Date: Thu, 09 Sep 2004 10:00:37 -0500 From: Norm Vilmer <norm@etherealconsulting.com> To: Steve Bertrand <iaccounts@ibctech.ca>, freebsd-questions@freebsd.org Subject: Re: Packet filter statistics Message-ID: <41407015.2000805@etherealconsulting.com> In-Reply-To: <1838.209.167.16.15.1094740572.squirrel@209.167.16.15> References: <1637.209.167.16.15.1094735851.squirrel@209.167.16.15> <4140679D.9020605@etherealconsulting.com> <1838.209.167.16.15.1094740572.squirrel@209.167.16.15>
next in thread | previous in thread | raw e-mail | index | archive | help
Steve Bertrand wrote: >>Steve Bertrand wrote: >> >>>Please bear with me... >>> >>>I've got a Windows 2000 web server that is spewing out over 2Mbps of >>>data which is going out round robin over my 3 T-1 connections. >>>Although there is still more throughput available, this is seemingly >>>rediculous. >>> >>>I've got a fortigate box in front of the server now, but the details >>>it gives aren't quite what I need. What I'd like to have is a FBSD >>>filter (transparent bridge) setup in front of the box, with software >>>that can chart for me what type of packets are being sent/rec'd >>>to/from this box, as well as each packets frequency and size. Any >>>graph would do. >>> >>>I believe this is legit HTTP traffic, but I can't identify packet >>>size >>>(or the size of a single entire HTTP session etc). Seeing this in >>>graphical form would help me immensely. >>> >>>Anyone familiar with available software that I could dump on my >>>filter >>>box that can potentially do something similar like I am looking for? >>> >>>I was contemplating on asking this on -ipfw, however technically >>>it's >>>not a direct IPFW question. >>> >>>Tks everyone for any suggestions. >>> >>>Steve >>> >>>_______________________________________________ >>>freebsd-questions@freebsd.org mailing list >>>http://lists.freebsd.org/mailman/listinfo/freebsd-questions >>>To unsubscribe, send any mail to >>>"freebsd-questions-unsubscribe@freebsd.org" >>> >> >>You may want to check out Ethereal (free packet sniffer) >>www.ethereal.com. I have used this successfully on FreeBSD. Also, >>FreeBSD has a program called tcpdump that will show packets without >>the >>added bells and whistles of Ethereal. One note: if you are using level >>2 >>or higher switches, the sniffer will not pickup all the traffic coming >>out of your Win2k box unless you configure a management port on your >>switch or use a hub with both the sniffer box and the server connected >>to it. >> >>Alternatively, you may be able to run Ethereal on you Win2k box.... >> >>Hope this helps. >> >>Norm > > > OFF-LIST. > > I just noticed your email address...I have used ethereal only in > traditional sniffing environments, to identify who's doing what. > > However, you probably know better than I if it measures bytes > send/received by IP, protocol, port etc. The box in use as I said will > be in-line. Also, will ethereal run without X? It's a command line > only box. > > Tks again, > > Steve > > >>_______________________________________________ >>freebsd-questions@freebsd.org mailing list >>http://lists.freebsd.org/mailman/listinfo/freebsd-questions >>To unsubscribe, send any mail to >>"freebsd-questions-unsubscribe@freebsd.org" >> > > > > My email domain is just a strange coincidence, I am not associated with the people at ethereal.com, just like the product (and name :) You do not need X, use "tethereal", it is a command line program. With regards to inserting the box inline, It should be possible, I have not been successful at doing it (yet). I am trying to build a NIPS which I would like to put inline between my ISP and my wireless router. I am using ipfw, If I get it to work, I will let you know. Norm
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?41407015.2000805>