cory seligman <coryms.luv@gmail.com> writes:
Does anyone know of a simple way of showing which of my machines on my home network is hogging all my data?
netflow is the right answer (as already mentioned). But I'm too stupid and lazy for that, so what I generally do is timeout 5m tcpdump -i wan -w tmp.pcap # on the wrt wireshark -r tmp.pcap # on a bloated GUI desktop[0] Then poke around the Statistics menu, in particular IPv4 endpoints and TCP conversations. Then I have this conversation: "Hey, <flatmate>, why are you talking to Russia so much?" "I'm not." "You are, look." "WTF, that's not me." "Looks like your shitty Windows box is a botnet zombie. Fix it." [0] actually I use tshark -z, but the sentiment is the same.