Hi, As Tom mentioned, one of the least resource consuming ways to identify sources and volumes of the traffic seen on or in and out of your network is to set up for pflow aka netflow sensors and collectors.
Based on the data you collect you can then analyse and make decisions that hopefully reflect the actual traffic patterns you are dealing with. Several sources of useful information are available, Tom already mentioned The Book of PF and the article about tracking down a source of disruption based on netflow data. It is possible that you could find something useful in the slides for the latest "Network Management with the OpenBSD Packet Filter Toolset" tutorial, to be found at https://nxdomain.no/~peter/pf_fullday.pdf (possibly to be updated for the upcoming Dublin event). I would of course be delighted if you do buy The Book of PF, and the article Tom referred to can also be found *without G's trackers* at https://nxdomain.no/~peter/yes_you_too_can_be_an_evil_network_verlord.html (the liberated versions of other blogposts can be found, pre-prettification at https://nxdomain.no/~peter/blogposts/) - Peter -- Peter N. M. Hansteen, member of the first RFC 1149 implementation team https://bsdly.blogspot.com/ https://www.bsdly.net/ https://www.nuug.no/ "Remember to set the evil bit on all malicious network traffic" delilah spamd[29949]: 85.152.224.147: disconnected after 42673 seconds.
