Linux - Monitoring system and killing suspect connections

Help for Linux users including games servers, networking, routing and firewalls

Moderator: Emmz

Post Reply
User avatar
red_ned
CiC-GoD
CiC-GoD
Posts: 4757
Joined: Sat Nov 24, 2007 2:23 am
DayZ Name: Hobn0b
Contact:
Contact red_ned

Linux - Monitoring system and killing suspect connections

Post by red_ned »

Internet connection checking - all guides are through a putty SSH connection known as command line access - GUI's are available if you can run something like Tight VNC (free program which works native in Linux but also has free viewers for windows to connect to linux and vice-versa) and remote desktop, but most hosted linux solutions dont have that function.

I use linux (opensuse11 64 bit edition) for my routing and firewall along with it being useful for running processes (bots, scheduled tasks and servers). Its free, runs with no reboot for years, you can get flavours some of which will run on a 486 from floppy disc and is much more secure than windows. So when all the lights on my cable modem are flashing like im downloading huge amounts, but im in bed, then something is up.
I do have processes that up and download as a scheduled task (crontab in linux talk) but none of them should be running.
How do i check whats eating my bandwidth?

Easiest tool i have found is iftop

to install iftop (if not already installed) either as root or with root permissions (like "sudo su")

Code: Select all

zypper install iftop
monitoring bandwidth use per adaptor:

Code: Select all

/usr/sbin/iftop -i eth0
or eth1 etc

This shows you exactly what your connection is being used for.
You can now see who is connected and how much bandwidth they are using, and if something seems suspect then you can proceed to blocking the IP.
Image
May we all fight to live another day.
Top
User avatar
red_ned
CiC-GoD
CiC-GoD
Posts: 4757
Joined: Sat Nov 24, 2007 2:23 am
DayZ Name: Hobn0b
Contact:
Contact red_ned

Re: Monitoring system and killing suspect connections

Post by red_ned »

Blocking IPs
IP tables contain all the data as to what ports are open or blocked and what IP's can use them. If the system has 2 ethernet cards they are labeled starting from 0 to 1 to 2 etc and may all be granted different nat,pat,forwarding and routing.

Code: Select all

iptables -A INPUT -s xxx.xxx.xxx.xx -j DROP
iptables-save
(or "service iptables save" on some linux flavours)

checking

Code: Select all

iptables --list
but to make it easier to read (as the tables can be huge) printing to a txt file helps

Code: Select all

iptables --list >> iptables.txt
Outputs data to iptables.txt rather than displaying it.
Image
May we all fight to live another day.
Top
User avatar
Smock
0ld Sk00L
0ld Sk00L
Posts: 264
Joined: Sat Feb 23, 2008 9:18 pm

Re: Linux - Monitoring system and killing suspect connection

Post by Smock »

iptables ftw

You could try 'netstat' or 'lsof' too

I find 'netstat -tu' quite handy, and lsof for checking open files
ImageImageImage
Visit my Steam Profile - [url=steam://friends/add/76561197960935400]Add me to your Steam friends[/url]
Top
Post Reply

Return to “Linux Help + Networking”