*BSD News Article 78157


Return to BSD News archive

Path: euryale.cc.adfa.oz.au!newshost.carno.net.au!harbinger.cc.monash.edu.au!munnari.OZ.AU!news.mel.connect.com.au!news.syd.connect.com.au!news.bri.connect.com.au!corolla.OntheNet.com.au!news
From: Tony Griffiths <tonyg@OntheNet.com.au>
Newsgroups: comp.unix.bsd.freebsd.misc
Subject: Re: Band Width Monitoring
Date: Fri, 13 Sep 1996 00:23:22 +1000
Organization: On the Net (ISP on the Gold Coast, Australia)
Lines: 29
Message-ID: <32381CDA.2138@OntheNet.com.au>
References: <3237F4E5.2781E494@corpex.com>
Reply-To: tonyg@OntheNet.com.au
NNTP-Posting-Host: swanee.nt.com.au
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
X-Mailer: Mozilla 3.0 (WinNT; I)
To: Neil Fowler Wright <neil@corpex.com>

Neil Fowler Wright wrote:
> 
> Hi,
> 
> We have a leased line that has overall Bandwidth monitoring by our
> service provider.  However we would like to monitor the IP traffic
> on our network by IP number.
> 
> Under Solaris there is a 'snoop' utility that allows you to watch the
> ethernet port, and hence see all traffic, but a) I havn't encountered
> this under FreeBSD, b) It's a bit like cracking a nut with a wrecking
> ball ;-)
> 
> Something that simply watches for 'a period' every 'larger period'
> and logs to a table the data/IP_No.
> 
> Cheers,
> 
> --
> Neil Fowler Wright                      Systems Administrator
> Corpex Ltd.                             +44 171 242 4555

The Berkley Packet Filter (bpfilter pseudodevice option) allows a
super-user process to capture ethernet packets and look at them.  I've
only used it with 'tcpdump' but there might be other IP hdr-type capture
programs available or at least point you on the right track for writing
one yourself!

Tony