:

Post by lambda »

what kind of spam traffic? email spam? you should disable all forwarding for the smtp port, so that all mail traffic on your network goes through your host. you can do all the filtering there. at the very least, your mail log file will show you who the main senders are.

are you sure your proxy server isn't compromised? redhat 9 is ancient, and has lots of unpatched security holes.
Watch out for the Manners Taliban!
Isn't it amazing how so many people can type "linuxpakistan.net" into their browsers but not "google.com"?
x2oxen
Major General
Posts: 1114
Joined: Wed Aug 22, 2007 3:17 pm
Location: Faisalabad
Contact:

Post by x2oxen »

switch to some latest distro first.
Muhammad Usman
+92-321-6640501
Chemonics International
http://usmanpk.com
JazzyB
Lance Naik
Posts: 22
Joined: Mon Nov 12, 2007 10:59 am

smtp traffic

Post by JazzyB »

Dear lambda

router is showing smtp traffic. like spam generator on any system is creating
spams. i can catch spam generating system by changing ip addresses but i need real solution.
May be there is possibility of server side.if there is so what distro you both recommend me to use for proxy server.
I cannot stop smtp traffic coz some visiting people on my network needs smtp so i cannot start and stop smtp traffic. Is there any software which generate report of my server in which it show lan requests ports and ips like sarg does for squid traffic. One thing i am using squid as gateway and i am redirecting all traffic to squid from rc.local.
Any easy to install and use software coz i am new to linux.



:roll:
syedbilalmasaud
Naib Subedar
Posts: 347
Joined: Thu Aug 18, 2005 9:25 am
Location: Attock
Contact:

Post by syedbilalmasaud »

Dear Jazzy ,


for that there is one method available which is may be little bit complicated for you , but using this you can find out exact machine and destination host on which your spam is going or some malformed traffic

you need to use tcpdump

for that you must have tcpdump installed

# tcpdump -i eth0 -vns 0 port 25

or you can save it to some file and open it in tshark on windows application and see the packet flow

# tcpdump -i eth0 -vns 0 port 25 -w port-25.pcap

this process can be stopped by pressing ctrl+C any time

where eth0 is your LAN interface on which you lan users are connected

hope it will help you to trace your problem exactly but for that you must know how to read packet

Cheers:)
Bilal
Cheers :)

:D B I L A L :D
JazzyB
Lance Naik
Posts: 22
Joined: Mon Nov 12, 2007 10:59 am

which distro

Post by JazzyB »

Dear lambda

Thanks for help. I have used tcpdump but in redhat el 4.0. It is really good software and offcourse will help me.
can you help me which distro should i shift which is stable and have minimum security loops. I am using redhat 9 which is good and squid uptime is fine.


:)
lambda
Major General
Posts: 3452
Joined: Tue May 27, 2003 7:04 pm
Location: Lahore
Contact:

Post by lambda »

ubuntu 8.04 server edition. 8.04 is an lts release (long term support -- you won't need to reinstall for five years).
Watch out for the Manners Taliban!
Isn't it amazing how so many people can type "linuxpakistan.net" into their browsers but not "google.com"?
Post Reply