From owner-freebsd-questions Mon Apr 15 23:21:25 1996 Return-Path: owner-questions Received: (from root@localhost) by freefall.freebsd.org (8.7.3/8.7.3) id XAA16130 for questions-outgoing; Mon, 15 Apr 1996 23:21:25 -0700 (PDT) Received: from tulpi.interconnect.com.au (root@tulpi.interconnect.com.au [192.189.54.18]) by freefall.freebsd.org (8.7.3/8.7.3) with ESMTP id XAA16125 for ; Mon, 15 Apr 1996 23:21:21 -0700 (PDT) Received: (from ahill@localhost) by tulpi.interconnect.com.au id QAA01426 (8.7.4/IDA-1.6); Tue, 16 Apr 1996 16:20:02 +1000 (EST) Date: Tue, 16 Apr 1996 16:20:00 +1000 (EST) From: Anthony Hill To: Mark Stout cc: questions@freebsd.org Subject: Re: Monitoring traffic between two sites, How?? In-Reply-To: <199604160305.UAA02499@vpm.com> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-questions@freebsd.org X-Loop: FreeBSD.org Precedence: bulk On Mon, 15 Apr 1996, Mark Stout wrote: > "Anthony Hill was seen writing" > > On Mon, 15 Apr 1996, Christian wrote: > > > > > Hi, > > > > > > I was wondering if there is anyway to use FreeBSD to monitor > > > traffic between two sites. I wan to be able to see how many users > > > from certain ip addresses on our network are connected to another ip > > > address. If possible I would also like to know, the duration of each > > > session, and what port the users are connected to on the other end. > > > Is this possible using FreeBSD and/or some freely available tools? > > > > Well you could get the raw data with tcpdump (which is part of the > > distribution), although it would be a bit cryptic. Perhaps someone knows > > of something that would process the output of tcpdump into something a > > bit more readable. > > I tried using tcpdump, but can't configure the device /dev/bpf0. What > do I need to do to configure this device? You have to add the relevent lines to your kernel config file. Im not at my box at the moment, but I worked it out from LINT.