From owner-freebsd-questions@FreeBSD.ORG Thu Sep 9 14:31:39 2004 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id B558016A4CE for ; Thu, 9 Sep 2004 14:31:39 +0000 (GMT) Received: from pearl.ibctech.ca (dev.eagle.ca [209.167.58.10]) by mx1.FreeBSD.org (Postfix) with ESMTP id B5B6443D58 for ; Thu, 9 Sep 2004 14:31:38 +0000 (GMT) (envelope-from iaccounts@ibctech.ca) Received: (qmail 43881 invoked by uid 1002); 9 Sep 2004 14:33:48 -0000 Received: from iaccounts@ibctech.ca by pearl.ibctech.ca by uid 89 with qmail-scanner-1.22 (clamscan: 0.73. spamassassin: 2.64. Clear:RC:1(127.0.0.1):. Processed in 1.431066 secs); 09 Sep 2004 14:33:48 -0000 Received: from unknown (HELO webmail.ibctech.ca) (127.0.0.1) by localhost.ibctech.ca with SMTP; 9 Sep 2004 14:33:46 -0000 Received: from 209.167.16.15 (SquirrelMail authenticated user steve@ibctech.ca); by webmail.ibctech.ca with HTTP; Thu, 9 Sep 2004 10:33:46 -0400 (EDT) Message-ID: <1837.209.167.16.15.1094740426.squirrel@209.167.16.15> In-Reply-To: <4140679D.9020605@etherealconsulting.com> References: <1637.209.167.16.15.1094735851.squirrel@209.167.16.15> <4140679D.9020605@etherealconsulting.com> Date: Thu, 9 Sep 2004 10:33:46 -0400 (EDT) From: "Steve Bertrand" To: "Norm Vilmer" User-Agent: SquirrelMail/1.4.3a X-Mailer: SquirrelMail/1.4.3a MIME-Version: 1.0 Content-Type: text/plain;charset=iso-8859-1 Content-Transfer-Encoding: 8bit X-Priority: 3 (Normal) Importance: Normal cc: questions@freebsd.org Subject: Re: Packet filter statistics X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 09 Sep 2004 14:31:39 -0000 > Steve Bertrand wrote: >> Please bear with me... >> >> I've got a Windows 2000 web server that is spewing out over 2Mbps of >> data which is going out round robin over my 3 T-1 connections. >> Although there is still more throughput available, this is seemingly >> rediculous. >> >> I've got a fortigate box in front of the server now, but the details >> it gives aren't quite what I need. What I'd like to have is a FBSD >> filter (transparent bridge) setup in front of the box, with software >> that can chart for me what type of packets are being sent/rec'd >> to/from this box, as well as each packets frequency and size. Any >> graph would do. >> >> I believe this is legit HTTP traffic, but I can't identify packet >> size >> (or the size of a single entire HTTP session etc). Seeing this in >> graphical form would help me immensely. >> >> Anyone familiar with available software that I could dump on my >> filter >> box that can potentially do something similar like I am looking for? >> >> I was contemplating on asking this on -ipfw, however technically >> it's >> not a direct IPFW question. >> >> Tks everyone for any suggestions. >> >> Steve >> >> _______________________________________________ >> freebsd-questions@freebsd.org mailing list >> http://lists.freebsd.org/mailman/listinfo/freebsd-questions >> To unsubscribe, send any mail to >> "freebsd-questions-unsubscribe@freebsd.org" >> > You may want to check out Ethereal (free packet sniffer) > www.ethereal.com. I have used this successfully on FreeBSD. Also, > FreeBSD has a program called tcpdump that will show packets without > the > added bells and whistles of Ethereal. One note: if you are using level > 2 > or higher switches, the sniffer will not pickup all the traffic coming > out of your Win2k box unless you configure a management port on your > switch or use a hub with both the sniffer box and the server connected > to it. > > Alternatively, you may be able to run Ethereal on you Win2k box.... > > Hope this helps. Thanks for the info...I use ethereal as well as tcpdump quite frequently, but I need something a little different here. I don't need to worry about ``sniffing'' as it's normally used, because the FBSD box will be put right in-line between the affected box and the core network switch, so ALL packets will travel right through the box so I can manipulate every single packet as required. It was suggested (off list unfortuneatly) to check out bandwidthd and ipaudit. I'm going to give bandwidthd a try, as it looks very close to what I want. Tks, STeve > > Norm > > _______________________________________________ > freebsd-questions@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-questions > To unsubscribe, send any mail to > "freebsd-questions-unsubscribe@freebsd.org" >