Airport traffic monitoring

Is there a way to tell traffic (data flow) my Airport Express is passing?
I want to see how much other wireless devices, Macs & PCs are using of my Airport while I observe this on my iMac.
Thanks for tips.

You can see a list of wireless devices that are connected to the Express (under Advanced>Logs and Stats in Airport Utility), but not the traffic flowing through it.

Similar Messages

  • L4 Traffic Monitor question

    In the IronPort web security appliance documentation, it indicates that the L4 traffic monitor ports (T1 and/or T2) should be connected to either a network tap or switch span.
    I'm a little confused as to how this is supposed to be set up.
    Does it mean that you take 2 ports on a switch, one on the same subnet/vlan as the P1 interface (data) on the IronPort, and the other that is on the subnet/vlan as the firwall (outbound Internet traffic) and create 2 monitor sessions (spans)? If so, where are these sessions pointed to?
    Isn't the IronPort supposed to be doing the tapping/inspection?
    The whole external tap thing has me confused.

    Colin,
    One way to think of it is that the WSA has 2 inspection engines that don't actually talk to one another...
         1. the web proxy, where you're using WCCP to send specific traffic to
         2. the L4TM engine that you send a spanned port to to catch all of the other weird stuff.
    The web proxy does all of the user tracking/policy stuff, etc. Watching a specific set of ports.
    The L4TM is intended for malware that might be running on your net... sort of like the Botnet Traffic filter that's available on ASA.
    That said, you'll use 1 port for P1 on whatever vlan, redirection to that happens via WCCP or explicit proxy. 
    For the L4TM tap you can use 1 or 2 ports on the swtich, or none if you use an external tap.  In the Network/Interfaces page, you set whether you want L4TM to use simplex or Duplex.  If you use Duplex, just do a span session off the port the firewall is plugged into to the port that you connect T1 into...
    If you use Simplex, you do 2 span sessions off of the port the firewall is connected to... ingress traffic on the port (eg. out of the firewall) to the port T1 is connected to, egress traffic on the port (eg. going to the firewall) spanned to the port T2 is hooked up to. 
    If you use an external tap, put it inline between the firewall and the switch, set the WSA for duplex and connect the "monitor" port to T1...
    Hope that helps!
    Ken

  • Any way to maintain airport traffic while lid is closed?

    I'm sort of new to dealing with apple computers and I might just totally be missing something but...
    I'm trying to get my new MBA to maintain airport traffic while the laptop is closed. So that way it can continue downloads while it's closed.
    Am I missing something or is this just not possible?

    Hi,
    I dont think it is possible to close the lid and continue to maintain the airport traffic because once you closed the lid, MBA will go to sleep and stop running all application.
    Cheers.

  • Need help in generating L4 Traffic monitor logs

    Hi,
    As a part of my project I need to study different types of logs produced by Cisco IronPort. I could generate some access and authentication logs however not sure about generating the L4 Traffic Monitor logs. Can anyone point me to right documentation that will help me generate those logs?
    Thanks,
    Harshad Kashikar

    Harshad,
    L4 Traffic Monitoring needs to be configured within the IronPort - first question is do you have a SPAN/TAP port set up on your switch to capture L4 traffic?
    Second, I only use this feature to capture information on malware/spyware - I have seen P2P, IRC, and 'phone-home' traffic amongst other things.  Do you have an infected host you can monitor?
    BF

  • Airport Client Monitor for Intel

    It appears that the ever-useful Airport Client Monitor does not work on Intel Macs. Am I wrong - is there a universal version?
    I've just found a donationware utility "AP Grapher" that may be a useful substitute available here:
    http://www.chimoosoft.com/products/apgrapher/
    I've been testing for a day so far. It looks good - I think a donation is deserved. I've only glanced at the "stumbler" function, but that looks good too.
    From the Macreviewcast
    "AP Grapher is a freeware tool for plotting the strength of a network as a function of time. AP Grapher has received a recent (Dec 06) update to Universal Binary along with some performance enhancements. It now does all the stuff that the Airport Client Monitor does as well as what MacStumbler does in one tool. The most valuable part is the time domain plot of Airport link characteristics. The plot will record data for as much as half an hour."

    this would appear to the the problem.
    Actually, NONE of the older tools that report on wireless networks or status work anymore.
    iStumbler has been fixed. I imagine that the rest will get fixed in time.
    - gws

  • L4 traffic monitor - blocking traffic ?

    Hello
    How does L4 traffic monitor is blocking traffic if T1/T2 ports are "tap/sniffed ports" ?
    For SPAN we might have "ingress vlan feature" which would allow us to send TCP RST (like IPS does),
    but for hardware TAP we do not have such a feature.
    So - maybe L4 traffic monitor can not block any traffic, just make a decision what to block and execution is on WebProxy and P1/2 ports ?
    Thanks

    Michael,
    Yes, the reset is sent via P1
    Ken
    Sent from Cisco Technical Support iPad App

  • Can an Ironport work in both WCCPv2 and L4 Traffic monitoring modes at the same time?

    Hello Ciscoers,
    We have an ironport installed and we use WCCPv2 to redirect the traffic. And as it occurs, I have a need to forward the traffic for another network, that uses another path to the Internet.
    So I was thinking using the L4 Traffic Monitoring.
    To the best of your knowledge, is there a way to have the appliance use both WCCPv2 and L4 Traffic monitoring at the same time? From the configuration, it's one or the other.
    Thanks,
    J.

    Ok. I'll try.
    As a matter of fact, I plan to use policy-based routing to forward all the "interesting" traffic to the appliance.
    For your TCP-Resets not seen, do you allow ingress on the span session?
    J.

  • Traffic monitoring for Coherence 3.1

    The objective of our small project is to monitor the traffic on our coherence clusters. We also were trying to put the cache traffic as a object in the same cache name. The problem we encountered was during performance tests something happened to the coherence clusters and there appears to be some kind of lock not being released for others which made all the weblogic cluster go down. Weblogic went down with "too many open files". We have thread dumps which I can send if you guys need it nevertheless I have attached a part which I suspect is the reason.
    Heres the Code that was trying to do the monitoring. The doPut Servlet method does the put , after the put it calls a method RegisterTraffic which has a small logic to increment the count & put back into the cache. It has a Lock for the particular "Traffic" key.
    * The Servlets doPut method - Handles the Cache Put Requests
    * @param HttpServletRequest request, HttpServletResponse response
    * @return void
    * @throws CacheException
    public void doPut(HttpServletRequest request, HttpServletResponse response) throws
    ServletException, IOException {
         ServletOutputStream out = response.getOutputStream();
         String value = "";
         try {
              String id = request.getPathInfo();
              String expires = request.getHeader("Expires");
              String contentType = request.getContentType();
              String app_name = request.getHeader("App-Name");
              int contentLength = request.getContentLength();
              if (contentLength > 0) {
                   byte valueArray[] = new byte[contentLength];
                   ServletInputStream in = request.getInputStream();
                   int bytesRead = 0;
                   int offset = 0;
                   while (bytesRead > -1) {
                        bytesRead =
                             in.read(valueArray, offset, valueArray.length - offset);
                        offset += bytesRead;
                        if (offset == contentLength) {
                        break;
                   DataObject myValue = new DataObject();
                   myValue.setByte(valueArray);
                   myValue.setExpirationTime((Long.parseLong(expires))*1000);
                   Cache_Manager.put(id, myValue);
                   response.setContentType("application/octet-stream");
                   value = "ID "+id+" Stored";
                   out.write(value.getBytes());
                   out.flush();
                   RegisterTraffic(app_name,"PUT");
         } catch (Exception ex) {
              response.setContentType("application/octet-stream");
              value = "CACHE_ERROR:"+ErrorCode.INTERNAL_PROBLEM_CODE+":"+"doPut:"+ErrorCode.INTERNAL_PROBLEM_MSG;
              response.setContentLength(value.length());
              out.write(value.getBytes());
              throw new ServletException(value+"\n"+ex.getMessage());
    * The Servlets Traffic Monitor method - Handles the Traffic monitoring
    * @param appname, get or put or clear
    * @return void
    * @throws CacheException
    public void RegisterTraffic(String appName, String action) {
         String trafficKey = "Traffic";
         try {
              HashMap hmTotal = new HashMap();
              HashMap hmToday = new HashMap();
              Object obj = null;
              HIDataObject dObj = null;
              String today = (new java.util.Date().toString()).substring(0,3);
              //String today = "SAT";
              Long totalTrafficCount = new Long(1);
              Long todayTrafficCount = new Long(1);
              long totalCnt = 0;
              long todayCnt = 0;
              // Lock the Object.
              Cache_Manager.lock(trafficKey,-1);
              try{
                   dObj = (HIDataObject)Cache_Manager.get(trafficKey);
              } catch(java.lang.NullPointerException nex) {
                   // If this Exception then we are doing it for the first time.
                   // Ignore this exception
              } catch(Exception exe) {
                   CacheLog.error("CACHE_ERROR: RegisterTraffic Failed with Following Exception\n"+exe.getMessage());
              if (dObj != null) {
                   hmTotal = dObj.getTotalTrafficHashMap();
                   hmToday = dObj.getTodayTrafficHashMap();
              // HashMap.get will throw error for the first time , so initialize to 1.
              try{
                   totalTrafficCount = (Long)hmTotal.get(appName+"-"+action);
              } catch(java.lang.NullPointerException nex) {
                   CacheLog.error("CACHE_ERROR: RegisterTraffic Failed with Following Exception\n"+nex.getMessage());
              try{
                   todayTrafficCount = (Long)hmToday.get(today+"-"+appName+"-"+action);
              } catch(java.lang.NullPointerException nex) {
                   CacheLog.error("CACHE_ERROR: RegisterTraffic Failed with Following Exception\n"+nex.getMessage());
              try{
                   totalCnt = totalTrafficCount.longValue();
                   todayCnt = todayTrafficCount.longValue();
              } catch (Exception e) {
              // Increase the counn here
              totalCnt++;todayCnt++;
              hmTotal.put(appName+"-"+action,new Long(totalCnt));
              hmToday.put(today+"-"+appName+"-"+action,new Long(todayCnt));
              try{
                   HIDataObject myValue = new HIDataObject();
                   myValue.setTotalTrafficHashMap(hmTotal);
                   myValue.setTodayTrafficHashMap(hmToday);
                   myValue.setExpirationTime(86400000);
                   Cache_Manager.put(trafficKey, myValue);
              } catch (Exception exe){
                   CacheLog.error("CACHE_ERROR: RegisterTraffic Failed with Following Exception\n"+exe.getMessage());
         } catch (Exception ex) {
              CacheLog.error("CACHE_ERROR: RegisterTraffic Failed with Following Exception\n"+ex.getMessage());
         } finally {
              Cache_Manager.unlock(trafficKey);
    Weblogic Thread Dumps
    "TcpRingListener" id=76 idx=0x96 tid=19164 prio=6 alive, in native, daemon
    at java/net/PlainSocketImpl.socketAccept(Ljava/net/SocketImpl;)V(Native Method)
    at java/net/PlainSocketImpl.accept(Ljava/net/SocketImpl;)V(PlainSocketImpl.java:353)
    ^-- Holding lock: java/net/PlainSocketImpl@0xc5f4238[thin lock]
    at java/net/ServerSocket.implAccept(Ljava/net/Socket;)V(ServerSocket.java:448)
    at java/net/ServerSocket.accept()Ljava/net/Socket;(ServerSocket.java:419)
    at com/tangosol/coherence/component/net/socket/TcpSocketAccepter.accept()Lcom/tangosol/coherence/component/net/socket/TcpSocket;(TcpSocketAccepter.CDB:17)
    at com/tangosol/coherence/component/util/daemon/TcpRingListener.acceptConnection()V(TcpRingListener.CDB:9)
    at com/tangosol/coherence/component/util/daemon/TcpRingListener.onNotify()V(TcpRingListener.CDB:1)
    at com/tangosol/coherence/component/util/Daemon.run()V(Daemon.CDB:34)
    at java/lang/Thread.run()V(Unknown Source)
    at jrockit/vm/RNI.c2java(IIII)V(Native Method)
    -- end of trace
    "DistributedCache" id=78 idx=0x98 tid=19165 prio=5 alive, in native, waiting, daemon
    -- Waiting for notification on: com/tangosol/coherence/component/util/daemon/QueueProcessor$Queue@0xc5c6998[fat lock]
    at jrockit/vm/Threads.waitForSignal(J)Z(Native Method)
    at java/lang/Object.wait(J)V(Native Method)[optimized]
    at com/tangosol/coherence/component/util/Daemon.onWait()V(Daemon.CDB:9)[optimized]
    ^-- Lock released while waiting: com/tangosol/coherence/component/util/daemon/QueueProcessor$Queue@0xc5c6998[fat lock]
    at com/tangosol/coherence/component/util/Daemon.run()V(Daemon.CDB:31)
    at java/lang/Thread.run()V(Unknown Source)
    at jrockit/vm/RNI.c2java(IIII)V(Native Method)
    -- end of trace
    "ListenThread.Default" id=79 idx=0x9a tid=19166 prio=5 alive, in native
    at java/net/PlainSocketImpl.socketAccept(Ljava/net/SocketImpl;)V(Native Method)
    at java/net/PlainSocketImpl.accept(Ljava/net/SocketImpl;)V(PlainSocketImpl.java:353)
    ^-- Holding lock: java/net/PlainSocketImpl@0x1729efc8[thin lock]
    at java/net/ServerSocket.implAccept(Ljava/net/Socket;)V(ServerSocket.java:448)
    at java/net/ServerSocket.accept()Ljava/net/Socket;(ServerSocket.java:419)
    at weblogic/socket/WeblogicServerSocket.accept()Ljava/net/Socket;(WeblogicServerSocket.java:26)
    at weblogic/t3/srvr/ListenThread.accept()Ljava/net/Socket;(ListenThread.java:735)
    at weblogic/t3/srvr/ListenThread.run()V(ListenThread.java:301)
    at jrockit/vm/RNI.c2java(IIII)V(Native Method)
    -- end of trace
    Blocked lock chains
    ===================
    Chain 2:
    "ExecuteThread: '2' for queue: 'weblogic.socket.Muxer'" id=53 idx=0x70 tid=18903 waiting for java/lang/String@0x102fb4d8 held by:
    "ExecuteThread: '1' for queue: 'weblogic.socket.Muxer'" id=52 idx=0x6e tid=18902 in chain 1
    Coherence Thread Dumps
    "PacketPublisher" id=21 idx=0x32 tid=20248 prio=6 alive, in native, waiting, daemon
    at jrockit/vm/Threads.waitForSignal(J)Z(Native Method)
    at java/lang/Object.wait(J)V(Native Method)
    at com/tangosol/coherence/component/util/Daemon.onWait()V(Daemon.CDB:9)
    ^-- Lock released while waiting: com/tangosol/coherence/component/net/Cluster$PacketPublisher$Queue@0xcb36648[fat lock]
    at com/tangosol/coherence/component/util/Daemon.run()V(Daemon.CDB:31)
    at java/lang/Thread.run()V(Unknown Source)
    at jrockit/vm/RNI.c2java(IIII)V(Native Method)
    -- end of trace
    "Cluster" id=22 idx=0x34 tid=20249 prio=5 alive, in native, waiting, daemon
    -- Waiting for notification on: com/tangosol/coherence/component/net/Cluster$ClusterService$Queue@0xcb30190[fat lock]
    at jrockit/vm/Threads.waitForSignal(J)Z(Native Method)
    at java/lang/Object.wait(J)V(Native Method)
    at com/tangosol/coherence/component/util/Daemon.onWait()V(Daemon.CDB:9)
    ^-- Lock released while waiting: com/tangosol/coherence/component/net/Cluster$ClusterService$Queue@0xcb30190[fat lock]
    at com/tangosol/coherence/component/util/Daemon.run()V(Daemon.CDB:31)
    at java/lang/Thread.run()V(Unknown Source)
    at jrockit/vm/RNI.c2java(IIII)V(Native Method)
    -- end of trace
    "PO Async Executor" id=27 idx=0x36 tid=20436 prio=5 alive, in native, waiting, daemon
    -- Waiting for notification on: java/lang/Object@0xa7573d8[fat lock]
    at jrockit/vm/Threads.waitForSignal(J)Z(Native Method)
    at jrockit/vm/Locks.wait(Ljava/lang/Object;J)V(Unknown Source)
    at java/lang/Object.wait()V(Native Method)
    at com/wily/EDU/oswego/cs/dl/util/concurrent/BoundedLinkedQueue.take()Ljava/lang/Object;(BoundedLinkedQueue.java:225)
    ^-- Lock released while waiting: java/lang/Object@0xa7573d8[fat lock]
    at com/wily/EDU/oswego/cs/dl/util/concurrent/QueuedExecutor$RunLoop.run()V(QueuedExecutor.java:82)
    at java/lang/Thread.run()V(Unknown Source)
    at jrockit/vm/RNI.c2java(IIII)V(Native Method)
    -- end of trace
    "TcpRingListener" id=24 idx=0x38 tid=20252 prio=6 alive, in native, daemon
    at java/net/PlainSocketImpl.socketAccept(Ljava/net/SocketImpl;)V(Native Method)
    at java/net/PlainSocketImpl.accept(Ljava/net/SocketImpl;)V(PlainSocketImpl.java:353)
    ^-- Holding lock: java/net/PlainSocketImpl@0xd441530[thin lock]
    at java/net/ServerSocket.implAccept(Ljava/net/Socket;)V(ServerSocket.java:448)
    at java/net/ServerSocket.accept()Ljava/net/Socket;(ServerSocket.java:419)
    at com/tangosol/coherence/component/net/socket/TcpSocketAccepter.accept()Lcom/tangosol/coherence/component/net/socket/TcpSocket;(TcpSocketAccepter.CDB:17)
    at com/tangosol/coherence/component/util/daemon/TcpRingListener.acceptConnection()V(TcpRingListener.CDB:9)
    at com/tangosol/coherence/component/util/daemon/TcpRingListener.onNotify()V(TcpRingListener.CDB:1)
    at com/tangosol/coherence/component/util/Daemon.run()V(Daemon.CDB:34)
    at java/lang/Thread.run()V(Unknown Source)
    at jrockit/vm/RNI.c2java(IIII)V(Native Method)

    Hi user638596.
    Frankly, there is not enough information to go by. The code you pointed to is definitely not "bullet proof". First, after the lock has been acquired, it only catches Exceptions, so any Errors (e.g. OutOfMemoryError) would "leak" a lock. In general, the locking-protected code should look like (in pseudo-code):
    lock();
    try
      operations();
    finally
      unlock();
      }However, without seeing the log files and entire thread dump, it's impossible to figure out a real reason. I'd suggest you to submit those to our support at Oracle Metalink.
    Regards,
    Gene

  • AirPort Client Monitor

    Apple's utility AirPort Client Monitor (version 1.0, 2004/04/06, PowerPC) crashes on my MacBook running OS X 10.5.7. Given its age, that doesn't surprise me too much. Has Apple released anything newer that might provide similar functionality? Does the AirPort Utility's "Logs and Statistics" pane with the "Wireless Clients" tab do an equivalent job?
    On the topic of AirPort monitors, MacStumbler 0.75b (the newest one from 2003-07-14) is also crashing. I guess it's also a lost cause.

    Tesserax wrote:
    Have you tried any of the following to see if they will do what you are looking for?
    o Air Radar
    That utility is shareware. Apple's AirPort Client Monitor was free. I was also wondering if Apple itself had a utility to replace AirPort Client Monitory.
    o AP Grapher
    That looks like it could be useful. That link also showed me something new to me about Apple's Web site. I knew about apple.com/support/downloads, but not that Apple's Web site offered downloads of third-party utilities.
    o iStumbler
    I have that installed on my computer. However, at 28 months old, it may start showing its age at some point.
    Thanks for the AP Grapher reference.

  • [Request] NTM - Network Traffic Monitor

    Hi to everyone:
    Could anyone package this?: NTM - Network Traffic Monitor
    NTM is a monitor of the network and internet traffic for GNU/Linux. Some characteristics:
        * Choice of the interface to monitoring.
        * Period to monitoring: Day, Week, Month, Year or Custom Days. With autoupdate.
        * Threshold: Autodisconnection if a limit is reached (by NetworkManager).
        * Traffic Monitoring: Inbound, outbount and total traffic; Show the traffic speed.
        * Time Monitoring: Total time of connections in the period.
        * Time Slot Monitoring: Number of sessions used.
        * Reports: Show of average values and daily traffic of a configurable period.
        * Online checking with NetworkManager or by "Ping Mode".
        * The traffic is attributed to the day when the session began.
        * Not need root privilege.
        * Not invasive, use a system try icon.
    NTM is useful for the people that have a internet plan with a limit, and moreover the exceed traffic is expensive.
    NTM is write in python and is a open source software, the license is the GNU GPL v2.
    A lot of thanks.

    #Maintairner: Brieuc Roblin <brieuc.roblin at gmail dot com>
    pkgname='ntm'
    pkgver='1.2.2'
    pkgrel='1'
    pkgdesc="Monitor of the network and internet traffic"
    arch=('i686' 'x86_64')
    license=('GPL')
    depends=('pywebkitgtk' 'lsb-release' 'networkmanager')
    makedepends=('dpkg')
    url=('http://netramon.sourceforge.net/eng/index.html')
    source=('http://freefr.dl.sourceforge.net/project/netramon/NTM/ntm-1.x/ntm-1.2.2.deb')
    md5sums=('ec438b8c952ac866ffdaa57538d189b7')
    build() {
    cd "$srcdir"
    # Extracting deb
    msg2 "Extracting .deb ..."
    dpkg-deb -x ntm-*.deb deb
    cd "deb"
    # Installing
    msg2 "Installing..."
    cp -r . "$pkgdir"/
    I can't really test the program as I'm not using NetworkManager.
    Last edited by PyrO_70 (2010-08-20 19:18:24)

  • Cisco WSA : no data found in L4 traffic monitor summary

    Hello !
    Does L4 traffic monitor only display rogue traffic ? Because, I made a packet capture on the T1 interface and i saw that there was a lot of traffic but in the overview, no data was found in the field "L4 Traffic Monitor Summary". Is it normal ? There is a screenshot in enclosed files.
    Thank you,
    Stephane Walker

    UDP ports will not be blocked.
    The L4TM will use the T1 interface to detect traffic to destinations that are on its blacklist.  Once detected, the the data interface on the WSA will send a packet with the TCP reset flag to the client to prevent a TCP connection.
    I have not tested this so someone correct me if I am wrong.  I am answering this based on my understanding of the L4TM feature, and how it works.  Since UDP is connectionless, there is no connection for it to kill.
    Now this makes me wonder about the Monitor feature though.  But I am almost certain it will not block if the action is set to block.
    I'll check this out when I'm in the office and will get back to you.
    -Vance

  • UDP traffic analyzed in L4 traffic monitor?

    Dear all,
    I just wonder if anyone knows whether UDP traffic is analyzed by the WSA's L4 traffic monitor?
    It just tells "all ports" in the settings and reports also only reflect port numbers but no details like
    which protocol (tcp/udp).
    Anyone?
    Best,
    Hascha

    UDP ports will not be blocked.
    The L4TM will use the T1 interface to detect traffic to destinations that are on its blacklist.  Once detected, the the data interface on the WSA will send a packet with the TCP reset flag to the client to prevent a TCP connection.
    I have not tested this so someone correct me if I am wrong.  I am answering this based on my understanding of the L4TM feature, and how it works.  Since UDP is connectionless, there is no connection for it to kill.
    Now this makes me wonder about the Monitor feature though.  But I am almost certain it will not block if the action is set to block.
    I'll check this out when I'm in the office and will get back to you.
    -Vance

  • Traffic monitoring

    I have a Cisco 4507 and would like to start monitoring traffic analysis and must admit Im a beginer so any information would be gratefully received

    Hello,
    you can use netflow traffic monitoring and analyzis. More information about netflow you can read on the cisco pages http://www.cisco.com/go/netflow or in the documentation of our software on the: http://www.caligare.com/netflow/download.php (section appendix 1). If you have more questions regarding netflow let me know...
    Jan
    Caligare Co.
    http://www.caligare.com

  • 24 Hr Network Traffic Monitoring

    Hi Markus,
    I got this 24-hour Network traffic monitoring output using the program you gave me ;)
    I run every hour this > ./network-traffic.sh -c 1
    It will give me 1 line output like this,
    Monitoring eth0 every 3 seconds. (RXbyte total = 1 Gb TXbytes total = 2 Gb)
    RXbytes = 58 Kb TXbytes = 51 Kband I call this program every hour via cron, to produce and output like this:
    27-Oct-2010 00:00:07    RXbytes = 10 Kb TXbytes = 9 Kb
    27-Oct-2010 01:00:07    RXbytes = 11 Kb TXbytes = 9 Kb
    27-Oct-2010 02:00:07    RXbytes = 7 Kb TXbytes = 6 Kb
    27-Oct-2010 03:00:07    RXbytes = 48 Kb TXbytes = 42 Kb
    27-Oct-2010 04:00:07    RXbytes = 448 b TXbytes = 0 b
    27-Oct-2010 05:00:08    RXbytes = 128 b TXbytes = 0 b
    27-Oct-2010 06:00:07    RXbytes = 128 b TXbytes = 0 b
    27-Oct-2010 07:00:08    RXbytes = 256 b TXbytes = 0 b
    27-Oct-2010 08:00:08    RXbytes = 14 Kb TXbytes = 24 Kb
    27-Oct-2010 09:00:07    RXbytes = 11 Kb TXbytes = 10 Kb
    27-Oct-2010 10:00:08    RXbytes = 11 Kb TXbytes = 10 Kb
    27-Oct-2010 11:00:07    RXbytes = 48 Kb TXbytes = 85 Kb
    27-Oct-2010 12:00:08    RXbytes = 9 Kb TXbytes = 8 Kb
    27-Oct-2010 13:00:07    RXbytes = 13 Kb TXbytes = 28 Kb
    27-Oct-2010 14:00:08    RXbytes = 53 Kb TXbytes = 46 Kb
    27-Oct-2010 15:00:08    RXbytes = 13 Kb TXbytes = 20 Kb
    27-Oct-2010 16:00:08    RXbytes = 13 Kb TXbytes = 20 Kb
    27-Oct-2010 17:00:08    RXbytes = 40 Kb TXbytes = 94 Kb
    27-Oct-2010 18:00:07    RXbytes = 13 Kb TXbytes = 30 Kb
    27-Oct-2010 19:00:08    RXbytes = 6 Kb TXbytes = 9 Kb
    27-Oct-2010 20:00:08    RXbytes = 12 Kb TXbytes = 12 Kb
    27-Oct-2010 21:00:08    RXbytes = 15 Kb TXbytes = 40 Kb
    27-Oct-2010 22:00:07    RXbytes = 9 Kb TXbytes = 11 Kb
    27-Oct-2010 23:00:07    RXbytes = 11 Kb TXbytes = 9 KbIs this output data gathering style valid?
    I want to give this report to my boss using spreadsheets, but I want to put comments like :
    1. at what hour is the network busiest?
    2. at what hour is the network the not-busiest?
    How do I sort this output from busiest (descending order)?
    Thanks a lot,
    Ms K

    Hi again markie,
    This is my actual source code of eth0stat.sh:
    # File: eth0stat.sh
    # Purpose: Gather network traffic increase between readings
    # Command: . ./eth0stat.sh
    ifcmd='/sbin/ifconfig eth0'
    timestamp=$(date "+%D %T")
    logfile=/u01/Monitor/eth0stat.txt
    old_rxbytes=$RXBYTES
    old_txbytes=$TXBYTES
    get_rxbytes() {
       $ifcmd | grep "RX bytes" | cut -d: -f2 | awk '{ print $1 }'
    get_txbytes() {
       $ifcmd | grep "TX bytes" | cut -d: -f3 | awk '{ print $1 }'
    RXBYTES=$(get_rxbytes); export RXBYTES
    TXBYTES=$(get_txbytes); export TXBYTES
    if [ $old_rxbytes > 0 ]; then
       diff_rxbytes=$(($RXBYTES - $old_rxbytes))
    else
       diff_rxbytes=0
    fi
    if [ $old_txbytes > 0 ]; then
       diff_txbytes=$(($TXBYTES - $old_txbytes))
    else
       diff_txbytes=0
    fi
    echo "$timestamp,RXbytes:$diff_rxbytes,TXbytes:$diff_txbytes" >> $logfileI created the new program you gave me (eth0stat.sh) and called it from cron every our, but I got this result:
    11/01/10 15:00:07,RXbytes:0,TXbytes:0
    11/01/10 16:00:07,RXbytes:0,TXbytes:0
    11/01/10 17:00:07,RXbytes:0,TXbytes:0
    11/01/10 18:00:07,RXbytes:0,TXbytes:0
    11/01/10 19:00:07,RXbytes:0,TXbytes:0
    11/01/10 20:00:07,RXbytes:0,TXbytes:0
    11/01/10 21:00:07,RXbytes:0,TXbytes:0
    11/01/10 22:00:08,RXbytes:0,TXbytes:0
    11/01/10 23:00:07,RXbytes:0,TXbytes:0
    11/02/10 00:00:07,RXbytes:0,TXbytes:0
    11/02/10 01:00:08,RXbytes:0,TXbytes:0
    11/02/10 02:00:08,RXbytes:0,TXbytes:0
    11/02/10 03:00:07,RXbytes:0,TXbytes:0
    11/02/10 04:00:07,RXbytes:0,TXbytes:0
    11/02/10 05:00:07,RXbytes:0,TXbytes:0
    11/02/10 06:00:08,RXbytes:0,TXbytes:0
    11/02/10 07:00:08,RXbytes:0,TXbytes:0
    11/02/10 08:00:07,RXbytes:0,TXbytes:0
    11/02/10 09:00:08,RXbytes:0,TXbytes:0
    11/02/10 10:00:08,RXbytes:0,TXbytes:0The output has all 0 bytes :( . Is there something I missed out?
    I compared it to the other one I got:
    1-Nov-2010 15:00:07     RXbytes = 10 Kb TXbytes = 9 Kb
    1-Nov-2010 16:00:07     RXbytes = 10 Kb TXbytes = 9 Kb
    1-Nov-2010 17:00:07     RXbytes = 10 Kb TXbytes = 9 Kb
    1-Nov-2010 18:00:07     RXbytes = 10 Kb TXbytes = 9 Kb
    1-Nov-2010 19:00:07     RXbytes = 10 Kb TXbytes = 9 Kb
    1-Nov-2010 20:00:07     RXbytes = 10 Kb TXbytes = 9 Kb
    1-Nov-2010 21:00:07     RXbytes = 10 Kb TXbytes = 9 Kb
    1-Nov-2010 22:00:08     RXbytes = 10 Kb TXbytes = 9 Kb
    1-Nov-2010 23:00:07     RXbytes = 11 Kb TXbytes = 9 Kb
    2-Nov-2010 00:00:07     RXbytes = 10 Kb TXbytes = 9 Kb
    2-Nov-2010 01:00:08     RXbytes = 10 Kb TXbytes = 9 Kb
    2-Nov-2010 02:00:08     RXbytes = 10 Kb TXbytes = 9 Kb
    2-Nov-2010 03:00:07     RXbytes = 7 Kb TXbytes = 6 Kb
    2-Nov-2010 04:00:07     RXbytes = 256 b TXbytes = 0 b
    2-Nov-2010 05:00:07     RXbytes = 320 b TXbytes = 0 b
    2-Nov-2010 06:00:08     RXbytes = 0 b TXbytes = 0 b
    2-Nov-2010 07:00:08     RXbytes = 466 b TXbytes = 0 b
    2-Nov-2010 08:00:07     RXbytes = 1 Mb TXbytes = 19 Mb
    2-Nov-2010 09:00:08     RXbytes = 1 Mb TXbytes = 22 Mb
    2-Nov-2010 10:00:08     RXbytes = 12 Kb TXbytes = 91 KbThe is seem to be movement starting at 8am Nov 2, 2010.
    Please help me debug the eth0stat.sh.
    Thanks again so much

  • Airport Extreme monitoring traffic

    Is there a way that the Airport Extreme can log or show outbound traffic? (ie. see what websites are being accessed from my wifi network)

    The AirPort Extreme base station (AEBS) has no feature for tracking web access.

Maybe you are looking for

  • Logic Pro X.  Right-click not working in the piano-roll editor.  And colour issues.

    I usually use the right mouse-button to open the toolbox under the cursor but this doesn't appear to work within the piano-roll edit window in Pro X.  Is this the same for everyone?  The right-click works in all other windows.  Seems pretty odd. Also

  • Scrolling/mouse wheel improvments (VTE-like) in urxvt

    I like urxvt a lot, but there's one little thing that always annoyed me, especially since I used to use XFCE's terminal which, like (I assume) all VTE-based terminals, behaves differently. Like pretty much all other emulators, urxvt supports using th

  • A great big thank you!

    Hey everyone, I just received the 50th order of the Arch Linux Handbook, a print version of the Beginner's Guide in the wiki.  That's 50 copies in less than a month! I was hoping to sell 20 copies in six months, so I am shocked at the purchases and w

  • Add Music to Photo Album

    How do I add music to a Photo Album in iWeb?

  • File size differences

    Two questions ... 1. I'm getting the following warning ... I think that a TIFF file bigger than 2 gb does not create any quality issue in LR - PS workflow ... correct? It is just related with some third party programs, as the warning box says. 2. Thi