From owner-freebsd-questions@FreeBSD.ORG Sat Jan 3 06:10:34 2009 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 8F1731065670 for ; Sat, 3 Jan 2009 06:10:34 +0000 (UTC) (envelope-from dkelly@hiwaay.net) Received: from smtp.knology.net (smtp.knology.net [24.214.63.101]) by mx1.freebsd.org (Postfix) with ESMTP id 4485F8FC1E for ; Sat, 3 Jan 2009 06:10:34 +0000 (UTC) (envelope-from dkelly@hiwaay.net) Received: (qmail 18150 invoked by uid 0); 3 Jan 2009 05:43:52 -0000 Received: from unknown (HELO ?10.0.0.187?) (75.76.211.79) by smtp2.knology.net with SMTP; 3 Jan 2009 05:43:52 -0000 In-Reply-To: References: Mime-Version: 1.0 (Apple Message framework v753.1) Content-Type: text/plain; charset=ISO-8859-1; delsp=yes; format=flowed Message-Id: Content-Transfer-Encoding: quoted-printable From: David Kelly Date: Fri, 2 Jan 2009 23:44:08 -0600 To: =?ISO-8859-1?Q?Sd=E4vtaker?= X-Mailer: Apple Mail (2.753.1) Cc: freebsd-questions@freebsd.org Subject: Re: Tool for traffic measure? X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list Reply-To: questions@freebsd.org List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 03 Jan 2009 06:10:34 -0000 On Jan 2, 2009, at 11:21 PM, Sd=E4vtaker wrote: > Hello, > I got a subnet with 5 machines and a cablemodem who provides 5 =20 > public ips > All is conected to a switch. > One of the machines is not ours and we want to check it is not > abuseing our internet link, so we want to know if there is any way to > monitor bandwich usage from one of the other machines in the subnet > with no need to modify the foreing machine config. Something like use > tcpdump in promiscuos mode or something like that, we doesnt matter > the content, we just need a bandwich conssumption meassure. > Thanks for any ideas. Buy a smarter switch and do the traffic counts in the switch. As things stand the switch is isolating all 5 machines from each =20 other, none hear what the others have to say to the cable modem, so =20 there is no way you can sniff the other's traffic. If instead of a switch you had a dumb hub then all machines would =20 hear what all the other machines were saying to each other and the =20 cable modem. Is very hard to buy a dumb hub these days. Is easier to =20 buy a smarter switch. A configurable smart switch can deliver the =20 questionable machine's traffic to both the cable modem and to one of =20 your machines but there is no point unless you want/need to see the =20 contents of the packets. A switch that smart should also be able to =20 count packets and tally total byte counts. If I understand correctly =20 that is all you want. -- David Kelly N4HHE, dkelly@HiWAAY.net =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D Whom computers would destroy, they must first drive mad.