I have an Ubuntu server with approximately 20 users who primarily use it for SSH tunneling.
I would like to know if there is any way to determine the amount of data transferred by each user over a specific time period, such as the past week or month.
A good question i found a view answers:
How to measure bandwidth of SSH connection
iftop -i "$iface" -nPf "tcp and port $sport and port $dport"Where
$ifaceis the interface the packets for the ssh connection would be sent/received on, and$sport/$dportthe source and the destination TCP ports. You could refine the filter further by also specifying the source and destination IP addresses.
How much data does SSH typically use?
You should run
tcpdump -ni eth0 -w dump port 22to capture all your packets, thentcpdump -nX -r dumpto view them.
Is there any way to track SSH traffic (bandwidth usage) per user basis?
I would use iptables owner module (perhaps together with other quota/reporting modules).
iptables -A OUTPUT -p tcp --dport 22 -m owner --uid someuser -j ACCEPTAnd then see the output from
iptables -vLto see the amount of packets/bytes passed through this rule, or parse the iptables statistics with some analyzer.
To track data over a specific time period, you may need to periodically reset the statistics and collect the data at regular intervals, such as weekly or monthly.
Redirect the output of iptables -vL to a file for analysis.
iptables -vL > ssh_traffic.txt
Reset the statistics:
iptables -Z reset the statistics for the iptables rule that tracks SSH traffic.
You can also write a bash script and run it with cron or anacron, to execute the script automatically at the desired intervals to collect and analyze the traffic.
There is another option using iptables, conntrack and connmark together, but you'll have to take a look yourself.
