From owner-freebsd-isp@FreeBSD.ORG Thu Apr 22 07:15:56 2004 Return-Path: Delivered-To: freebsd-isp@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 4A8A816A532 for ; Thu, 22 Apr 2004 07:15:56 -0700 (PDT) Received: from mail.act.co.za (mail.act.co.za [196.15.213.131]) by mx1.FreeBSD.org (Postfix) with ESMTP id 79D1443D31 for ; Thu, 22 Apr 2004 07:15:54 -0700 (PDT) (envelope-from spidey@act.co.za) Received: from localhost.act.co.za ([127.0.0.1] helo=localhost) by mail.act.co.za with esmtp (Exim 4.24; FreeBSD 5.0) id 1BGf3D-0007xw-QR for freebsd-isp@freebsd.org; Thu, 22 Apr 2004 16:19:39 +0200 Received: from mail.act.co.za ([127.0.0.1]) by localhost (mail.act.co.za [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 30127-09 for ; Thu, 22 Apr 2004 16:19:36 +0200 (SAST) Received: from [10.0.1.11] (helo=ACTSPIDEY) by mail.act.co.za with smtp (Exim 4.24; FreeBSD 5.0) id 1BGf3A-0007xn-HK for freebsd-isp@freebsd.org; Thu, 22 Apr 2004 16:19:36 +0200 From: "Spidey Knepscheld" To: Date: Thu, 22 Apr 2004 16:15:47 +0200 Message-ID: MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit X-Priority: 3 (Normal) X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook IMO, Build 9.0.2416 (9.0.2910.0) X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2600.0000 Importance: Normal X-Virus-Scanned: by amavisd-new at act.co.za Subject: Traffic Monitor X-BeenThere: freebsd-isp@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Internet Services Providers List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 22 Apr 2004 14:15:56 -0000 Hi I am an ISP running FreeBSD as a firewall and as a Mail Server. My problem is that I am not able to monitor the amount of traffic that user are using on my network. in south Africa bandwidth is extremely expensive and I need to take my bandwidth to the edge. My network looks like this: My Link comes in on a Cisco 805 from the router it goes to the first NIC on the Firewall from the second NIC it runs into a 10base HUB where there are only 3 ports used one as I said for the Firewall the other for a FreeBSD box (I want to use this box for traffic monitoring) and then one port for the rest of the network which connects to a 100base switch. The reason I used the 10base HUB is because it broadcasts all the data to all the ports. So for all data to and from the firewall will be caught by the Monitoring BSD box. I hope this makes sense. What I am looking for is some app that could show me live what ip on my network is utilizing what part of the bandwidth. Don't laugh !!I have a 256k Diginet connection and I would like to see who is killing my network. I do get live graphs from my upstream supplier but it shows the line utilization from my router and not who is using what. So I can't be proactive in solving speed issues I need to wait for it to happen and then by a process of elimination disconnect segments of the network and see when the graph drops. I tried TCPDUMP but it is difficult to understand (perhaps I am just stupid) but it's a time consuming process and to late to fix the problem. I hope this makes sense to someone thank you Spidey