traffic analysis tools
Hey people, I'd like something to look at traffic use through my gateway, so I know how much of my upload bandwidth and download bandwidth is in use at any time. Ideally it'll tell me from where, so I can look at internal abusers, or get an idea of where hits are coming from. Off the top of my head, I can think of two tools. 1. ntop - great web interface, but I've found it unstable 2. iptraf - good curses interface, but I'm looking for trend monitoring 3. mrtg - as I'm running snmp, so I could just monitor it from a desktop running mrtg... Any other suggestions? Thanks, Mike -- Michael P. Soulier <[EMAIL PROTECTED]> "Any intelligent fool can make things bigger and more complex... It takes a touch of genius - and a lot of courage to move in the opposite direction." --Albert Einstein pgpj4vLlKczNI.pgp Description: PGP signature
Re: traffic analysis tools
On 10/21/06, Michael P. Soulier <[EMAIL PROTECTED]> wrote: Hey people, I'd like something to look at traffic use through my gateway, so I know how much of my upload bandwidth and download bandwidth is in use at any time. Ideally it'll tell me from where, so I can look at internal abusers, or get an idea of where hits are coming from. Off the top of my head, I can think of two tools. 1. ntop - great web interface, but I've found it unstable 2. iptraf - good curses interface, but I'm looking for trend monitoring 3. mrtg - as I'm running snmp, so I could just monitor it from a desktop running mrtg... Any other suggestions? I have two for you: NetMRG and Cacti You can set them up to read values from pf for example :) -- Joao Barros ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: traffic analysis tools
On 21/10/06 Joao Barros said: > I have two for you: NetMRG and Cacti > You can set them up to read values from pf for example :) Hmm. I have cacti installed. How do you get it to read from, say, ipfilter? I guess it has to read ipstat output, or parse ipmon logs. Mike -- Michael P. Soulier <[EMAIL PROTECTED]> "Any intelligent fool can make things bigger and more complex... It takes a touch of genius - and a lot of courage to move in the opposite direction." --Albert Einstein pgpq7eG0FgMBp.pgp Description: PGP signature
Re: traffic analysis tools
Michael P. Soulier wrote: Hey people, I'd like something to look at traffic use through my gateway, so I know how much of my upload bandwidth and download bandwidth is in use at any time. Ideally it'll tell me from where, so I can look at internal abusers, or get an idea of where hits are coming from. Off the top of my head, I can think of two tools. 1. ntop - great web interface, but I've found it unstable 2. iptraf - good curses interface, but I'm looking for trend monitoring 3. mrtg - as I'm running snmp, so I could just monitor it from a desktop running mrtg... Any other suggestions? Thanks, Mike Etherape might work for you, though I haven't tried it. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: traffic analysis tools
Hi there On 21/10/06, Michael P. Soulier <[EMAIL PROTECTED]> wrote: Hey people, I'd like something to look at traffic use through my gateway, so I know how much of my upload bandwidth and download bandwidth is in use at any time. Ideally it'll tell me from where, so I can look at internal abusers, or get an idea of where hits are coming from. Is your gateway running FreeBSD? If yes why don't you try to run TCPDUMP on it? Off the top of my head, I can think of two tools. 1. ntop - great web interface, but I've found it unstable 2. iptraf - good curses interface, but I'm looking for trend monitoring 3. mrtg - as I'm running snmp, so I could just monitor it from a desktop running mrtg... Any other suggestions? Take a look to Ettercap/Etterlog. It can capture packets in switched LANs, remotely and can be combined with other tools such as TCPDUMP or Ethereal and BPF filters. RTFM. I need to advice that you use such tools tenderly. There is a large variety of packet capturing tools out there, check: http://www.caida.org/tools Thanks, Mike -- Michael P. Soulier <[EMAIL PROTECTED]> "Any intelligent fool can make things bigger and more complex... It takes a touch of genius - and a lot of courage to move in the opposite direction." --Albert Einstein Regards Spiros ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: traffic analysis tools
On Sat, Oct 21, 2006 at 10:19:34AM -0400, Michael P. Soulier wrote: > Hey people, > > I'd like something to look at traffic use through my gateway, so I know how > much of my upload bandwidth and download bandwidth is in use at any time. > Ideally it'll tell me from where, so I can look at internal abusers, or get an > idea of where hits are coming from. > > Off the top of my head, I can think of two tools. > > 1. ntop - great web interface, but I've found it unstable > 2. iptraf - good curses interface, but I'm looking for trend monitoring > 3. mrtg - as I'm running snmp, so I could just monitor it from a desktop > running mrtg... > > Any other suggestions? The firewall ipfw comes with a counter option. You could collect this information out the firewall with ipa into its database. Then create graphs with mrtg. I have two articles about how to do this on my website. -- Alex Please copy the original recipients, otherwise I may not read your reply. Howtos based on my personal use, including information about setting up a firewall and creating traffic graphs with MRTG http://alex.kruijff.org/FreeBSD/ ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: traffic analysis tools
Le 21 oct. 06 à 16:19, Michael P. Soulier a écrit : Hey people, I'd like something to look at traffic use through my gateway, so I know how much of my upload bandwidth and download bandwidth is in use at any time. This could be donne very easily withe cacti : --> Activate SNMP on your gateway --> Log into cacti --> Select Devices and create a new one corresponding to your gateway --> Select a Host Template of type ucd/net SNMP host --> Add graph template --> Add data query of type "SNMP - interface statistics" This should be very easy. For security purpose reduce the IP range of allowed hosts in the snmpd.conf Ideally it'll tell me from where, so I can look at internal abusers, or get an idea of where hits are coming from. If your PC's are connected to a switch, activate SNMP and monitor It the same way. Otherwise you'll have to go into deeper configuration of cacti and script the solution to monitor load per IP. Another solution would be to Monitor global bandwith and log into your gateway once you encounter congestion and have a little command like that showing whom the nasty guys are : # netstat -an | less If your gateway is not a FreeBSD - let us know because things could be very different. Off the top of my head, I can think of two tools. 1. ntop - great web interface, but I've found it unstable 2. iptraf - good curses interface, but I'm looking for trend monitoring 3. mrtg - as I'm running snmp, so I could just monitor it from a desktop running mrtg... Any other suggestions? Thanks, Mike «?»¥«?»§«?»¥«?»§«?»¥«?»§«?»¥«?»§«?»¥«?»§«?»¥«?»§ Gregober ---> PGP ID --> 0x1BA3C2FD bsd @at@ todoo.biz «?»¥«?»§«?»¥«?»§«?»¥«?»§«?»¥«?»§«?»¥«?»§«?»¥«?»§ P "Please consider your environmental responsibility before printing this e-mail" ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"