From owner-freebsd-questions@FreeBSD.ORG Mon Oct 23 09:18:58 2006 Return-Path: X-Original-To: freebsd-questions@freebsd.org Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id BEB2E16A5D7 for ; Mon, 23 Oct 2006 09:18:58 +0000 (UTC) (envelope-from spap13@googlemail.com) Received: from nf-out-0910.google.com (nf-out-0910.google.com [64.233.182.185]) by mx1.FreeBSD.org (Postfix) with ESMTP id 0A65543D55 for ; Mon, 23 Oct 2006 09:18:57 +0000 (GMT) (envelope-from spap13@googlemail.com) Received: by nf-out-0910.google.com with SMTP id p77so2440218nfc for ; Mon, 23 Oct 2006 02:18:56 -0700 (PDT) DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws; s=beta; d=googlemail.com; h=received:message-id:date:from:to:subject:cc:in-reply-to:mime-version:content-type:references; b=LzpTeoUc4IJCUIKF8/upWSNRGLcn+YbDCXOaRkJayaiIXiYw2pQdkb8BTzPPgOVYX2UIA3bovCZoapYxoFBFsw11+mIPqJ/A6JjMuM9UUoSkS6usi1nIpzX9XaNEV6RA71xfUGgOnkve3U9mW2PZbOELiEWPngZXDfgY72hc0xo= Received: by 10.49.93.13 with SMTP id v13mr14136995nfl; Mon, 23 Oct 2006 02:18:56 -0700 (PDT) Received: by 10.48.12.1 with HTTP; Mon, 23 Oct 2006 02:18:56 -0700 (PDT) Message-ID: Date: Mon, 23 Oct 2006 10:18:56 +0100 From: "Spiros Papadopoulos" To: msoulier@digitaltorque.ca In-Reply-To: <20061021141934.GP31580@tigger.digitaltorque.ca> MIME-Version: 1.0 References: <20061021141934.GP31580@tigger.digitaltorque.ca> Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Content-Disposition: inline X-Content-Filtered-By: Mailman/MimeDel 2.1.5 Cc: freebsd mailing list Subject: Re: traffic analysis tools X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 23 Oct 2006 09:18:58 -0000 Hi there On 21/10/06, Michael P. Soulier wrote: > > Hey people, > > I'd like something to look at traffic use through my gateway, so I know > how > much of my upload bandwidth and download bandwidth is in use at any time. > Ideally it'll tell me from where, so I can look at internal abusers, or > get an > idea of where hits are coming from. Is your gateway running FreeBSD? If yes why don't you try to run TCPDUMP on it? Off the top of my head, I can think of two tools. > > 1. ntop - great web interface, but I've found it unstable > 2. iptraf - good curses interface, but I'm looking for trend monitoring > 3. mrtg - as I'm running snmp, so I could just monitor it from a desktop > running mrtg... > > Any other suggestions? Take a look to Ettercap/Etterlog. It can capture packets in switched LANs, remotely and can be combined with other tools such as TCPDUMP or Ethereal and BPF filters. RTFM. I need to advice that you use such tools tenderly. There is a large variety of packet capturing tools out there, check: http://www.caida.org/tools > Thanks, > Mike > -- > Michael P. Soulier > "Any intelligent fool can make things bigger and more complex... It > takes a touch of genius - and a lot of courage to move in the opposite > direction." --Albert Einstein Regards Spiros