Date: Fri, 20 Oct 2006 11:03:08 -0700 From: "Kurt Buff" <kurt.buff@gmail.com> To: "Zbigniew Szalbot" <zbyszek@szalbot.homedns.org> Cc: freebsd-questions@freebsd.org Subject: Re: monitoring lan->wan Message-ID: <a9f4a3860610201103v679fd16fp769b7e76c4404417@mail.gmail.com> In-Reply-To: <20061020164010.U62717@192.168.11.51> References: <20061020164010.U62717@192.168.11.51>
next in thread | previous in thread | raw e-mail | index | archive | help
On 10/20/06, Zbigniew Szalbot <zbyszek@szalbot.homedns.org> wrote: > Hello, > > Is there anything you would *recommend* re monitoring internet usage (LAN > to WAN), something that is available in ports? This would have to be > something that would allow me to tie it with a router as my FBSD is not a > gateway. This function is handled by our Dlink DFL router. > > Many thanks in advance! > > -- > Zbigniew Szalbot That really depends on the functionality of your router (and I'm not familiar with it, so can't comment on it), the configuration of your internal network and what you mean by 'monitoring internet usage'.. Do you only need to show aggregate traffic flow, to monitor total usage over time? If so, and if the router is SNMP-capable, then cacti (or mrtg, but it's not my preference) or some other some other utility that can get and graph SNMP stats will do what you want. If you wish to characterize the traffic to and from the Internet by protocol and/or user, then you'll have to do something more than simply using SNMP to monitor throughput on the router. In that case, you'll need to have your FreeBSD box actually parse the traffic, or get a netflow from the router (assuming that it can do that.) and ntop is a good start for the software you want, or perhaps etherape. Assuming that netflow isn't available from the router (and I think that's a fairly safe bet) the trick will be making sure that your FreeBSD box will see the traffic, and for that you'll need something like one of the following setups: 1) Put the router and your box on a dumb hub (not a switch) so that all of the traffic going to the router is visible to your box or 2) Have the router (again, assuming it's a multiport router, and capable of this, which is quite doubtful) mirror the traffic to a port to which your box is attached, or 3) Install two NICs in your box and have your router and your box attached to a switch that can mirror all of the traffic to the router - the first NIC will only receive traffic from the switch, the second NIC will have an IP address and be available for monitoring the box, including output from ntop or etherape. or 4) More tricky still, install two NICs in your box and have it act as a transparent bridge between your network and your router. I'm not familiar with this kind of setup, though I like the idea, and will be playing with it in my copious free time. :) or 5) Get a network tap cable, which is essentially a three-headed patch cable that provides receive-only wires for the third head, and that receive-only head is put into a second NIC on your box. Kurt
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?a9f4a3860610201103v679fd16fp769b7e76c4404417>