[TriLUG] tool to report on used bandwidth

[Dewey Hylton]

> From: "porter" <porter at trilug.org>
> To: trilug at trilug.org
> Sent: Wednesday, September 18, 2013 2:10:17 PM
> Subject: [TriLUG] tool to report on used bandwidth
> 
> 
> I have a friend in India who posed a question to me, and I'm going to
> forward it to the collective TriLUG mind for more insight.
> 
> He is interested in monitoring his home bandwidth usage, with
> detailed
> statistics on what's using the bandwidth.  For example, 2GB from
> YouTube,
> and so on.
> 
> In his case, he has a broadband connection that starts throttling
> after
> he hits 9GB of transfer per month.  He would like to be able to
> monitor
> (1) how much he has used and (2) where he used it.
> 
> He suspects that one of his machines at home may be infected with
> malware
> that is using some of his quota.  Knowing the destination addresses
> (or
> even source addresses) might help track this down.
> 
> My assumptions:
>   - There are multiple machines (laptops, tablets) on his home
>   network.
>   - He is running at least one Windows machine, which may be
>   infected.
>   - He has a Linux-based router, or he can insert a Linux box at the
>     appropriate place in the network to do this measurement.
> 
> He says that he has tried using Ethereal/Wireshark, but that was like
> drinking from the firehose (I am also guessing that if he's running
> it
> on the Windows box, it might not report the malware traffic).
> 
> So I plan to suggest using a Linux box as a router, or a Linux-based
> router, and then using a package that monitors connections and
> network
> usage.  The question is... what would be a good tool for measuring
> this?
> 
> 
> Alan

i have used ntop in the past with great success. it is available as a package
for pfsense, which is a great FOSS firewall product itself.