Question:
Which tool could I use to monitor and break-down in real-time which bandwidth is routed by iptables to which computers?
Context:
I have a linux box masquerading about 15 devices to internet with iptables with 3 ethernets (2 LAN, 1 WAN).
From time to time, a user consumes all the ADSL bandwidth.
I use bwm-ng for monitoring the traffic and I see a result like this one:
$ bwm-ng
bwm-ng v0.6 (probing every 0.500s), press 'h' for help
input: /proc/net/dev type: rate
/ iface Rx Tx Total
==============================================================================
tun0: 0.00 KB/s 0.00 KB/s 0.00 KB/s
eth0: 31.35 KB/s 649.82 KB/s 681.18 KB/s
eth1: 649.40 KB/s 33.84 KB/s 683.24 KB/s
eth2: 0.00 KB/s 0.00 KB/s 0.00 KB/s
lo: 0.00 KB/s 0.00 KB/s 0.00 KB/s
------------------------------------------------------------------------------
total: 680.75 KB/s 683.66 KB/s 1364.42 KB/s
So I see that traffic received on eth1 (WAN) is routed to some IP into the eth0 (LAN), so someone is making a mega-download.
The thing is that this user uses to consume all the bandwith for hours.
I could discover who is this by doing the following:
- Cutting access to some IPs and observe bwm-ng, then cut others and so. But this is dirty. It would interrupt the service and I don't want to do that.
- Instructing iptables to log all traffic and trying to read the logs, but I think this is like much more painful with respect a tool that displays this over the ssh already digested in a manner similar to that of bwm-ng.
No need of historical data, nor fancy graphics. Just real time info and text over ssh (like bwm-ng) would be perfect.
