From owner-freebsd-questions Thu Dec 14 12:42:38 2000 From owner-freebsd-questions@FreeBSD.ORG Thu Dec 14 12:42:35 2000 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from post.mail.nl.demon.net (post-11.mail.nl.demon.net [194.159.73.21]) by hub.freebsd.org (Postfix) with ESMTP id CD4FA37B400 for ; Thu, 14 Dec 2000 12:42:34 -0800 (PST) Received: from [212.238.77.116] (helo=buffy.raggedclown) by post.mail.nl.demon.net with smtp (Exim 3.14 #4) id 146fCx-0002RC-00; Thu, 14 Dec 2000 20:42:31 +0000 Received: (from cliff@localhost) by buffy.raggedclown (8.10.2/8.10.2) id eBEKgSF03428; Thu, 14 Dec 2000 21:42:28 +0100 Date: Thu, 14 Dec 2000 21:42:28 +0100 From: Cliff Sarginson To: Matt Schlosser Cc: "'Joe Oliveiro'" , "'freebsd-questions@freebsd.org'" Subject: Re: Bandwidth Monitoring Message-ID: <20001214214228.B3379@buffy.local> References: Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.2.5i In-Reply-To: ; from mschlosser@eschelon.com on Thu, Dec 14, 2000 at 01:48:08PM -0600 Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG On Thu, Dec 14, 2000 at 01:48:08PM -0600, Matt Schlosser wrote: > You can set up tcpdump to dump all the packet headers into a big log file > that is rotated when it is certain size, then have a parser chew through the > log files as they rotate and create the reports. > > As far as generating the graphs, you'll have to get someone else, but you > can write a perl script to easily tear through the logs to get a final value > if you have the horsepower on the computer. > > We did this at a place I used to work, but instead of tracking bandwidth, > we'd watch for exploit attempts on other machines and then trigger a grep on > the tcpdump logs that pulled out all the traffic for the exploit attempt. > The machine was freeBSD 3.4 with 233mhz pII, 64 megs of ram and a 4 gig HD. > Nothing running on it except sshd, tcpdump, and ipfw. Oh, and a big sandbox > behind port 23 that we all re-created binaries for that did nothing except > print phoney output to the screen. wanna do an ls? you always get the same > output. cd /wherever worked but didn't put you there, instead pwd would > spit back whatever you put into cd it was a lot of fun to build, and I Mmm.. I know this trick, a spoof ps is also a good one ! > think it's still running. > > --- > Matthew Schlosser > Systems Administrator > Eschelon Telecom, Inc. > > Phone: 612/436-6045 > E-Mail: mschlosser@eschelon.com > General Help or Questions: sysadmin@eschelon.com > > > -----Original Message----- > From: owner-freebsd-questions@FreeBSD.ORG > [mailto:owner-freebsd-questions@FreeBSD.ORG]On Behalf Of Joe Oliveiro > Sent: Thursday, December 14, 2000 1:36 PM > To: freebsd-questions@FreeBSD.ORG > Subject: Bandwidth Monitoring > > > > I have a 3com switch which is broadcasting all network traffic to the port > that my computer is plugged into, so i can see all network traffic. > > i have multiple class C's which are in use by computers on the > network. Most of these computers are not running SNMPD. I would like to > create a bandwidth usage graph per IP on the network, so each IP address > will have its own graph. > > These graphs cant be done via mrtg since not every computer has the SNMPD > running and the task of installing it is not possible. Is there a program > which will sniff/sample network traffic and create this graph that i am > looking for? > > IE: sample/sniff traffic to/from an IP address and create a graph based on > this information? > > > > > Microsoft: "Where would you like to go to today" > Linux: "Where would you like to go tomorrow" > FreeBSD: "Hey,when are you guys going to catch up" > > > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-questions" in the body of the message > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-questions" in the body of the message To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message