Re: Counting traffic of one host through an OpenBSD computer
My great and good friends, This is just what I wanted. Now I will see if my company-issued computer is the source of my high home network usage! Please accept the assurances of my sincerest regards and respect, Ibsen S Ripsbusker
Re: Counting traffic of one host through an OpenBSD computer
On 6/17/21 10:51 PM, Ibsen S Ripsbusker wrote: > My great and good friends, > > I want to know how much network traffic a Windows computer is > responsible for. The Windows computer is connected to a switch, > the switch is connected to a router running OpenBSD, and the router is > connected eventually to the internet service provider. > > Windows -- Switch OpenBSD ISP > Other computers --/ > > How can I find out how many bytes this Windows computer sent or received > through the router within some time period? There are several ways to do this, at least a couple will involve minor surgery on your PF rule set. One way is to set up with labels to your liking (see eg http://home.nuug.no/~peter/pftutorial/#97 and following) which you can then query. The other obvious candidate is to set up for pflow export (see eg http://home.nuug.no/~peter/pftutorial/#102 and following with links therein). Both of these approaches will get you the data, with potential for further fun (see eg https://bsdly.blogspot.com/2014/02/yes-you-too-can-be-evil-network.html) All the best, Peter -- Peter N. M. Hansteen, member of the first RFC 1149 implementation team http://bsdly.blogspot.com/ http://www.bsdly.net/ http://www.nuug.no/ "Remember to set the evil bit on all malicious network traffic" delilah spamd[29949]: 85.152.224.147: disconnected after 42673 seconds.
Re: Counting traffic of one host through an OpenBSD computer
On Thu, Jun 17, 2021 at 10:53 PM Ibsen S Ripsbusker wrote: > > My great and good friends, > > I want to know how much network traffic a Windows computer is > responsible for. The Windows computer is connected to a switch, > the switch is connected to a router running OpenBSD, and the router is > connected eventually to the internet service provider. > > Windows -- Switch OpenBSD ISP > Other computers --/ > > How can I find out how many bytes this Windows computer sent or received > through the router within some time period? > > I'm concerned only about communication with the internet, not > communication between Windows and "other computers", so it suffices > to count all bytes passing through the OpenBSD computer that originate > from or are destined for the Windows computer. I think this simple match rule in /etc/pf.conf does exactly what you need: match out on egress from $windows_host label windows Replace $windows_host with the local IP number of that host or set it in a pf macro. This labels all the traffic matching the pattern. You can look at the statistics using pfctl: # pfctl -s labels windows 11 212902 261910228 174124 259893752 38778 2016476 0 Obviously some scripting and cronjob required if you want this automated in a nice format. man pfctl and pf.conf for more information
Re: Counting traffic of one host through an OpenBSD computer
On Thu, Jun 17, 2021 at 3:01 PM Ibsen S Ripsbusker wrote: > I want to know how much network traffic a Windows computer is > responsible for. The Windows computer is connected to a switch, > the switch is connected to a router running OpenBSD, and the router is > connected eventually to the internet service provider. > > Windows -- Switch OpenBSD ISP > Other computers --/ > > How can I find out how many bytes this Windows computer sent or received > through the router within some time period? > > I'm concerned only about communication with the internet, not > communication between Windows and "other computers", so it suffices > to count all bytes passing through the OpenBSD computer that originate > from or are destined for the Windows computer. If you didn't set up something ahead of time to capture this, you likely can't. Ideally you'd want to export IPFIX/NetFlow data from your switch or router and report on this data.
Counting traffic of one host through an OpenBSD computer
My great and good friends, I want to know how much network traffic a Windows computer is responsible for. The Windows computer is connected to a switch, the switch is connected to a router running OpenBSD, and the router is connected eventually to the internet service provider. Windows -- Switch OpenBSD ISP Other computers --/ How can I find out how many bytes this Windows computer sent or received through the router within some time period? I'm concerned only about communication with the internet, not communication between Windows and "other computers", so it suffices to count all bytes passing through the OpenBSD computer that originate from or are destined for the Windows computer. I avail myself of this opportunity to renew to you the assurances of my highest consideration. Ibsen S Ripsbusker
