[clug] simple traffic totals sorted by IP?

Wed Jun 27 13:59:59 MDT 2012

On 27/06/12 08:07, Steve McInerney wrote:
> Sounds like you want something like argus:
> http://www.qosient.com/argus/

Perfect!

For the sake of the list archive, here is what I did:

Installed argus and argus-clients. In /etc/argus.conf I set two variables:

ARGUS_INTERFACE=wlan0
ARGUS_OUTPUT_FILE=/var/log/argus/argus.out

In a screen session I started argus (just 'argus', no command line 
arguments).

To view total bytes sent between a destination IP address:

rasort -r /var/log/argus/argus.out -s daddr bytes

For example, traffic to/from my laptop:

root at bobcat:~# rasort -r /var/log/argus/argus.out -s daddr bytes | grep 
192.168.1.50 | head
       192.168.1.50         84
       192.168.1.50       4662
       192.168.1.50    4211694
       192.168.1.50    8281494
       192.168.1.50    8335856
       192.168.1.50    8309912
       192.168.1.50    8298736
       192.168.1.50    8251482
       192.168.1.50    7441920
       192.168.1.50    4391968

It's easy to check the total Mb transferred while Argus has been logging:

root at bobcat:~# rasort -r /var/log/argus/argus.out -s daddr bytes | grep 
192.168.1.50 | awk '{ SUM += $2 } END { print SUM/1024/1024 }'
107.645

With a small script I can see the top 10 IP addresses for total traffic 
transferred.

Thanks,

-- 
Carlo Hamalainen
http://carlo-hamalainen.net