Date: Thu, 14 Dec 2000 21:42:28 +0100 From: Cliff Sarginson <cliff@raggedclown.net> To: Matt Schlosser <mschlosser@eschelon.com> Cc: "'Joe Oliveiro'" <joe@advancewebhosting.com>, "'freebsd-questions@freebsd.org'" <freebsd-questions@freebsd.org> Subject: Re: Bandwidth Monitoring Message-ID: <20001214214228.B3379@buffy.local> In-Reply-To: <C1781C38F13DA040848FEFAD07311B105ECE46@walleye.corp.fishnet.com>; from mschlosser@eschelon.com on Thu, Dec 14, 2000 at 01:48:08PM -0600 References: <C1781C38F13DA040848FEFAD07311B105ECE46@walleye.corp.fishnet.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On Thu, Dec 14, 2000 at 01:48:08PM -0600, Matt Schlosser wrote: > You can set up tcpdump to dump all the packet headers into a big log file > that is rotated when it is certain size, then have a parser chew through the > log files as they rotate and create the reports. > > As far as generating the graphs, you'll have to get someone else, but you > can write a perl script to easily tear through the logs to get a final value > if you have the horsepower on the computer. > > We did this at a place I used to work, but instead of tracking bandwidth, > we'd watch for exploit attempts on other machines and then trigger a grep on > the tcpdump logs that pulled out all the traffic for the exploit attempt. > The machine was freeBSD 3.4 with 233mhz pII, 64 megs of ram and a 4 gig HD. > Nothing running on it except sshd, tcpdump, and ipfw. Oh, and a big sandbox > behind port 23 that we all re-created binaries for that did nothing except > print phoney output to the screen. wanna do an ls? you always get the same > output. cd /wherever worked but didn't put you there, instead pwd would > spit back whatever you put into cd it was a lot of fun to build, and I Mmm.. I know this trick, a spoof ps is also a good one ! > think it's still running. > > --- > Matthew Schlosser > Systems Administrator > Eschelon Telecom, Inc. > > Phone: 612/436-6045 > E-Mail: mschlosser@eschelon.com > General Help or Questions: sysadmin@eschelon.com > > > -----Original Message----- > From: owner-freebsd-questions@FreeBSD.ORG > [mailto:owner-freebsd-questions@FreeBSD.ORG]On Behalf Of Joe Oliveiro > Sent: Thursday, December 14, 2000 1:36 PM > To: freebsd-questions@FreeBSD.ORG > Subject: Bandwidth Monitoring > > > > I have a 3com switch which is broadcasting all network traffic to the port > that my computer is plugged into, so i can see all network traffic. > > i have multiple class C's which are in use by computers on the > network. Most of these computers are not running SNMPD. I would like to > create a bandwidth usage graph per IP on the network, so each IP address > will have its own graph. > > These graphs cant be done via mrtg since not every computer has the SNMPD > running and the task of installing it is not possible. Is there a program > which will sniff/sample network traffic and create this graph that i am > looking for? > > IE: sample/sniff traffic to/from an IP address and create a graph based on > this information? > > > > > Microsoft: "Where would you like to go to today" > Linux: "Where would you like to go tomorrow" > FreeBSD: "Hey,when are you guys going to catch up" > > > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-questions" in the body of the message > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-questions" in the body of the message To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20001214214228.B3379>