On 6/17/21 10:51 PM, Ibsen S Ripsbusker wrote:
> My great and good friends,
>
> I want to know how much network traffic a Windows computer is
> responsible for. The Windows computer is connected to a switch,
> the switch is connected to a router running OpenBSD, and the router is
> connected eventually to the internet service provider.
>
> Windows ---------- Switch ---- OpenBSD ---- ISP
> Other computers --/
>
> How can I find out how many bytes this Windows computer sent or received
> through the router within some time period?
There are several ways to do this, at least a couple will involve minor
surgery on your PF rule set.
One way is to set up with labels to your liking (see eg
http://home.nuug.no/~peter/pftutorial/#97 and following) which you can
then query.
The other obvious candidate is to set up for pflow export (see eg
http://home.nuug.no/~peter/pftutorial/#102 and following with links
therein).
Both of these approaches will get you the data, with potential for
further fun (see eg
https://bsdly.blogspot.com/2014/02/yes-you-too-can-be-evil-network.html)
All the best,
Peter
--
Peter N. M. Hansteen, member of the first RFC 1149 implementation team
http://bsdly.blogspot.com/ http://www.bsdly.net/ http://www.nuug.no/
"Remember to set the evil bit on all malicious network traffic"
delilah spamd[29949]: 85.152.224.147: disconnected after 42673 seconds.
