Date: Thu, 22 Apr 2004 09:32:06 -0600 From: "Wolfpaw - Dale Corse" <admin-lists@wolfpaw.net> To: "'Spidey Knepscheld'" <spidey@act.co.za>, <freebsd-isp@freebsd.org> Subject: RE: Traffic Monitor Message-ID: <01cf01c4287e$f80edb10$b8a6b38e@wolf> In-Reply-To: <DAENIFJEFNHAEEEFPNLKIEKECBAA.spidey@act.co.za>
next in thread | previous in thread | raw e-mail | index | archive | help
Hi Spidey, > My network looks like this: My Link comes in on a Cisco 805 > from the router it goes to the first NIC on the Firewall from > the second NIC it runs into a 10base HUB where there are only > 3 ports used one as I said for the Firewall the other for a > FreeBSD box (I want to use this box for traffic monitoring) > and then one port for the rest of the network which connects > to a 100base switch. The reason I used the 10base HUB is > because it broadcasts all the data to all the ports. So for > all data to and from the firewall will be caught by the > Monitoring BSD box. I hope this makes sense. That is an _extremely_ bad idea. Hubs have major collisions, Meaning you will essentially be lagging yourself (put simply). Personally, I'd go pick up a Cisco switch (1900 / 2900 series) Off Ebay, for about 100 - 200 USD, and then you can set the Switch to "mirror" all traffic to one port, which is great For monitoring things (we do it on a Catalyst 5000 for Snort) > > What I am looking for is some app that could show me live > what ip on my network is utilizing what part of the > bandwidth. Don't laugh !!I have a 256k Diginet connection and > I would like to see who is killing my network. I do get live > graphs from my upstream supplier but it shows the line > utilization from my router and not who is using what. Assuming the above scenario is in place (with the Cisco Switch) I would recommend IOG (http://www.dynw.com/iog/) for "Per Port" monitoring, and if you have access to one of the routers, the absolute best way to monitor bandwidth is using the Cisco Flow Export features. They can tell you a ton about not only who's using what, but where its going, which connection it used (for multi-homing) etc. Not sure if there is an app out there to deal with flow data in that Manner, ours is home-grown. A good place to start looking though is http://www.splintered.net/sw/flow-tools. This daemon will run on Freebsd, and you need it to collect the data. Best of luck with it :) Regards, Dale. -------------------------------- Dale Corse System Administrator Wolfpaw Services Inc. http://www.wolfpaw.net (780) 474-4095
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?01cf01c4287e$f80edb10$b8a6b38e>