From owner-freebsd-questions  Thu Feb 28 12: 2:45 2002
Delivered-To: freebsd-questions@freebsd.org
Received: from dan.emsphone.com (dan.emsphone.com [199.67.51.101])
	by hub.freebsd.org (Postfix) with ESMTP id 934CC37B400
	for <questions@FreeBSD.ORG>; Thu, 28 Feb 2002 12:02:41 -0800 (PST)
Received: from dan.emsphone.com (dan@localhost [127.0.0.1])
	by dan.emsphone.com (8.12.2/8.12.2) with ESMTP id g1SK2d5P049035;
	Thu, 28 Feb 2002 14:02:39 -0600 (CST)
	(envelope-from dan@dan.emsphone.com)
Received: (from dan@localhost)
	by dan.emsphone.com (8.12.2/8.12.2/Submit) id g1SK2d0V049034;
	Thu, 28 Feb 2002 14:02:39 -0600 (CST)
Date: Thu, 28 Feb 2002 14:02:38 -0600
From: Dan Nelson <dnelson@allantgroup.com>
To: FreeBSD user <freebsd@XtremeDev.com>
Cc: questions@FreeBSD.ORG
Subject: Re: Network Statistics?
Message-ID: <20020228200228.GA32540@dan.emsphone.com>
References: <20020228121942.F83104-100000@Amber.XtremeDev.com>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <20020228121942.F83104-100000@Amber.XtremeDev.com>
User-Agent: Mutt/1.3.27i
X-OS: FreeBSD 5.0-CURRENT
X-message-flag: Outlook Error
Sender: owner-freebsd-questions@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-questions.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-questions>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-questions>
X-Loop: FreeBSD.ORG

In the last episode (Feb 28), FreeBSD user said:
> After reading the recent posts on DRDoS and historical syn floods,
> I've become interested in finding and displaying network statistics
> on my FreeBSD machine. To start, netstat -nidb would only give me a
> little of what I'm looking for. Specifically, I want to see info on
> incoming rates of syn packets that has no corresponding ack packets
> to my syn/ack packets (me being used as a reflector), etc. Is there
> an tools that would show this to me? Has anyone setup something
> similar in FreeBSD with MRTG? If so, can you share your config
> scripts on how to better detect this sort of thing? Thanks in
> advance.

Try netstat -s;  netstat -i is per-interface stats that are usually at
the ethernet level, and you're looking more for TCP-level stats.  I
don't know if any of these values are exported via net-snmp.

-- 
	Dan Nelson
	dnelson@allantgroup.com

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message