Is there software I can install to enable me to monitor inbound and outbound internet traffic for security reasons?
I recently installed ubuntu and loving it because of speed and interface. I want to do what I can to make this the greatest OS I've ever worked with. Can you provide suggestions as to what I should install or do?
I personally use vnstat which works quite nicely as it just sits in the background. You can query it for hourly, daily, monthy stats and there's a nice web based frontend to it called jvnstat.
Here's some examples from my website:-
alan@bishop:~$ vnstat -m
eth0 / monthly
month rx | tx | total | avg. rate
------------------------+-------------+-------------+---------------
Dec '09 10.05 GiB | 38.33 GiB | 48.38 GiB | 151.54 kbit/s
Jan '10 10.83 GiB | 50.71 GiB | 61.55 GiB | 192.76 kbit/s
Feb '10 8.18 GiB | 63.24 GiB | 71.42 GiB | 247.65 kbit/s
Mar '10 10.43 GiB | 93.92 GiB | 104.35 GiB | 326.83 kbit/s
Apr '10 12.56 GiB | 85.59 GiB | 98.15 GiB | 317.63 kbit/s
May '10 12.70 GiB | 94.37 GiB | 107.07 GiB | 335.35 kbit/s
Jun '10 17.02 GiB | 95.04 GiB | 112.06 GiB | 362.66 kbit/s
Jul '10 33.18 GiB | 177.08 GiB | 210.26 GiB | 658.52 kbit/s
Aug '10 25.52 GiB | 37.25 GiB | 62.77 GiB | 196.60 kbit/s
Sep '10 20.70 GiB | 55.09 GiB | 75.79 GiB | 245.29 kbit/s
Oct '10 16.96 GiB | 60.15 GiB | 77.12 GiB | 241.52 kbit/s
Nov '10 23.97 GiB | 72.45 GiB | 96.41 GiB | 502.29 kbit/s
------------------------+-------------+-------------+---------------
estimated 38.58 GiB | 116.62 GiB | 155.20 GiB |
alan@bishop:~$ vnstat -h
eth0 15:16
^ t
| t
| t
| t rt
| t rt rt
| t t rt rt
| t t t rt rt rt t
| t t t t t t t t t rt rt rt t
| rt t t t t t t t t rt rt rt rt rt
| rt rt rt rt rt rt rt r rt rt rt r rt r r r r rt rt rt rt rt rt
-+--------------------------------------------------------------------------->
| 16 17 18 19 20 21 22 23 00 01 02 03 04 05 06 07 08 09 10 11 12 13 14 15
h rx (KiB) tx (KiB) h rx (KiB) tx (KiB) h rx (KiB) tx (KiB)
16 37374 32892 00 28233 90548 08 29588 18472
17 55325 148496 01 27162 32413 09 44442 48771
18 37293 23266 02 23543 75628 10 60487 111111
19 28184 79542 03 26526 9882 11 143143 177348
20 27952 75414 04 28217 76025 12 108370 100327
21 28963 78342 05 26732 9255 13 173459 227965
22 29337 118592 06 26586 13474 14 48390 110247
23 27454 15529 07 26874 11389 15 10813 8882
vnstat is in the repositories and takes just a moment to setup. There's a nice guide on the debian administration website:-
That is a question requiring a very nontrivial answer. The following tools could all be useful to deflect an attack:
nmap -A
netstat -lnptu
kill
the /proc filesystem
iptables
the sentry tools suite
These tools give you a lot of control if you know how to use them and will require some good "hobby time" to learn.
If your only interessted in how much traffic there is (not its destination) you could use a commandline tool called bmon.
Cacti
Cacti is a complete network graphing solution designed to harness the power of RRDTool's data storage and graphing functionality. Cacti provides a fast poller, advanced graph templating, multiple data acquisition methods, and user management features out of the box. All of this is wrapped in an intuitive, easy to use interface that makes sense for LAN-sized installations up to complex networks with hundreds of devices.
Installation:
sudo apt-get install cacti
Bandwidthd
BandwidthD tracks usage of TCP/IP network subnets and builds html files with graphs to display utilization. Charts are built by individual IPs, and by default display utilization over 2 day, 8 day, 40 day, and 400 day periods. Furthermore, each ip address's utilization can be logged out at intervals of 3.3 minutes, 10 minutes, 1 hour or 12 hours in cdf format, or to a backend database server. HTTP, TCP, UDP, ICMP, VPN, and P2P traffic are color coded.
Download from here.
Read more about here
speedometer
If you need a live monitoring of the inbound and outbound traffic rate across a network interface you can try speedometer. I found this command-line based tool very user-friendly.
Install speedometer:
sudo apt-get install speedometer
Use the -rx and -tx options to display bytes received and transmitted on network interface. For example, if your network interface card name is eth0 use the following command:
speedometer -rx eth0 -tx eth0
A live graph like the one shown blow will be displayed in the terminal window. By default, the graph is updated every second. You can change update intervals if you wish.
For more information read the man pages using man speedometer after installing.
As far as your first question is concerned you can use wireshark network analyser to monitor traffic on your network interfaces. some tutorials are here
