From owner-freebsd-questions@FreeBSD.ORG Fri Oct 27 16:00:48 2006 Return-Path: X-Original-To: freebsd-questions@freebsd.org Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id D56CA16A4AB for ; Fri, 27 Oct 2006 16:00:48 +0000 (UTC) (envelope-from bsd@todoo.biz) Received: from newmail.rmm.fr (newmail.rmm.fr [195.115.46.198]) by mx1.FreeBSD.org (Postfix) with ESMTP id BC0F743D6D for ; Fri, 27 Oct 2006 16:00:46 +0000 (GMT) (envelope-from bsd@todoo.biz) Received: from localhost (localhost [127.0.0.1]) by newmail.rmm.fr (Postfix) with ESMTP id 35A282A36B; Fri, 27 Oct 2006 18:00:43 +0200 (CEST) X-Virus-Scanned: amavisd-new 2.4.3 (20060930) at rmm.fr Received: from newmail.rmm.fr ([127.0.0.1]) by localhost (newmail.rmm.fr [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id V6bqnFOGp4NF; Fri, 27 Oct 2006 18:00:40 +0200 (CEST) Received: from [192.168.254.3] (unknown [192.168.254.3]) (using TLSv1 with cipher AES128-SHA (128/128 bits)) (No client certificate requested) by newmail.rmm.fr (Postfix) with ESMTP id 8E6CC28D78; Fri, 27 Oct 2006 18:00:38 +0200 (CEST) In-Reply-To: <20061021141934.GP31580@tigger.digitaltorque.ca> References: <20061021141934.GP31580@tigger.digitaltorque.ca> Mime-Version: 1.0 (Apple Message framework v752.3) X-Gpgmail-State: !signed Content-Type: text/plain; charset=ISO-8859-1; delsp=yes; format=flowed Message-Id: <4301D1E8-B2A7-49E3-A580-FFFE4B3C512A@todoo.biz> Content-Transfer-Encoding: quoted-printable From: bsd Date: Fri, 27 Oct 2006 18:00:33 +0200 To: Michael P. Soulier X-Mailer: Apple Mail (2.752.3) Cc: Liste FreeBSD Subject: Re: traffic analysis tools X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 27 Oct 2006 16:00:48 -0000 Le 21 oct. 06 =E0 16:19, Michael P. Soulier a =E9crit : > Hey people, > > I'd like something to look at traffic use through my gateway, so I =20 > know how > much of my upload bandwidth and download bandwidth is in use at any =20= > time. This could be donne very easily withe cacti : --> Activate SNMP on your gateway --> Log into cacti --> Select Devices and create a new one corresponding to your gateway --> Select a Host Template of type ucd/net SNMP host --> Add graph template --> Add data query of type "SNMP - interface statistics" This should be very easy. For security purpose reduce the IP range of allowed hosts in the =20 snmpd.conf > Ideally it'll tell me from where, so I can look at internal =20 > abusers, or get an > idea of where hits are coming from. > If your PC's are connected to a switch, activate SNMP and monitor It =20 the same way. Otherwise you'll have to go into deeper configuration of cacti and =20 script the solution to monitor load per IP. Another solution would be to Monitor global bandwith and log into =20 your gateway once you encounter congestion and have a little command =20 like that showing whom the nasty guys are : # netstat -an | less If your gateway is not a FreeBSD - let us know because things could =20 be very different. > Off the top of my head, I can think of two tools. > > 1. ntop - great web interface, but I've found it unstable > 2. iptraf - good curses interface, but I'm looking for trend =20 > monitoring > 3. mrtg - as I'm running snmp, so I could just monitor it from a =20 > desktop > running mrtg... > > Any other suggestions? > > Thanks, > Mike ________________________________________________ =AB?=BB=A5=AB?=BB=A7=AB?=BB=A5=AB?=BB=A7=AB?=BB=A5=AB?=BB=A7=AB?=BB=A5=AB?= =BB=A7=AB?=BB=A5=AB?=BB=A7=AB?=BB=A5=AB?=BB=A7 =AF=AF=AF=AF=AF=AF=AF=AF=AF=AF=AF=AF=AF=AF=AF=AF=AF=AF=AF=AF=AF=AF=AF=AF=AF= =AF=AF=AF=AF=AF=AF=AF=AF=AF=AF=AF=AF=AF=AF=AF=AF=AF=AF=AF=AF=AF=AF=AF Gregober ---> PGP ID --> 0x1BA3C2FD bsd @at@ todoo.biz ________________________________________________ =AB?=BB=A5=AB?=BB=A7=AB?=BB=A5=AB?=BB=A7=AB?=BB=A5=AB?=BB=A7=AB?=BB=A5=AB?= =BB=A7=AB?=BB=A5=AB?=BB=A7=AB?=BB=A5=AB?=BB=A7 =AF=AF=AF=AF=AF=AF=AF=AF=AF=AF=AF=AF=AF=AF=AF=AF=AF=AF=AF=AF=AF=AF=AF=AF=AF= =AF=AF=AF=AF=AF=AF=AF=AF=AF=AF=AF=AF=AF=AF=AF=AF=AF=AF=AF=AF=AF=AF=AF P "Please consider your environmental responsibility before printing =20 this e-mail"