Ok, I've done research, and found this example to track bytes per ip on LAN:
$IPFW pipe 1 config mask src-ip 0x buckets 512
$IPFW pipe 2 config mask dst-ip 0x buckets 512
$IPFW add 32001 pipe 1 src-ip 192.168.110.0/24 bridged
$IPFW add 32002 pipe 2 dst-ip 192.168.110.0/24 bridge
Roger T. Harvey wrote:
$IPFW pipe 1 config mask src-ip 0x buckets 512
$IPFW pipe 2 config mask dst-ip 0x buckets 512
$IPFW add 32001 pipe 1 src-ip 192.168.110.0/24 bridged
$IPFW add 32002 pipe 2 dst-ip 192.168.110.0/24 bridged
Now that's all well and good, and I saw the output a
ipfw add 5 skipto 500 ip from 192.168.110.1 to any out via tun0
ipfw add 10 skipto 500 ip from any to 192.168.110.1 to any in via tun0
ipfw add .. skipto 500 ip from 192.168.110... to any out via tun0
...
ipfw add 500 divert from any to any in via tun0 #back to normal rules
ipfw show
0
On Sun, Jun 18, 2006 at 07:26:44AM -0700, Nash Nipples wrote:
>ipfw add 5 skipto 500 ip from 192.168.110.1 to any out via tun0
> ipfw add 10 skipto 500 ip from any to 192.168.110.1 to any in via tun0
> ipfw add .. skipto 500 ip from 192.168.110... to any out via tun0
> ...
> ipfw add 500 d
Brian Candler (B.Candler) writes:
>
> Another approach is to capture absolutely everything using libpcap into a
> userland process, and then post-process afterwards.
ports/net/ipfm - been using it for some years now.
> Another approach is to use statistical sampling - pick packets at ra
On Sun, Jun 18, 2006 at 08:21:51PM +0200, Phil Regnauld wrote:
> > very efficient way of doing this analysis. You can turn the sflow data into
> > simple CSV records using 'sflowtool', or ntop has an sflow module.
>
> Ntop just seems very unreliable and bloated to me, at least after
>
On Sun, Jun 18, 2006 at 08:21:51PM +0200, Phil Regnauld wrote:
> very efficient way of doing this analysis. You can turn the sflow data
> into
> simple CSV records using 'sflowtool', or ntop has an sflow module.
Ntop just seems very unreliable and bloated to me, at least after
version 1. Has i
On Sun, 18 Jun 2006, at 09:20, Roger T. Harvey wrote:
> Ok, I've done research, and found this example to track bytes per ip on LAN:
As suggested, ng_netflow() coupled with net-mgmt/nfdump may well do
what you need. net-mgmt/nfsen on top of that if you change your mind
regarding graphs.
Oh come on guys, are we talking about accounting or packets sniffing? if so, i
believe that tcpdump should be rewritten into tcpacc with no ability to see
packets. and make it more flexible.
i believe there are number of reasons why guys at FreeBSD do not document the
traffic accounting process