Ok, I've done research, and found this example to track bytes per ip on LAN:
$IPFW pipe 1 config mask src-ip 0x buckets 512
$IPFW pipe 2 config mask dst-ip 0x buckets 512
$IPFW add 32001 pipe 1 src-ip 192.168.110.0/24 bridged
$IPFW add 32002 pipe 2 dst-ip 192.168.110.0/24 bridge
Roger T. Harvey wrote:
$IPFW pipe 1 config mask src-ip 0x buckets 512
$IPFW pipe 2 config mask dst-ip 0x buckets 512
$IPFW add 32001 pipe 1 src-ip 192.168.110.0/24 bridged
$IPFW add 32002 pipe 2 dst-ip 192.168.110.0/24 bridged
Now that's all well and good, and I saw the output a
ipfw add 5 skipto 500 ip from 192.168.110.1 to any out via tun0
ipfw add 10 skipto 500 ip from any to 192.168.110.1 to any in via tun0
ipfw add .. skipto 500 ip from 192.168.110... to any out via tun0
...
ipfw add 500 divert from any to any in via tun0 #back to normal rules
ipfw show
0
On Sun, Jun 18, 2006 at 07:26:44AM -0700, Nash Nipples wrote:
>ipfw add 5 skipto 500 ip from 192.168.110.1 to any out via tun0
> ipfw add 10 skipto 500 ip from any to 192.168.110.1 to any in via tun0
> ipfw add .. skipto 500 ip from 192.168.110... to any out via tun0
> ...
> ipfw add 500 d
Brian Candler (B.Candler) writes:
>
> Another approach is to capture absolutely everything using libpcap into a
> userland process, and then post-process afterwards.
ports/net/ipfm - been using it for some years now.
> Another approach is to use statistical sampling - pick packets at ra
John Polstra wrote this message on Thu, Jun 15, 2006 at 09:18 -0700:
> in the HW but have not yet completed. When the completion interrupt
> comes in, the driver is supposed to check the if_snd queue for more
> mbufs and process them. Only when the transmit side of the HW goes
> totally idle shou
On Sun, Jun 18, 2006 at 08:21:51PM +0200, Phil Regnauld wrote:
> > very efficient way of doing this analysis. You can turn the sflow data into
> > simple CSV records using 'sflowtool', or ntop has an sflow module.
>
> Ntop just seems very unreliable and bloated to me, at least after
>
On Sun, Jun 18, 2006 at 08:21:51PM +0200, Phil Regnauld wrote:
> very efficient way of doing this analysis. You can turn the sflow data
> into
> simple CSV records using 'sflowtool', or ntop has an sflow module.
Ntop just seems very unreliable and bloated to me, at least after
version 1. Has i
On Sun, 18 Jun 2006, at 09:20, Roger T. Harvey wrote:
> Ok, I've done research, and found this example to track bytes per ip on LAN:
As suggested, ng_netflow() coupled with net-mgmt/nfdump may well do
what you need. net-mgmt/nfsen on top of that if you change your mind
regarding graphs.
Hi, all:
I have a question about line 1765 to 1776 in tcp_input():
/*
* If the ACK bit is off: if in SYN-RECEIVED state or SENDSYN
* flag is on (half-synchronized state), then queue data for
* later processing; else drop segment and return.
*/
if ((thflags & TH_ACK) == 0)
10 matches
Mail list logo
