From 14a22b5a546d1c095387618028bce2465f963f28 Mon Sep 17 00:00:00 2001 From: Denys Fedoryshchenko Date: Wed, 25 Oct 2023 19:52:52 +0300 Subject: [PATCH] Add misc tools --- PPPOE_misc_tricks.md | 53 ++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 53 insertions(+) create mode 100644 PPPOE_misc_tricks.md diff --git a/PPPOE_misc_tricks.md b/PPPOE_misc_tricks.md new file mode 100644 index 0000000..65b8e46 --- /dev/null +++ b/PPPOE_misc_tricks.md @@ -0,0 +1,53 @@ +# Misc tricks for GlobalOS + +## trafw +Trafw allows to see bidirectional traffic statistics. + +Usage: trafw interface1 "interface1 pcap filter" interface2 "interface2 pcap filter" timer + +Example: +``` +trafw ppp0 "inbound" ppp0 "outbound" 1 +``` +Will show inbound and outbound traffic on ppp0 every second. + +## iptop + +Usage: iptop interface "pcap filter" packets (dst|src) [p|b] + +Example: +``` +iptop eth0 "inbound" 10000 dst +``` +Show top 20 destination ip address by rate. (top consumers) + +## tcpdump and accel-cmd + +To check user traffic you need to use tcpdump and accel-cmd. + +To find out interface name of user you can use: +``` +accel-cmd show sessions + +pppoe-9 ~ # accel-cmd show sessions|more + ifname | username | calling-sid | ip | type | comp | state | uptime +---------+-----------------+-------------------+----------------+-------+------+--------+------------- + ppp185 | user1 | 6c:3b:6b:73:33:11 | 172.17.16.185 | pppoe | | active | 17.00:56:54 + ppp305 | user2 | 50:0f:f5:40:22:22 | 172.17.17.49 | pppoe | | active | 17.00:56:53 + ppp318 | user3 | 6c:3b:6b:c4:11:33 | 172.17.17.62 | pppoe | | active | 17.00:56:53 +``` + +Which means that user1 is connected to ppp185 interface, user2 to ppp305 and user3 to ppp318. +To check traffic of user1 you need to use: +``` +tcpdump -ni ppp185 -vvv -c 100 +``` +Which means: +* -n - do not resolve ip addresses (we don't need it) +* -i ppp185 - listen on ppp185 interface +* -vvv - verbose output +* -c 100 - capture 100 packets and exit + + + +