From owner-freebsd-isp@FreeBSD.ORG Mon Dec 18 20:55:40 2006 Return-Path: X-Original-To: freebsd-isp@freebsd.org Delivered-To: freebsd-isp@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id ED44E16A412 for ; Mon, 18 Dec 2006 20:55:40 +0000 (UTC) (envelope-from estover@nativenerds.com) Received: from www.nativenerds.com (host-70-0-111-24.midco.net [24.111.0.70]) by mx1.FreeBSD.org (Postfix) with ESMTP id 7CF3343CA2 for ; Mon, 18 Dec 2006 20:55:37 +0000 (GMT) (envelope-from estover@nativenerds.com) Received: from [69.77.198.205] (helo=[192.168.1.89]) by www.nativenerds.com with esmtpsa (TLSv1:AES256-SHA:256) (Exim 4.50) id 1GwOQp-000JZA-NI; Mon, 18 Dec 2006 12:45:52 -0700 Message-ID: <4586F311.8050004@nativenerds.com> Date: Mon, 18 Dec 2006 12:59:13 -0700 From: Ed Stover User-Agent: Thunderbird 1.5.0.7 (X11/20060918) MIME-Version: 1.0 To: Bob Martin References: <20061024000805.GA12810@uncanny.net> <453D5EBE.1050306@mawer.org> <453D67C6.4050402@buckhorn.net> In-Reply-To: <453D67C6.4050402@buckhorn.net> Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit X-Antivirus-Scanner: Scanned with ClamAV. Cc: freebsd-isp@freebsd.org Subject: Re: Internet Link Detective Audit X-BeenThere: freebsd-isp@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Internet Services Providers List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 18 Dec 2006 20:55:41 -0000 Bob Martin wrote: > There is also the old and venerable ntop, in the ports. > > Bob Martin > > Antony Mawer wrote: >> On 24/10/2006 10:08 AM, Edward Elhauge wrote: >> >>> I'm hoping someone on this list can steer me in the right direction >>> towards figuring out what is going on with my internet link. (Or rather >>> the tools to figure it out on my own). >>> >> ... >> >>> >>> What I'd like is a tool running on FreeBSD that will sort IP traffic >>> coming across my Internet interface by: >>> SRC IP, PROTOCOL and PORT >>> DEST IP, PROTOCOL and PORT >>> then give me total KBs passed in that interval. >> >> >> I was recently in a similar situation and went looking for a similar >> tool, and came across "darkstat" in the ports collection: >> >> http://www.freshports.org/net-mgmt/darkstat >> >> While I did find it a bit rough around the edges in terms of some of >> its data display, it gave me a way to monitor and visualise my traffic >> flows and identify the large offenders... >> >> In my case it turned out an OS X machine was set to automatically >> download system updates, but because no one had applied them yet, it >> was re-downloading them every day... :-) >> >> Hope it helps! >> >> -- Antony >> I know this is a old post but no one covered iftop and trafshow . The combination of those two has helped me track bad bandwidth "leaks" for a while now.