From owner-freebsd-net@FreeBSD.ORG Wed Dec 6 19:53:23 2006 Return-Path: X-Original-To: freebsd-net@freebsd.org Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id 7FC1E16A4C2 for ; Wed, 6 Dec 2006 19:53:23 +0000 (UTC) (envelope-from amason@rackspace.com) Received: from mx.sat.rackspace.com (mx.sat.rackspace.com [64.39.1.214]) by mx1.FreeBSD.org (Postfix) with ESMTP id A471C43DF4 for ; Wed, 6 Dec 2006 19:47:33 +0000 (GMT) (envelope-from amason@rackspace.com) Received: from mail.rackspace.com (mail.rackspace.com [64.39.2.181]) by mx.sat.rackspace.com (8.13.8/8.13.8) with ESMTP id kB6JmCEp021490 for ; Wed, 6 Dec 2006 13:48:12 -0600 (envelope-from amason@rackspace.com) Received: from mizar.rackspace.com (office105-56.sat4.rackspace.com [10.6.105.56]) by mail.rackspace.com (8.13.1/8.13.1) with ESMTP id kB6Jltrj015461 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO) for ; Wed, 6 Dec 2006 13:47:55 -0600 From: Art Mason Organization: Rackspace Managed Hosting To: freebsd-net@freebsd.org Date: Wed, 6 Dec 2006 13:49:59 -0600 User-Agent: KMail/1.9.4 References: <6199c3dc0612050848g16a0911dga145485ba14bf21f@mail.gmail.com> <4576EB9D.2040300@elischer.org> <200612061153.26040.josh@tcbug.org> In-Reply-To: <200612061153.26040.josh@tcbug.org> MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Content-Disposition: inline Message-Id: <200612061349.59511.amason@rackspace.com> Subject: Re: Bandwidth Monitoring program X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 06 Dec 2006 19:53:23 -0000 On Wednesday 06 December 2006 11:53, Josh Paetzel wrote: > On Wednesday 06 December 2006 10:11, Julian Elischer wrote: > > Josh Paetzel wrote: > > > On Tuesday 05 December 2006 23:52, Brett Glass wrote: > > >> Add a few IPFW "count" rules to count the bytes and packets. > > >> Then, periodically harvest and reset the counters via a cron job > > >> and write the results to a file. You can then prepare tables and > > >> charts which are as simple or as fancy as you please, without > > >> resorting to SNMP (which isn't secure). A little bit of code in > > >> your favorite scripting language will do it. And of course you > > >> can output to a graphing package, though for me a simple > > >> histogram using asterisks has sufficient precision in most > > >> cases. > > >> > > >> --Brett Glass > > > > > > Just curious.....but where is he going to run ipfw? I seriously > > > doubt his router can run it, and what good is it going to do him > > > to run it on a machine on the network if the network is switched? > > > It's not going to be able to see any of the traffic other than > > > what that specific machine is sending/receiving. > > > > run ipfw in layer 2 after turning on promiscuous mode and attaching > > it to a hub. > > > > I do it all the time. > > He specifically said in his original post that putting a machine > between the router and his lan wasn't an option. His question > was, "Is there a program where I can see whats going on from the > computer on that network?" The answer to that question is, if he's on > a switched network, no. Not without a topology change. If he can't > put a box between the switch and router how likely is it that he's > going to be able to put a hub between the switch and router and then > attach a box to that? Not sure if this has been discussed already, but If the router's internal interface is plugged into a managed switch that supports a SPAN port, you can always set your monitoring box running NTOP, bandwidthd, NetFlow, etc. up on the destination switchport . Hope that helps. -- Art Mason amason@rackspace.com Intensive Network Security Rackspace Managed Hosting (800) 961-4454 ext. 4290