From owner-freebsd-net@FreeBSD.ORG  Thu Sep 18 05:49:16 2003
Return-Path: <owner-freebsd-net@FreeBSD.ORG>
Delivered-To: freebsd-net@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP
	id 80A2616A4B3; Thu, 18 Sep 2003 05:49:16 -0700 (PDT)
Received: from rambo.401.cx (rambo.401.cx [80.65.205.166])
	by mx1.FreeBSD.org (Postfix) with ESMTP
	id B2E0C43FE1; Thu, 18 Sep 2003 05:49:12 -0700 (PDT)
	(envelope-from listsub@401.cx)
Received: from 401.cx (132.dairy.twenty4help.se [80.65.195.132])
	by rambo.401.cx (8.12.9/8.12.9) with ESMTP id h8ICn9cx085475;
	Thu, 18 Sep 2003 14:49:10 +0200 (CEST)
	(envelope-from listsub@401.cx)
Message-ID: <3F69A9C0.4090201@401.cx>
Date: Thu, 18 Sep 2003 14:49:04 +0200
From: "Roger 'Rocky' Vetterberg" <listsub@401.cx>
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US;
	rv:1.5b) Gecko/20030723 Thunderbird/0.1
X-Accept-Language: en-us, en
MIME-Version: 1.0
To: Josef Karthauser <joe@freebsd.org>
References: <20030917182850.Q52432-100000@mail.econolodgetulsa.com>
	<3F690E7D.90201@netli.com> <20030918123203.GC13474@genius.tao.org.uk>
In-Reply-To: <20030918123203.GC13474@genius.tao.org.uk>
Content-Type: text/plain; charset=us-ascii; format=flowed
Content-Transfer-Encoding: 7bit
cc: freebsd-net@freebsd.org
Subject: Re: Traffic analysis ports?
X-BeenThere: freebsd-net@freebsd.org
X-Mailman-Version: 2.1.1
Precedence: list
List-Id: Networking and TCP/IP with FreeBSD <freebsd-net.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-net>,
	<mailto:freebsd-net-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-net>
List-Post: <mailto:freebsd-net@freebsd.org>
List-Help: <mailto:freebsd-net-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-net>,
	<mailto:freebsd-net-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Thu, 18 Sep 2003 12:49:16 -0000

Josef Karthauser wrote:
> Dear all,
> 
> I'm looking for some software to basically analyse the traffic I've got
> going over a particular pipe so that I can work out whether or what to
> traffic shape.  Can anyone recommend anything?
> 
> Joe

My first recommendation would be to not reply to existing postings 
when starting a new thread. It really messes up the inbox for people 
that prefer threaded views.

As for software recommendations, have you looked at tcpdump? Its a 
lot of manual labour, but with some simple scripting you should be 
able to easily figure out what kind of traffic is eating your pipe.
If you dont mind a buggy, resource eating hog with lots of security 
issues you could look at ntop. It has a webinterface that draws very 
pretty graphs and diagrams with all the information you could 
possibly want.
But as I said, it will eat resources and dont blame me if youre 
hacked while running it. Just install it, fire it up and let it run 
for a few hours and you will have enough data to work with I think. 
If you like it you can keep it running, but as I said, dont blame me.

--
R