From owner-freebsd-questions@FreeBSD.ORG  Sat Sep  3 19:45:30 2005
Return-Path: <owner-freebsd-questions@FreeBSD.ORG>
X-Original-To: freebsd-questions@freebsd.org
Delivered-To: freebsd-questions@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id F190016A41F
	for <freebsd-questions@freebsd.org>;
	Sat,  3 Sep 2005 19:45:30 +0000 (GMT)
	(envelope-from norgaard@locolomo.org)
Received: from strange.daemonsecurity.com (62-14-216-204.inversas.jazztel.es
	[62.14.216.204])
	by mx1.FreeBSD.org (Postfix) with ESMTP id 6835043D45
	for <freebsd-questions@freebsd.org>;
	Sat,  3 Sep 2005 19:45:29 +0000 (GMT)
	(envelope-from norgaard@locolomo.org)
Received: from [192.168.0.16] (unknown [192.168.0.16])
	by strange.daemonsecurity.com (Postfix) with ESMTP id BF1442E03C;
	Sat,  3 Sep 2005 21:45:26 +0200 (CEST)
Message-ID: <4319FD49.8040206@locolomo.org>
Date: Sat, 03 Sep 2005 21:45:13 +0200
From: =?ISO-8859-1?Q?Erik_N=F8rgaard?= <norgaard@locolomo.org>
Organization: Locolomo.ORG
User-Agent: Mozilla Thunderbird 1.0.2 (X11/20050529)
X-Accept-Language: en-us, en
MIME-Version: 1.0
To: Chris <chris@childeric.freeserve.co.uk>
References: <4318D9E4.1000808@childeric.freeserve.co.uk>
In-Reply-To: <4318D9E4.1000808@childeric.freeserve.co.uk>
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit
Cc: freebsd-questions@freebsd.org
Subject: Re: network tools
X-BeenThere: freebsd-questions@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: User questions <freebsd-questions.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>, 
	<mailto:freebsd-questions-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-questions>
List-Post: <mailto:freebsd-questions@freebsd.org>
List-Help: <mailto:freebsd-questions-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>, 
	<mailto:freebsd-questions-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Sat, 03 Sep 2005 19:45:31 -0000

Chris wrote:
> Why don't the numbers support the experience? We have 1Mb/s download and 
> 128K upload (telewest cable). In theory even between us we weren't using 
> all the bandwidth.
> 
> If I put a FreeBSD NAT/router box between the cable modem and the LAN 
> what console based tools should I put on it to examine what's happening?

You want:

snort for packet sniffing and analysis
nmap for scanning your network to see if someone is running wierd apps.

You may want to configure your firewall with pf and queuing so limewire 
etc doesn't eat it all up. With pf, you can also monitor the state 
table, and you can also log suspicious traffic or traffic that causes 
problems. You need to use tcpdump to read the logfile.

IIRC, ethereal is a server/client program where the server runs on the 
trusted host where you want to monitor the traffic. It is good for 
getting the big picture of what is going on. Also, take a look at 
nagios. I have to say that I haven't used ethereal or nagios at all.

Cheers, Erik
-- 
Ph: +34.666334818                           web: http://www.locolomo.org
S/MIME Certificate: http://www.locolomo.org/crt/2004071206.crt
Subject ID:  A9:76:7A:ED:06:95:2B:8D:48:97:CE:F2:3F:42:C8:F2:22:DE:4C:B9
Fingerprint: 4A:E8:63:38:46:F6:9A:5D:B4:DC:29:41:3F:62:D3:0A:73:25:67:C2