Date: Wed, 02 Jun 1999 15:06:30 +0100 From: Stuart Henderson <stuart@eclipse.net.uk> To: Rowan Crowe <rowan@sensation.net.au> Cc: freebsd-isp@FreeBSD.ORG Subject: Re: monitoring at the packet level Message-ID: <37553A66.2D1F0502@eclipse.net.uk> References: <Pine.BSF.4.01.9906022024580.2604-100000@velvet.sensation.net.au>
next in thread | previous in thread | raw e-mail | index | archive | help
> I am currently working on a monitoring system which does more > than simple byte counting, it instead monitors connections. Output > can be sorted by most popular source host, most popular destination > host, most popular source port, most popular destination port. If you're on a shared ethernet (non-switched) then the easiest way at the moment is probably to use a separate machine to do the monitoring, running in promiscuous mode to watch all the traffic? There was a network analyser program distributed as a dd image based on FreeBSD mentioned in a FreeBSD list or newsgroup a year or two ago, I can't find a copy at the moment, maybe someone else remembers it? (btw I think the way to be most easily portable to other OS is to use libpcap - man pcap should be at least a bit informative :) man ipfw on 3.2-release has this to say about tee sockets: "This feature is not yet implemeted." You might be able to use a normal (non-tee) divert socket and a modified copy of natd to do what you are thinking of...presumably without translation rules, just extract whatever information you need from the packet and forward it onwards. HTH Stuart To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?37553A66.2D1F0502>