Joel, Check out pfflowd. This site has a "how to".
Configuration of NetFlow, Flowtools, pfflowd on OpenBSD Have you ever wanted to keep track of every packet going through your firewall? How about getting some stats on the hosts using your network. Stats like most bandwidth used or most popular ports or ip's. Well NetFlow is what your looking for. NetFlow is an open but proprietary network protocol developed by Cisco Systems to run on Cisco IOS-enabled equipment for collecting IP traffic information. http://www.pantz.org/software/flowtools/configflowtoolspfflow.html -- Calomel @ http://calomel.org Open Source Research and Reference On Mon, Nov 12, 2007 at 09:31:08AM -0600, Joel Gudknecht wrote: >Misc list: > >I'm trying to figure out a way to log and analyze bandwidth usage >passing through my PF gateway. It's doing NAT for ~60 users. > >Here are the pertinent logging rules; > >rdr pass log on $ext_if proto tcp to port smtp -> $host >rdr pass log on $ext_if proto tcp to port www -> $host >rdr pass log on $ext_if proto tcp to port pop3 -> $host >rdr pass log on $ext_if proto tcp to port 1494 -> $host >rdr pass log on $ext_if proto tcp to port 3389 -> $host > >pass out log keep state > >I've tried analyzing pflogs using ethereal/wireshark but could not get >specifics about IP's and connection rates from it. I've also looked at >ntop and pftop, which looks good for real-time monitoring but I don't >think they apply for what I'm trying to do. > >I'd like to generate a sorted list of top bandwidth hogs and their IP >addresses. > >Thanks. > >Joel
