Finding out specific IP making 50MB/s downloads?

General questions.
Post Reply
ramses2010
Posts: 22
Joined: February 10th, 2016, 7:28 am

Finding out specific IP making 50MB/s downloads?

Post by ramses2010 » August 22nd, 2016, 8:06 pm

Hello IP Fire.

Is there a way to find out in real time which specific IP/Workstation is currently downloading gigantic files through the firewall? I see in the dashboard "Traffic" sometimes register at 80MB/s . How do I pinpoint which ip or ip's are currently making this specific connection?

Thank You,
Safari2010

ramses2010
Posts: 22
Joined: February 10th, 2016, 7:28 am

Re: Finding out specific IP making 50MB/s downloads?

Post by ramses2010 » August 25th, 2016, 7:37 am

Anyone? 99 views 0 replies :(

salida
Posts: 32
Joined: July 18th, 2015, 9:33 pm

Re: Finding out specific IP making 50MB/s downloads?

Post by salida » August 25th, 2016, 9:25 am

some days ago i had the same question.

ipfire - > status -> connections ->
Use the little arrows above download/upload to sort accordingly.

There you will find out who is currently maxing out the download speed.
I wish there was a simple way to find this out from bash... (any suggestions?)

Garp
Posts: 127
Joined: July 8th, 2014, 7:38 am
Location: The Netherlands
Contact:

Re: Finding out specific IP making 50MB/s downloads?

Post by Garp » August 25th, 2016, 11:58 am

From bash it is also very possible. Install the 'iftop' utility via pakfire.

Then login via ssh and run it. I think you can select the interface on which it listens, so in your case i would suggest

Code: Select all

iftop -i green0 
to show which client on the internal lan is causing this. If you have multiple interfaces you should check multiple interfaces ;)
Image
Provide some additional protection for the clients on your network in a few easy steps: viewtopic.php?f=27&t=12122&p=78219#p78219

ummeegge
Community Developer
Community Developer
Posts: 5001
Joined: October 9th, 2010, 10:00 am

Re: Finding out specific IP making 50MB/s downloads?

Post by ummeegge » August 25th, 2016, 3:09 pm

Hi,
iptraf-ng --> http://wiki.ipfire.org/en/addons/iptraf-ng/start deliver also an possibility for logging also the used bytes/packets per IP. Some Bash commands should deliver there a summary and a better overview.

Pmacct is therefor also usable even it is currently not available as an Pakfire addon i have nevertheless build it some time ago. Potential output could looks like this --> https://forum.ipfire.org/viewtopic.php? ... 699#p89551 .
But you can get there also a history over days, weeks, years via MySQL if you want to. An example for installation/usage can be found in here --> viewtopic.php?f=50&t=14849 .

If you do not want the whole package (initscript, config dir, logs, logrotate, ...) the usage for the binaries only is also possible --> http://people.ipfire.org/~ummeegge/pmac ... _binaries/ .

UE
Image
Image

salida
Posts: 32
Joined: July 18th, 2015, 9:33 pm

Re: Finding out specific IP making 50MB/s downloads?

Post by salida » August 25th, 2016, 7:21 pm

I would like to thank you both.
iftop is fairly easy to use on the other hand iptraf-ng seems more thorough so i'll have to dig a bit deeper.

Post Reply