From owner-freebsd-isp  Wed Jun  2 17:41: 6 1999
Delivered-To: freebsd-isp@freebsd.org
Received: from mensa.national.com.au (mensa.national.com.au [203.57.240.81])
	by hub.freebsd.org (Postfix) with ESMTP id 961FA1500C
	for <freebsd-isp@FreeBSD.ORG>; Wed,  2 Jun 1999 17:40:53 -0700 (PDT)
	(envelope-from nconedd@mensa.national.com.au)
Received: (from nconedd@localhost)
	by mensa.national.com.au (8.8.8+Sun/8.8.8) id KAA00543;
	Thu, 3 Jun 1999 10:40:14 +1000 (EST)
From: Enno Davids <nconedd@mensa.national.com.au>
Message-Id: <199906030040.KAA00543@mensa.national.com.au>
Subject: Re: monitoring at the packet level
To: rowan@sensation.net.au (Rowan Crowe)
Date: Thu, 3 Jun 1999 10:40:14 +1000 (EST)
Cc: freebsd-isp@FreeBSD.ORG
In-Reply-To: <Pine.BSF.4.01.9906022024580.2604-100000@velvet.sensation.net.au> from "Rowan Crowe" at Jun 2, 99 08:32:00 pm
X-Mailer: ELM [version 2.5 PL0a3]
MIME-Version: 1.0
Content-Type: text/plain; charset=US-ASCII
Content-Transfer-Encoding: 7bit
Sender: owner-freebsd-isp@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.org

| 
| Hi all,
| 
| I am currently working on a monitoring system which does more than simple
| byte counting, it instead monitors connections. Output can be sorted by
| most popular source host, most popular destination host, most popular
| source port, most popular destination port.
| 
| As it's just a test of concept right now, it's basically tcpdump piped to
| a program that converts the ASCII output into binary form for its own
| internal use. (As a bonus this makes it a little portable, assuming the
| target platform has a similar tcpdump)

perhaps you'd be better off modifying 'ntop' which already does the src/dest
address stuff you're talking about (and can split out by transport - i.e.
TCP, UDP and ICMP).


Cheers,

Enno.



To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-isp" in the body of the message