monitoring lan->wan

Kurt Buff kurt.buff at gmail.com
Fri Oct 20 18:03:10 UTC 2006 

On 10/20/06, Zbigniew Szalbot <zbyszek at szalbot.homedns.org> wrote:
> Hello,
>
> Is there anything you would *recommend* re monitoring internet usage (LAN
> to WAN), something that is available in ports? This would have to be
> something that would allow me to tie it with a router as my FBSD is not a
> gateway. This function is handled by our Dlink DFL router.
>
> Many thanks in advance!
>
> --
> Zbigniew Szalbot

That really depends on the functionality of your router (and I'm not
familiar with it, so can't comment on it), the configuration of your
internal network and what you mean by 'monitoring internet usage'..

Do you only need to show aggregate traffic flow, to monitor total
usage over time? If so, and if the router is SNMP-capable, then cacti
(or mrtg, but it's not my preference) or some other some other utility
that can get and graph SNMP stats will do what you want.

If you wish to characterize the traffic to and from the Internet by
protocol and/or user, then you'll have to do something more than
simply using SNMP to monitor throughput on the router. In that case,
you'll need to have your FreeBSD box actually parse the traffic, or
get a netflow from the router (assuming that it can do that.) and ntop
is a good start for the software you want, or perhaps etherape.
Assuming that netflow isn't available from the router (and I think
that's a fairly safe bet) the trick will be making sure that your
FreeBSD box will see the traffic, and for that you'll need something
like one of the following setups:

1) Put the router and your box on a dumb hub (not a switch) so that
all of the traffic going to the router is visible to your box

or

2) Have the router (again, assuming it's a multiport router, and
capable of this, which is quite doubtful) mirror the traffic to a port
to which your box is attached,

or

3) Install two NICs in your box and have your router and your box
attached to a switch that can mirror all of the traffic to the router
- the first NIC will only receive traffic from the switch, the second
NIC will have an IP address and be available for monitoring the box,
including output from ntop or etherape.

or

4)  More tricky still, install two NICs in your box and have it act as
a transparent bridge between your network and your router. I'm not
familiar with this kind of setup, though I like the idea, and will be
playing with it in my copious free time. :)

or

5) Get a network tap cable, which is essentially a three-headed patch
cable that provides receive-only wires for the third head, and that
receive-only head is put into a second NIC on your box.

Kurt

More information about the freebsd-questions mailing list