From owner-freebsd-isp@FreeBSD.ORG Tue Oct 24 00:53:06 2006 Return-Path: X-Original-To: freebsd-isp@freebsd.org Delivered-To: freebsd-isp@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 1667E16A403 for ; Tue, 24 Oct 2006 00:53:06 +0000 (UTC) (envelope-from fbsd-isp@mawer.org) Received: from mail-ihug.icp-qv1-irony2.iinet.net.au (ihug-mail.icp-qv1-irony2.iinet.net.au [203.59.1.196]) by mx1.FreeBSD.org (Postfix) with ESMTP id 1BAB943D49 for ; Tue, 24 Oct 2006 00:53:04 +0000 (GMT) (envelope-from fbsd-isp@mawer.org) Received: from 203-206-173-235.perm.iinet.net.au (HELO [127.0.0.1]) ([203.206.173.235]) by mail-ihug.icp-qv1-irony2.iinet.net.au with ESMTP; 24 Oct 2006 08:32:08 +0800 X-IronPort-Anti-Spam-Filtered: true X-IronPort-Anti-Spam-Result: AgAAAAMBPUXLzq3r/2dsb2JhbAAN X-IronPort-AV: i="4.09,344,1157299200"; d="scan'208"; a="693280930:sNHT5874270568" Message-ID: <453D5EBE.1050306@mawer.org> Date: Tue, 24 Oct 2006 10:30:54 +1000 From: Antony Mawer User-Agent: Thunderbird 1.5.0.7 (Windows/20060909) MIME-Version: 1.0 To: ee@uncanny.net References: <20061024000805.GA12810@uncanny.net> In-Reply-To: <20061024000805.GA12810@uncanny.net> Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Cc: freebsd-isp@freebsd.org Subject: Re: Internet Link Detective Audit X-BeenThere: freebsd-isp@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Internet Services Providers List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 24 Oct 2006 00:53:06 -0000 On 24/10/2006 10:08 AM, Edward Elhauge wrote: > I'm hoping someone on this list can steer me in the right direction > towards figuring out what is going on with my internet link. (Or rather > the tools to figure it out on my own). > ... > > What I'd like is a tool running on FreeBSD that will sort IP traffic > coming across my Internet interface by: > SRC IP, PROTOCOL and PORT > DEST IP, PROTOCOL and PORT > then give me total KBs passed in that interval. I was recently in a similar situation and went looking for a similar tool, and came across "darkstat" in the ports collection: http://www.freshports.org/net-mgmt/darkstat While I did find it a bit rough around the edges in terms of some of its data display, it gave me a way to monitor and visualise my traffic flows and identify the large offenders... In my case it turned out an OS X machine was set to automatically download system updates, but because no one had applied them yet, it was re-downloading them every day... :-) Hope it helps! -- Antony