From owner-freebsd-questions@FreeBSD.ORG Thu Oct 8 08:24:28 2009 Return-Path: Delivered-To: freebsd-questions@FreeBSD.ORG Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 6E9F11065692 for ; Thu, 8 Oct 2009 08:24:28 +0000 (UTC) (envelope-from olli@lurza.secnetix.de) Received: from lurza.secnetix.de (lurza.secnetix.de [IPv6:2a01:170:102f::2]) by mx1.freebsd.org (Postfix) with ESMTP id E5F6E8FC15 for ; Thu, 8 Oct 2009 08:24:27 +0000 (UTC) Received: from lurza.secnetix.de (localhost [127.0.0.1]) by lurza.secnetix.de (8.14.3/8.14.3) with ESMTP id n988OBvn059557; Thu, 8 Oct 2009 10:24:26 +0200 (CEST) (envelope-from oliver.fromme@secnetix.de) Received: (from olli@localhost) by lurza.secnetix.de (8.14.3/8.14.3/Submit) id n988OB0V059556; Thu, 8 Oct 2009 10:24:11 +0200 (CEST) (envelope-from olli) Date: Thu, 8 Oct 2009 10:24:11 +0200 (CEST) Message-Id: <200910080824.n988OB0V059556@lurza.secnetix.de> From: Oliver Fromme To: freebsd-questions@FreeBSD.ORG, mkhitrov@gmail.com In-Reply-To: <26ddd1750910071222n3d2b82ebn72ae4c00ddeaa9a4@mail.gmail.com> X-Newsgroups: list.freebsd-questions User-Agent: tin/1.8.3-20070201 ("Scotasay") (UNIX) (FreeBSD/6.4-PRERELEASE-20080904 (i386)) MIME-Version: 1.0 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 8bit X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-2.1.2 (lurza.secnetix.de [127.0.0.1]); Thu, 08 Oct 2009 10:24:26 +0200 (CEST) Cc: Subject: Re: Show bandwidth usage by IP address (through pf) X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list Reply-To: freebsd-questions@FreeBSD.ORG, mkhitrov@gmail.com List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 08 Oct 2009 08:24:28 -0000 Maxim Khitrov wrote: > I have pf filtering traffic to our network. Is there any easy way to > see the current bandwidth usage sorted by ip? Someone is using up > almost 100% of total bandwidth and parsing "pfctl -ss -v" isn't > getting me anywhere. The trafshow tool (ports/net/trafshow) does exactly that. The nice thing about it is that it accepts the same filter expressions that tcpdump accepts, so you can easily filter by ports, addresses, interfaces, protocols and so on. It works independent from your packet filter, so it doesn't matter whether you use pf, ipf, ipfw or none at all. If you want to see the amount of accumulated traffic (i.e. since boot) per interface and per IP address, the commands "netstat -i" and "netstat -ib" will tell that (in packets and in bytes, respectively). Best regards Oliver -- Oliver Fromme, secnetix GmbH & Co. KG, Marktplatz 29, 85567 Grafing b. M. Handelsregister: Registergericht Muenchen, HRA 74606, Geschäftsfuehrung: secnetix Verwaltungsgesellsch. mbH, Handelsregister: Registergericht Mün- chen, HRB 125758, Geschäftsführer: Maik Bachmann, Olaf Erb, Ralf Gebhart FreeBSD-Dienstleistungen, -Produkte und mehr: http://www.secnetix.de/bsd One Unix to rule them all, One Resolver to find them, One IP to bring them all and in the zone to bind them.