Steve Bertrand wrote:
My email domain is just a strange coincidence, I am not associated with the people at ethereal.com, just like the product (and name :)Steve Bertrand wrote:
Please bear with me...
I've got a Windows 2000 web server that is spewing out over 2Mbps of data which is going out round robin over my 3 T-1 connections. Although there is still more throughput available, this is seemingly rediculous.
I've got a fortigate box in front of the server now, but the details it gives aren't quite what I need. What I'd like to have is a FBSD filter (transparent bridge) setup in front of the box, with software that can chart for me what type of packets are being sent/rec'd to/from this box, as well as each packets frequency and size. Any graph would do.
I believe this is legit HTTP traffic, but I can't identify packet size (or the size of a single entire HTTP session etc). Seeing this in graphical form would help me immensely.
Anyone familiar with available software that I could dump on my filter box that can potentially do something similar like I am looking for?
I was contemplating on asking this on -ipfw, however technically it's not a direct IPFW question.
Tks everyone for any suggestions.
Steve
_______________________________________________ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
You may want to check out Ethereal (free packet sniffer) www.ethereal.com. I have used this successfully on FreeBSD. Also, FreeBSD has a program called tcpdump that will show packets without the added bells and whistles of Ethereal. One note: if you are using level 2 or higher switches, the sniffer will not pickup all the traffic coming out of your Win2k box unless you configure a management port on your switch or use a hub with both the sniffer box and the server connected to it.
Alternatively, you may be able to run Ethereal on you Win2k box....
Hope this helps.
Norm
OFF-LIST.
I just noticed your email address...I have used ethereal only in traditional sniffing environments, to identify who's doing what.
However, you probably know better than I if it measures bytes send/received by IP, protocol, port etc. The box in use as I said will be in-line. Also, will ethereal run without X? It's a command line only box.
Tks again,
Steve
_______________________________________________ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
You do not need X, use "tethereal", it is a command line program.
With regards to inserting the box inline, It should be possible, I have not been successful at doing it (yet). I am trying to build a NIPS which I would like to put inline between my ISP and my wireless router. I am using ipfw, If I get it to work, I will let you know.
Norm
_______________________________________________ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
