This is a static archive of our old Q&A Site. Please post any new questions and answers at ask.wireshark.org.

monitoring vps

0

hi I have a vps and I wanna to monitor it. I want to know witch IPs connect to it and how much traffic they use from it ( for any IP).

thanks

asked 23 Apr '14, 03:32

mosa's gravatar image

mosa
11446
accept rate: 0%

can you please add your definition for vps, as there are several definitions for vps, like:

To be more specific: Please be more specific and add more details to your question by adding a comment to the question itself ;-))

So,

  • what kind of VPS is it?
  • do you host it, or an ISP?
  • are you able to install software on it?
  • do you have a root shell?
  • etc.
  • etc.
(23 Apr '14, 11:48) Kurt Knochner ♦

Hi thanks for your attention vps means "Virtual Private Server" and I host it. I can able to install any software on it by root shell.

thanks

(23 Apr '14, 22:23) mosa

2 Answers:

1

vps means "Virtual Private Server" and I host it. I can able to install any software on it by root shell.

for your requirement you should use tcpdump on the VPS to capture traffic, as that's most certainly already installed if the VPS is a Lunix/Unix/*BSD system. Then copy the capture file to a different system to analyze it with Wireshark.

tcpdump -ni eth0 -s0 -w /tmp/vps.pcap 'port xxxx'

Please replace port xxxx with whatever capture filter you may need.

Then copy the file (with scp/ftp) to your Wireshark analysis system.

Regards
Kurt

answered 24 Apr '14, 01:18

Kurt%20Knochner's gravatar image

Kurt Knochner ♦
24.8k1039237
accept rate: 15%

edited 24 Apr '14, 01:18

thanks a lot but can you explain these parameters??? -ni ??? -s0 ???

note that I captured traffic from my vps by 'Tshark' but the performance for my VPS decreased because Tshark used cpu at high level. does Tcpdump use cpu like tshark ??? do you know tools that can capture traffic without use cpu like tshark??? do you know tools that capture traffic more than 2Gig/s ???

thanks

(25 Apr '14, 22:38) mosa

o you know tools that capture traffic more than 2Gig/s ???

2Gig/s for a VPS? I guess you should add much more details about your environment and what you are actually trying to do.

I want to know witch IPs connect to it and how much traffic they use from it ( for any IP).

This sounds more like you are trying to do some form of accounting. In that case both, tcpdump and tshark are the wrong tools for you and we need more information about what exactly you want to do accounting for.

(26 Apr '14, 11:52) Kurt Knochner ♦

0

A tool like ntop or darkstat would be a better choice if you just want statistics (traffic, protocols, ports). The latter should be more resource friendly. Try and see what fits your needs.

answered 26 Apr '14, 06:52

Roland's gravatar image

Roland
7642415
accept rate: 13%