From owner-freebsd-questions Thu Dec 14 12:30:17 2000 From owner-freebsd-questions@FreeBSD.ORG Thu Dec 14 12:30:09 2000 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from sunny.fishnet.com (sunny.fishnet.com [209.150.200.6]) by hub.freebsd.org (Postfix) with ESMTP id EA7B837B400 for ; Thu, 14 Dec 2000 12:30:04 -0800 (PST) Received: from walleye.corp.fishnet.com (209.150.192.114) by sunny.fishnet.com (5.0.048) id 39FECC32004B59BC; Thu, 14 Dec 2000 13:47:13 -0600 Message-ID: From: Matt Schlosser To: 'Joe Oliveiro' Cc: "'freebsd-questions@freebsd.org'" Subject: RE: Bandwidth Monitoring Date: Thu, 14 Dec 2000 13:48:08 -0600 MIME-Version: 1.0 Content-Type: text/plain Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG You can set up tcpdump to dump all the packet headers into a big log file that is rotated when it is certain size, then have a parser chew through the log files as they rotate and create the reports. As far as generating the graphs, you'll have to get someone else, but you can write a perl script to easily tear through the logs to get a final value if you have the horsepower on the computer. We did this at a place I used to work, but instead of tracking bandwidth, we'd watch for exploit attempts on other machines and then trigger a grep on the tcpdump logs that pulled out all the traffic for the exploit attempt. The machine was freeBSD 3.4 with 233mhz pII, 64 megs of ram and a 4 gig HD. Nothing running on it except sshd, tcpdump, and ipfw. Oh, and a big sandbox behind port 23 that we all re-created binaries for that did nothing except print phoney output to the screen. wanna do an ls? you always get the same output. cd /wherever worked but didn't put you there, instead pwd would spit back whatever you put into cd it was a lot of fun to build, and I think it's still running. --- Matthew Schlosser Systems Administrator Eschelon Telecom, Inc. Phone: 612/436-6045 E-Mail: mschlosser@eschelon.com General Help or Questions: sysadmin@eschelon.com -----Original Message----- From: owner-freebsd-questions@FreeBSD.ORG [mailto:owner-freebsd-questions@FreeBSD.ORG]On Behalf Of Joe Oliveiro Sent: Thursday, December 14, 2000 1:36 PM To: freebsd-questions@FreeBSD.ORG Subject: Bandwidth Monitoring I have a 3com switch which is broadcasting all network traffic to the port that my computer is plugged into, so i can see all network traffic. i have multiple class C's which are in use by computers on the network. Most of these computers are not running SNMPD. I would like to create a bandwidth usage graph per IP on the network, so each IP address will have its own graph. These graphs cant be done via mrtg since not every computer has the SNMPD running and the task of installing it is not possible. Is there a program which will sniff/sample network traffic and create this graph that i am looking for? IE: sample/sniff traffic to/from an IP address and create a graph based on this information? Microsoft: "Where would you like to go to today" Linux: "Where would you like to go tomorrow" FreeBSD: "Hey,when are you guys going to catch up" To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message