From owner-freebsd-questions@FreeBSD.ORG Thu Sep 9 14:24:29 2004 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 7860016A4CE for ; Thu, 9 Sep 2004 14:24:29 +0000 (GMT) Received: from advmail.lsn.net (advmail.lsn.net [66.90.138.148]) by mx1.FreeBSD.org (Postfix) with ESMTP id 03B4343D5E for ; Thu, 9 Sep 2004 14:24:29 +0000 (GMT) (envelope-from norm@etherealconsulting.com) Received: from etherealconsulting.com (24-155-40-125.ip.grandenetworks.net [24.155.40.125]) by advmail.lsn.net (8.12.8/8.12.4) with ESMTP id i89EOS0A023269; Thu, 9 Sep 2004 09:24:30 -0500 Message-ID: <4140679D.9020605@etherealconsulting.com> Date: Thu, 09 Sep 2004 09:24:29 -0500 From: Norm Vilmer User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.6) Gecko/20040113 X-Accept-Language: en-us, en MIME-Version: 1.0 To: Steve Bertrand References: <1637.209.167.16.15.1094735851.squirrel@209.167.16.15> In-Reply-To: <1637.209.167.16.15.1094735851.squirrel@209.167.16.15> Content-Type: text/plain; charset=us-ascii; format=flowed Content-Transfer-Encoding: 7bit X-AntiVirus: checked by Vexira Milter 1.0.6; VAE 6.27.0.6; VDF 6.27.0.53 cc: questions@freebsd.org Subject: Re: Packet filter statistics X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 09 Sep 2004 14:24:29 -0000 Steve Bertrand wrote: > Please bear with me... > > I've got a Windows 2000 web server that is spewing out over 2Mbps of > data which is going out round robin over my 3 T-1 connections. > Although there is still more throughput available, this is seemingly > rediculous. > > I've got a fortigate box in front of the server now, but the details > it gives aren't quite what I need. What I'd like to have is a FBSD > filter (transparent bridge) setup in front of the box, with software > that can chart for me what type of packets are being sent/rec'd > to/from this box, as well as each packets frequency and size. Any > graph would do. > > I believe this is legit HTTP traffic, but I can't identify packet size > (or the size of a single entire HTTP session etc). Seeing this in > graphical form would help me immensely. > > Anyone familiar with available software that I could dump on my filter > box that can potentially do something similar like I am looking for? > > I was contemplating on asking this on -ipfw, however technically it's > not a direct IPFW question. > > Tks everyone for any suggestions. > > Steve > > _______________________________________________ > freebsd-questions@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-questions > To unsubscribe, send any mail to "freebsd-questions-unsubscribe@freebsd.org" > You may want to check out Ethereal (free packet sniffer) www.ethereal.com. I have used this successfully on FreeBSD. Also, FreeBSD has a program called tcpdump that will show packets without the added bells and whistles of Ethereal. One note: if you are using level 2 or higher switches, the sniffer will not pickup all the traffic coming out of your Win2k box unless you configure a management port on your switch or use a hub with both the sniffer box and the server connected to it. Alternatively, you may be able to run Ethereal on you Win2k box.... Hope this helps. Norm