From owner-freebsd-net@FreeBSD.ORG Thu Dec 7 00:53:40 2006 Return-Path: X-Original-To: freebsd-net@freebsd.org Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id 98F8616A4D0 for ; Thu, 7 Dec 2006 00:53:40 +0000 (UTC) (envelope-from prvs=jelischer=489c5c408@ironport.com) Received: from a50.ironport.com (a50.ironport.com [63.251.108.112]) by mx1.FreeBSD.org (Postfix) with ESMTP id BE2CD43CC5 for ; Thu, 7 Dec 2006 00:52:48 +0000 (GMT) (envelope-from prvs=jelischer=489c5c408@ironport.com) DomainKey-Signature: s=key512; d=ironport.com; c=nofws; q=dns; b=jKSNfDYBnWyP62tHEOw19fiEtkj/bxf/wEtu3e+i/WU0nTg9z8sdpTf/DGtLc9veT52w3uJj2pInGSRth9w63Q==; Received: from unknown (HELO [10.251.18.229]) ([10.251.18.229]) by a50.ironport.com with ESMTP; 06 Dec 2006 16:53:35 -0800 Message-ID: <4577660D.9070105@ironport.com> Date: Wed, 06 Dec 2006 16:53:33 -0800 From: Julian Elischer User-Agent: Thunderbird 1.5.0.8 (Macintosh/20061025) MIME-Version: 1.0 To: Benjamin D Adams References: <6199c3dc0612050848g16a0911dga145485ba14bf21f@mail.gmail.com> <200612060313.23621.josh@tcbug.org> <4576EB9D.2040300@elischer.org> <200612061153.26040.josh@tcbug.org> <200612061908.MAA15281@lariat.net> <1165450708.1055.9.camel@testing.freebsdworld.net> <45775F64.9060501@ironport.com> <1165451378.1055.11.camel@testing.freebsdworld.net> In-Reply-To: <1165451378.1055.11.camel@testing.freebsdworld.net> Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Cc: Brett Glass , freebsd-net@freebsd.org, Josh Paetzel Subject: Re: Bandwidth Monitoring program X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 07 Dec 2006 00:53:40 -0000 Benjamin D Adams wrote: > On Wed, 2006-12-06 at 16:25 -0800, Julian Elischer wrote: > >> Benjamin D Adams wrote: >> >>> What my network looks like: >>> NET >>> | >>> NAT/FIREWALL(2.1.24.34) >>> | >>> /-----[ HUB ]----\ <---- put a cheap hub here >>> | | | >>> 2.1.24.35 2.1.24.36 2.1.24.37 >>> >>> >> if you place a cheap 100Mb hub in the location shown, then >> you should be able to look at all traffic that is headed to the firewall >> by listenning on .35 >> > > Yes there is a SWITCH there, do you mean listen to port 35? would I do > a packet sniffer on 2.1.24.34 just port 35? > go buy a $39.99 hub at your local electronics store (make sure it is a hub) put it in the location shown (see changed diagramm above). listen on 2.1.24.35 using promiscuous mode.. even better, if you have 2 ethernet ports on your PC: [internet] | [Firewall] | /-------[HUB] | | | [current switch]-------\ | | | | | | | | | | | | [ 2.1.24.35] [x.x.x.x.x] [y.y.y.y.y] set -arp , promisc and no address on the listenning port, and you can listen on only traffic going to the firewall. OR you may just make a TAP (only works for 10Mb/s and 100Mb/sec) by following the instructions at: http://www.sun.com/bigadmin/content/submitted/passive_ethernet_tap.html and put it where the hub is above. julian >> >> >> >>> There is no DHCP, I don't think it is possablie to do this but I want to >>> install a bandwidth monitoring program on 2.1.24.35. That will monitor >>> all traffic going through 2.1.24.34. I installed bandwidthd but it's >>> only local traffic I can't get all traffic through 2.1.24.34. I think I >>> need to but a middle man between NET and 2.1.24.34. I don't have any >>> more ips to use. 2.1.24.34 is a firewall like netgear, linksys, etc >>> setup with NAT. >>> >>> What I see is I need to replace the NAT with something where I have a >>> shell. I don't think it is possible with the current setup, but figured >>> I would ask. Thanks for any help. >>> >>> Ben Adams >>> >>> \eebsd.org" >>>