From owner-freebsd-questions Tue Jun 11 0:35:57 2002 Delivered-To: freebsd-questions@freebsd.org Received: from dns.perimeter.co.za (dns.perimeter.co.za [196.25.164.254]) by hub.freebsd.org (Postfix) with ESMTP id 27AA037B403 for ; Tue, 11 Jun 2002 00:35:49 -0700 (PDT) Received: from PATRICK (loopback.mipjhb [209.212.102.245] (may be forged)) by dns.perimeter.co.za (8.11.1/8.11.1) with SMTP id g5B7Yi129580; Tue, 11 Jun 2002 09:34:44 +0200 (SAST) (envelope-from bsd@perimeter.co.za) Message-ID: <002e01c2111a$274dfec0$b50d030a@PATRICK> From: "Patrick O'Reilly" To: "Robbak" , References: <02061110220000.00351@swegg> Subject: Re: Developing an ip accounting program. Date: Tue, 11 Jun 2002 09:32:32 +0200 MIME-Version: 1.0 Content-Type: text/plain; charset="Windows-1252" Content-Transfer-Encoding: 7bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 5.50.4522.1200 X-MimeOLE: Produced By Microsoft MimeOLE V5.50.4522.1200 Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG ----- Original Message ----- From: "Robbak" > OK. I've drawn a blank. > > I previoulsy mentioned that I would do this from firewall logs. that was before > I determined that they do not log packet size. > > What I need to do is provide to users a .html page listing the data throughput > (to/from) the machines on the local subnet. I envisage a routine providing a > stream of data (similar to the ipfw logging) that the procedure could parse and > summarise by ip, and a script/program in cgi to extract the info and create the > page. > > I beleive could accomplish the later steps, if I could get some help on the > data input. The BPF routines look capable, but are beyond my comprehension. > > The nearest I have seen is the ipcad program. It sems to have much of the info I > need. If someone has an annotated version of the code for it, or a similar > prog., it would be a great help > Robert, I seem to recall seeing someone using 'ntop' from the ports to monitor network activity on a gateway. I'm pretty sure it included byte counts per host, even with a break-down by protocol (HTTP vs SMTP, etc), and it has a web interface. Regards, Patrick O'Reilly. ___ _ __ / _ )__ __ (_)_ __ ___ _/ /____ __ / __/ -_) _) / ~ ) -_), ,-/ -_) _) /_/ \__/_//_/_/~/_/\__/ \__/\__/_/ http://www.perimeter.co.za To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message