Skip site navigation (1)Skip section navigation (2) 
Date:      Tue, 20 Dec 2005 13:53:42 -0500 (EST)
From:      Peter <petermatulis@yahoo.ca>
To:        freebsd-questions@freebsd.org
Subject:   Re: network monitoring tool
Message-ID:  <20051220185342.99492.qmail@web60021.mail.yahoo.com>
In-Reply-To: <200512200628.jBK6SRaA032951@darkstar.thelakecity.com.pk>
next in thread | previous in thread | raw e-mail | index | archive | help 

--- Imran Imtiaz <imran@darkstar.thelakecity.com.pk> wrote:

> can anyone tell me which is the best network monitoring tool for unix
> which can tell me that from which ip the traffic is comming and the type
> of traffic and in which i can give a criteria like today which ip has
> downloaded how much amount of data. I am currently using ntop but it is
> not showing me the details based on criteria it just show me the traffic
> from the day it is up. I want something simple and effective.

I use OpenBSD's pf and, with its label feature, it is not difficult to
extract statistics with a shell script.  Right now I am looking at traffic
type, not IP addresses.  It all depends on how you create your rules. 
Below is a sample pf rule and the output my script provides me.

pass out on $EXT \
        inet proto udp \
        from $EXT to any \
        port 123 \        
        keep state \
        label "outbound - $proto:$dstport ->"

============================
Host:             kovacs.domain.com
Interface:      tun0
Month:           December 2005
Timestamp:    Dec 20 13:30
Data time:      8d 3h 40m
------------------------------------------
Traffic type     Bytes-in     Bytes-out
------------------------------------------
icmp:echoreq     45108         45528
tcp:110             343961         52701
tcp:113                      0                 0
tcp:11371                  0                 0
tcp:119                      0                 0
tcp:20                        0                 0
tcp:21              123577          79800
tcp:22                        0                  0
tcp:25                50400          53476
tcp:2703                    0                  0
tcp:43                  5833              863
tcp:443              12338            2914
tcp:53                        0                  0
tcp:6112                    0                  0
tcp:6667                    0                  0
tcp:80          48203259       5243942
udp:123           366396         381064
udp:53           2629955       1584473
udp:6277             2384             2262
--------------------------------------------------                
TOTALS(B)    51603928       7401496
TOTALS(MB)         49.21              7.05
RATE(B/m)       4395.56           630.45
============================


	

	
		
__________________________________________________________ 
Find your next car at http://autos.yahoo.ca

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20051220185342.99492.qmail>