From owner-freebsd-questions  Thu Jun 27 19:08:12 1996
Return-Path: owner-questions
Received: (from root@localhost)
          by freefall.freebsd.org (8.7.5/8.7.3) id TAA23933
          for questions-outgoing; Thu, 27 Jun 1996 19:08:12 -0700 (PDT)
Received: from cicerone.uunet.ca (root@cicerone.uunet.ca [142.77.1.11])
          by freefall.freebsd.org (8.7.5/8.7.3) with ESMTP id TAA23920
          for <freebsd-questions@freebsd.org>; Thu, 27 Jun 1996 19:08:07 -0700 (PDT)
Received: from why.whine.com ([205.150.249.1]) by mail.uunet.ca with ESMTP id <115610-5250>; Thu, 27 Jun 1996 22:07:04 -0400
Received: from why (andrew@why [205.150.249.1]) by why.whine.com (8.7.5/8.6.12) with SMTP id WAA04039; Thu, 27 Jun 1996 22:06:51 -0400 (EDT)
Date: Thu, 27 Jun 1996 22:06:50 -0400
From: Andrew Herdman <andrew@why.whine.com>
X-Sender: andrew@why
To: Brandon Gillespie <brandon@tombstone.sunrem.com>
cc: freebsd-questions@freebsd.org
Subject: Re: Network Monitoring/Packet Sniffing?
In-Reply-To: <Pine.BSF.3.91.960627182933.1735A-100000@tombstone.sunrem.com>
Message-ID: <Pine.BSF.3.91.960627220514.2647A-100000@why>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-questions@freebsd.org
X-Loop: FreeBSD.org
Precedence: bulk

Use 'trafshow' it's in the ports collection.  I use it on my network at 
work to track down a variety of problems, just plug the ethernet 
interface into the hub/subnet you want to peek at.  It also uses standard 
tcpdump filter rules so you can figure them out with a man tcpdump.

Andrew



On Thu, 27 Jun 1996, Brandon Gillespie wrote:

> I have been given the dubious task of 'administrating' our LAN and its 
> connection to the internet.  Recently our network will max out its 
> capacity, crippling everybody for a few moments until it recovers.  I 
> havn't been able to track anything more than bandwidth is spiking to 
> capacity.  Another admin where I work has an Ethernet monitor which 
> simply says 75% of it is from TCP/IP packets (we also run ethertalk).  We 
> have several leased connections, and our network itself is not of the 
> best design.
> 
> What I am looking for is programs of any sort which do _anything_ in 
> regard to monitoring network traffic.  Specifically, I would love 
> something which also tracked what IP addresses are hitting the top in 
> bandwidth.  The FreeBSD system I am thinking of sits in the middle of the 
> network, so should be able to see as easilly as any other (we do not 
> bridge nor do we have smart hubs, so it should see EVERYTHING).
> 
> -Brandon Gillespie-
>