Page 1 of 1

Finding out specific IP making 50MB/s downloads?

Posted: August 22nd, 2016, 8:06 pm
by ramses2010
Hello IP Fire.

Is there a way to find out in real time which specific IP/Workstation is currently downloading gigantic files through the firewall? I see in the dashboard "Traffic" sometimes register at 80MB/s . How do I pinpoint which ip or ip's are currently making this specific connection?

Thank You,
Safari2010

Re: Finding out specific IP making 50MB/s downloads?

Posted: August 25th, 2016, 7:37 am
by ramses2010
Anyone? 99 views 0 replies :(

Re: Finding out specific IP making 50MB/s downloads?

Posted: August 25th, 2016, 9:25 am
by salida
some days ago i had the same question.

ipfire - > status -> connections ->
Use the little arrows above download/upload to sort accordingly.

There you will find out who is currently maxing out the download speed.
I wish there was a simple way to find this out from bash... (any suggestions?)

Re: Finding out specific IP making 50MB/s downloads?

Posted: August 25th, 2016, 11:58 am
by Garp
From bash it is also very possible. Install the 'iftop' utility via pakfire.

Then login via ssh and run it. I think you can select the interface on which it listens, so in your case i would suggest

Code: Select all

iftop -i green0 
to show which client on the internal lan is causing this. If you have multiple interfaces you should check multiple interfaces ;)

Re: Finding out specific IP making 50MB/s downloads?

Posted: August 25th, 2016, 3:09 pm
by ummeegge
Hi,
iptraf-ng --> http://wiki.ipfire.org/en/addons/iptraf-ng/start deliver also an possibility for logging also the used bytes/packets per IP. Some Bash commands should deliver there a summary and a better overview.

Pmacct is therefor also usable even it is currently not available as an Pakfire addon i have nevertheless build it some time ago. Potential output could looks like this --> https://forum.ipfire.org/viewtopic.php? ... 699#p89551 .
But you can get there also a history over days, weeks, years via MySQL if you want to. An example for installation/usage can be found in here --> viewtopic.php?f=50&t=14849 .

If you do not want the whole package (initscript, config dir, logs, logrotate, ...) the usage for the binaries only is also possible --> http://people.ipfire.org/~ummeegge/pmac ... _binaries/ .

UE

Re: Finding out specific IP making 50MB/s downloads?

Posted: August 25th, 2016, 7:21 pm
by salida
I would like to thank you both.
iftop is fairly easy to use on the other hand iptraf-ng seems more thorough so i'll have to dig a bit deeper.