From owner-freebsd-questions@FreeBSD.ORG Thu Sep 9 13:15:23 2004 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 977F516A4CE for ; Thu, 9 Sep 2004 13:15:23 +0000 (GMT) Received: from pearl.ibctech.ca (dev.eagle.ca [209.167.58.10]) by mx1.FreeBSD.org (Postfix) with ESMTP id 8316A43D41 for ; Thu, 9 Sep 2004 13:15:22 +0000 (GMT) (envelope-from iaccounts@ibctech.ca) Received: (qmail 33012 invoked by uid 1002); 9 Sep 2004 13:17:33 -0000 Received: from iaccounts@ibctech.ca by pearl.ibctech.ca by uid 89 with qmail-scanner-1.22 (clamscan: 0.73. spamassassin: 2.64. Clear:RC:1(127.0.0.1):. Processed in 1.420097 secs); 09 Sep 2004 13:17:33 -0000 Received: from unknown (HELO webmail.ibctech.ca) (127.0.0.1) by localhost.ibctech.ca with SMTP; 9 Sep 2004 13:17:31 -0000 Received: from 209.167.16.15 (SquirrelMail authenticated user steve@ibctech.ca); by webmail.ibctech.ca with HTTP; Thu, 9 Sep 2004 09:17:31 -0400 (EDT) Message-ID: <1637.209.167.16.15.1094735851.squirrel@209.167.16.15> Date: Thu, 9 Sep 2004 09:17:31 -0400 (EDT) From: "Steve Bertrand" To: questions@freebsd.org User-Agent: SquirrelMail/1.4.3a X-Mailer: SquirrelMail/1.4.3a MIME-Version: 1.0 Content-Type: text/plain;charset=iso-8859-1 Content-Transfer-Encoding: 8bit X-Priority: 3 (Normal) Importance: Normal Subject: Packet filter statistics X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 09 Sep 2004 13:15:23 -0000 Please bear with me... I've got a Windows 2000 web server that is spewing out over 2Mbps of data which is going out round robin over my 3 T-1 connections. Although there is still more throughput available, this is seemingly rediculous. I've got a fortigate box in front of the server now, but the details it gives aren't quite what I need. What I'd like to have is a FBSD filter (transparent bridge) setup in front of the box, with software that can chart for me what type of packets are being sent/rec'd to/from this box, as well as each packets frequency and size. Any graph would do. I believe this is legit HTTP traffic, but I can't identify packet size (or the size of a single entire HTTP session etc). Seeing this in graphical form would help me immensely. Anyone familiar with available software that I could dump on my filter box that can potentially do something similar like I am looking for? I was contemplating on asking this on -ipfw, however technically it's not a direct IPFW question. Tks everyone for any suggestions. Steve