Linux bandwidth and iptables
Teddy Mills
teddymills-VFlxZYho3OA at public.gmane.org
Tue Dec 28 22:15:02 UTC 2004
How can I measure the bandwidth my linux server is using?
I am most concerned with overall traffic first, mysql data
second, so I highlighted those.
INPUT CHAIN:
49M 3325M ACCEPT all -- lo any localhost
anywhere
22M 4449M ACCEPT tcp -- any any anywhere
anywhere state RELATED,ESTABLISHED
********************************************************************************************
Q1. Why is 4449M (TCP-established) on 22M packets larger than
3325M(all packets) on 49M packets?
********************************************************************************************
OUTPUT CHAIN:
49M 3325M ACCEPT all -- any lo anywhere
localhost
22M 12G ACCEPT tcp -- any any anywhere
anywhere state NEW,ESTABLISHED
********************************************************************************************
Q2. Same here: Why is 12GB (TCP-established) on 22M packets larger
than 3325M(all packets) on 49M packets?
********************************************************************************************
Q3. Can run this iptables -L -v every day for a week and compare the
numbers?
Will that be accurate?
I have not read my Robert Zeigler books for a few months now (my bad)
I am running iptables, and you can view the summary below.
Q4. This is kind of a crude raw format. Is there something with finer
granularity?
Q5. And easy to setup? (this machine is mission critical)
Im dropping all traffic, except on the ports listed below.
[root at lr1 root]# iptables -L -v
Chain INPUT (policy DROP 127K packets, 27M bytes)
pkts bytes target prot opt in out source
destination
49M 3325M ACCEPT all -- lo any localhost
anywhere
22M 4449M ACCEPT tcp -- any any anywhere
anywhere state RELATED,ESTABLISHED
786 45944 ACCEPT tcp -- eth0 any anywhere
anywhere tcp dpt:ssh
159 7720 ACCEPT tcp -- eth0 any anywhere
anywhere tcp dpt:smtp
2 120 ACCEPT tcp -- eth0 any anywhere
anywhere tcp dpt:domain
4 665 ACCEPT udp -- eth0 any anywhere
anywhere udp dpt:domain
137 6612 ACCEPT tcp -- eth0 any anywhere
anywhere tcp dpt:http
3 144 ACCEPT tcp -- eth0 any anywhere
anywhere tcp dpt:pop3
11 504 ACCEPT tcp -- eth0 any anywhere
anywhere tcp dpt:imap
36 2040 ACCEPT tcp -- eth0 any anywhere
anywhere tcp dpt:https
0 0 ACCEPT tcp -- eth0 any anywhere
anywhere tcp dpt:imaps
0 0 ACCEPT tcp -- eth0 any anywhere
anywhere tcp dpt:2189
0 0 ACCEPT tcp -- eth0 any anywhere
anywhere tcp dpt:2190
0 0 ACCEPT tcp -- eth0 any anywhere
anywhere tcp dpt:2192
0 0 ACCEPT tcp -- eth0 any anywhere
anywhere tcp dpt:2193
0 0 ACCEPT tcp -- eth0 any anywhere
anywhere tcp dpt:2194
0 0 ACCEPT tcp -- eth0 any anywhere
anywhere tcp dpt:2196
====================================================================================================
11998 576K ACCEPT tcp -- eth0 any anywhere
anywhere tcp dpt:mysql
====================================================================================================
62 3044 ACCEPT tcp -- eth0 any anywhere
anywhere tcp dpt:4000
857 93725 ACCEPT udp -- eth0 any anywhere
anywhere udp dpt:4000
0 0 ACCEPT tcp -- eth0 any anywhere
anywhere tcp dpt:5800
0 0 ACCEPT tcp -- eth0 any anywhere
anywhere tcp dpt:5801
0 0 ACCEPT tcp -- eth0 any anywhere
anywhere tcp dpt:5802
9 432 ACCEPT tcp -- eth0 any anywhere
anywhere tcp dpt:5900
0 0 ACCEPT tcp -- eth0 any anywhere
anywhere tcp dpt:5901
0 0 ACCEPT tcp -- eth0 any anywhere
anywhere tcp dpt:5902
0 0 ACCEPT tcp -- eth0 any anywhere
anywhere tcp dpt:5903
0 0 ACCEPT tcp -- eth0 any anywhere
anywhere tcp dpt:x11
0 0 ACCEPT tcp -- eth0 any anywhere
anywhere tcp dpt:6385
197 9456 ACCEPT tcp -- eth0 any anywhere
anywhere tcp dpt:10000
0 0 ACCEPT tcp -- eth0 any anywhere
anywhere tcp dpt:11999
Chain FORWARD (policy DROP 0 packets, 0 bytes)
pkts bytes target prot opt in out source
destination
Chain OUTPUT (policy DROP 4 packets, 777 bytes)
pkts bytes target prot opt in out source
destination
49M 3325M ACCEPT all -- any lo anywhere
localhost
22M 12G ACCEPT tcp -- any any anywhere
anywhere state NEW,ESTABLISHED
0 0 ACCEPT tcp -- any eth0 anywhere
anywhere tcp dpt:ssh
0 0 ACCEPT tcp -- any eth0 anywhere
anywhere tcp dpt:smtp
0 0 ACCEPT tcp -- any eth0 anywhere
anywhere tcp dpt:domain
7524 555K ACCEPT udp -- any eth0 anywhere
anywhere udp dpt:domain
0 0 ACCEPT tcp -- any eth0 anywhere
anywhere tcp dpt:http
0 0 ACCEPT tcp -- any eth0 anywhere
anywhere tcp dpt:pop3
0 0 ACCEPT tcp -- any eth0 anywhere
anywhere tcp dpt:imap
0 0 ACCEPT tcp -- any eth0 anywhere
anywhere tcp dpt:https
0 0 ACCEPT tcp -- any eth0 anywhere
anywhere tcp dpt:imaps
0 0 ACCEPT tcp -- any eth0 anywhere
anywhere tcp dpt:2189
0 0 ACCEPT tcp -- any eth0 anywhere
anywhere tcp dpt:2190
0 0 ACCEPT tcp -- any eth0 anywhere
anywhere tcp dpt:2192
0 0 ACCEPT tcp -- any eth0 anywhere
anywhere tcp dpt:2193
0 0 ACCEPT tcp -- any eth0 anywhere
anywhere tcp dpt:2194
0 0 ACCEPT tcp -- any eth0 anywhere
anywhere tcp dpt:2196
====================================================================================================
0 0 ACCEPT tcp -- any eth0 anywhere
anywhere tcp dpt:mysql
====================================================================================================
0 0 ACCEPT tcp -- any eth0 anywhere
anywhere tcp dpt:4000
0 0 ACCEPT udp -- any eth0 anywhere
anywhere udp dpt:4000
0 0 ACCEPT tcp -- any eth0 anywhere
anywhere tcp dpt:5800
0 0 ACCEPT tcp -- any eth0 anywhere
anywhere tcp dpt:5801
0 0 ACCEPT tcp -- any eth0 anywhere
anywhere tcp dpt:5802
0 0 ACCEPT tcp -- any eth0 anywhere
anywhere tcp dpt:5900
0 0 ACCEPT tcp -- any eth0 anywhere
anywhere tcp dpt:5901
0 0 ACCEPT tcp -- any eth0 anywhere
anywhere tcp dpt:5902
0 0 ACCEPT tcp -- any eth0 anywhere
anywhere tcp dpt:5903
0 0 ACCEPT tcp -- any eth0 anywhere
anywhere tcp dpt:x11
0 0 ACCEPT tcp -- any eth0 anywhere
anywhere tcp dpt:6385
0 0 ACCEPT tcp -- any eth0 anywhere
anywhere tcp dpt:10000
0 0 ACCEPT tcp -- any eth0 anywhere
anywhere tcp dpt:11999
[root at lr1 root]#
--
The Toronto Linux Users Group. Meetings: http://tlug.ss.org
TLUG requests: Linux topics, No HTML, wrap text below 80 columns
How to UNSUBSCRIBE: http://tlug.ss.org/subscribe.shtml
More information about the Legacy
mailing list