Packet filter statistics
Steve Bertrand
iaccounts at ibctech.ca
Thu Sep 9 07:31:39 PDT 2004
> Steve Bertrand wrote:
>> Please bear with me...
>>
>> I've got a Windows 2000 web server that is spewing out over 2Mbps of
>> data which is going out round robin over my 3 T-1 connections.
>> Although there is still more throughput available, this is seemingly
>> rediculous.
>>
>> I've got a fortigate box in front of the server now, but the details
>> it gives aren't quite what I need. What I'd like to have is a FBSD
>> filter (transparent bridge) setup in front of the box, with software
>> that can chart for me what type of packets are being sent/rec'd
>> to/from this box, as well as each packets frequency and size. Any
>> graph would do.
>>
>> I believe this is legit HTTP traffic, but I can't identify packet
>> size
>> (or the size of a single entire HTTP session etc). Seeing this in
>> graphical form would help me immensely.
>>
>> Anyone familiar with available software that I could dump on my
>> filter
>> box that can potentially do something similar like I am looking for?
>>
>> I was contemplating on asking this on -ipfw, however technically
>> it's
>> not a direct IPFW question.
>>
>> Tks everyone for any suggestions.
>>
>> Steve
>>
>> _______________________________________________
>> freebsd-questions at freebsd.org mailing list
>> http://lists.freebsd.org/mailman/listinfo/freebsd-questions
>> To unsubscribe, send any mail to
>> "freebsd-questions-unsubscribe at freebsd.org"
>>
> You may want to check out Ethereal (free packet sniffer)
> www.ethereal.com. I have used this successfully on FreeBSD. Also,
> FreeBSD has a program called tcpdump that will show packets without
> the
> added bells and whistles of Ethereal. One note: if you are using level
> 2
> or higher switches, the sniffer will not pickup all the traffic coming
> out of your Win2k box unless you configure a management port on your
> switch or use a hub with both the sniffer box and the server connected
> to it.
>
> Alternatively, you may be able to run Ethereal on you Win2k box....
>
> Hope this helps.
Thanks for the info...I use ethereal as well as tcpdump quite
frequently, but I need something a little different here.
I don't need to worry about ``sniffing'' as it's normally used,
because the FBSD box will be put right in-line between the affected
box and the core network switch, so ALL packets will travel right
through the box so I can manipulate every single packet as required.
It was suggested (off list unfortuneatly) to check out bandwidthd and
ipaudit.
I'm going to give bandwidthd a try, as it looks very close to what I
want.
Tks,
STeve
>
> Norm
>
> _______________________________________________
> freebsd-questions at freebsd.org mailing list
> http://lists.freebsd.org/mailman/listinfo/freebsd-questions
> To unsubscribe, send any mail to
> "freebsd-questions-unsubscribe at freebsd.org"
>
More information about the freebsd-questions
mailing list