network monitoring tool
Peter
petermatulis at yahoo.ca
Tue Dec 20 10:53:52 PST 2005
--- Imran Imtiaz <imran at darkstar.thelakecity.com.pk> wrote:
> can anyone tell me which is the best network monitoring tool for unix
> which can tell me that from which ip the traffic is comming and the type
> of traffic and in which i can give a criteria like today which ip has
> downloaded how much amount of data. I am currently using ntop but it is
> not showing me the details based on criteria it just show me the traffic
> from the day it is up. I want something simple and effective.
I use OpenBSD's pf and, with its label feature, it is not difficult to
extract statistics with a shell script. Right now I am looking at traffic
type, not IP addresses. It all depends on how you create your rules.
Below is a sample pf rule and the output my script provides me.
pass out on $EXT \
inet proto udp \
from $EXT to any \
port 123 \
keep state \
label "outbound - $proto:$dstport ->"
============================
Host: kovacs.domain.com
Interface: tun0
Month: December 2005
Timestamp: Dec 20 13:30
Data time: 8d 3h 40m
------------------------------------------
Traffic type Bytes-in Bytes-out
------------------------------------------
icmp:echoreq 45108 45528
tcp:110 343961 52701
tcp:113 0 0
tcp:11371 0 0
tcp:119 0 0
tcp:20 0 0
tcp:21 123577 79800
tcp:22 0 0
tcp:25 50400 53476
tcp:2703 0 0
tcp:43 5833 863
tcp:443 12338 2914
tcp:53 0 0
tcp:6112 0 0
tcp:6667 0 0
tcp:80 48203259 5243942
udp:123 366396 381064
udp:53 2629955 1584473
udp:6277 2384 2262
--------------------------------------------------
TOTALS(B) 51603928 7401496
TOTALS(MB) 49.21 7.05
RATE(B/m) 4395.56 630.45
============================
__________________________________________________________
Find your next car at http://autos.yahoo.ca
More information about the freebsd-questions
mailing list