traffic monitoring

[J. Epperson]

Ammad's description indicates that the squid server is a device that can
see all of the traffic destined for the Internet.  It appears to be doing
proxy/NAT for all of the traffic.  Have a look at
http://sarg.sourceforge.net/sarg.php
or a Squid traffic analysis tool.  I've not used it personally, but have
heard good things from colleagues and on discussion groups.

On Wed, August 6, 2008 22:33, Aaron wrote:
> Ammad,
>
> You would need to run that tool on a device that can see all of the
> traffic destin for the internet.  This could be a linux router, or you
> could create a span port from your routers to a dummy interface on a
> unix machine.   If you install ntop on this server, then you can get
> graphical reports showing who is doing what, outside of your squid
> proxy.  To see the same information for each workstation uploading to
> your squid proxy, you can also run ntop on the proxy itself.  If you are
> just trying to see what is being uploaded through your squid proxy, then
> you can find tools on sourceforge (or via google) to generate reports on
> your squid access logs.  It will show you how much data is being uploaded.
>
> I hope that helps point you in a useful direction.
>
>
> Aaron
>
>
> ammad shah wrote:
>> dear all,
>>
>> how do i find; the workstation on lan uploading/downloading from
>> internet real time using "iptraf" or some other software. All traffic
>> is passing through "linux (squid and iptables masquerade). since there
>> are more than 80 workstations. i have configured mrtg to get graph of
>> linux and switches; but users are also copying file from local file
>> and print server, so it is useless to get graph of switches to
>> identify Internet bandwidht.
>>
>> there are some workstations; continously uploading and downloading
>> from Internet (may be spywares) .
>>
>> thanks for help in advance.
>>
>>