Packet filter statistics

[Norm Vilmer]

Steve Bertrand wrote:
> Please bear with me...
> 
> I've got a Windows 2000 web server that is spewing out over 2Mbps of
> data which is going out round robin over my 3 T-1 connections.
> Although there is still more throughput available, this is seemingly
> rediculous.
> 
> I've got a fortigate box in front of the server now, but the details
> it gives aren't quite what I need. What I'd like to have is a FBSD
> filter (transparent bridge) setup in front of the box, with software
> that can chart for me what type of packets are being sent/rec'd
> to/from this box, as well as each packets frequency and size. Any
> graph would do.
> 
> I believe this is legit HTTP traffic, but I can't identify packet size
> (or the size of a single entire HTTP session etc). Seeing this in
> graphical form would help me immensely.
> 
> Anyone familiar with available software that I could dump on my filter
> box that can potentially do something similar like I am looking for?
> 
> I was contemplating on asking this on -ipfw, however technically it's
> not a direct IPFW question.
> 
> Tks everyone for any suggestions.
> 
> Steve
> 
> _______________________________________________
> freebsd-questions at freebsd.org mailing list
> http://lists.freebsd.org/mailman/listinfo/freebsd-questions
> To unsubscribe, send any mail to "freebsd-questions-unsubscribe at freebsd.org"
> 
You may want to check out Ethereal (free packet sniffer) 
www.ethereal.com. I have used this successfully on FreeBSD. Also, 
FreeBSD has a program called tcpdump that will show packets without the 
added bells and whistles of Ethereal. One note: if you are using level 2 
or higher switches, the sniffer will not pickup all the traffic coming 
out of your Win2k box unless you configure a management port on your 
switch or use a hub with both the sniffer box and the server connected 
to it.

Alternatively, you may be able to run Ethereal on you Win2k box....

Hope this helps.

Norm