Hello Guys,
I have the scenario following:
One freeBSD that works as router, so, most of the traffic that pass through an interface is not connection, but just packages that are being routed.
I wanna monitoring all traffic passing through an interface, no just the traffic generated by connections.
Is possible make this monitoring without change the source code of the iftop?
If not, which part of source code should I change?
Thanks!
On 21/10/2011 14:20, joedson marques wrote:
Hello Guys,
I have the scenario following:
One freeBSD that works as router, so, most of the traffic that pass through an interface is not connection, but just packages that are being routed.
I wanna monitoring all traffic passing through an interface, no just the traffic generated by connections.
This sounds like what iftop should do by default.
Paul
My situation is identical. In my case, I have a tunnel interface via PPPoE and an ethernet interface connecting to my wireless network. Since the traffic has to pass through the FreeBSD box, iftop works great on either interface and I can tell who is clogging our DSL connection using it.
Scott
On Fri, Oct 21, 2011 at 8:20 AM, joedson marques joedson.anid@gmail.comwrote:
Hello Guys,
I have the scenario following:
One freeBSD that works as router, so, most of the traffic that pass through an interface is not connection, but just packages that are being routed.
I wanna monitoring all traffic passing through an interface, no just the traffic generated by connections.
Is possible make this monitoring without change the source code of the iftop?
If not, which part of source code should I change?
Thanks!
Warren,
Sorry for won't be clear;
Lets me try explain better.
As long I open the iftop (passing an interface as parameter) it's show all traffic passing through the respective interface; but shortly after, it starts decreasing the traffic that value, until remains only: current bandwidth usage by *pairs of hosts*, this means, only hosts *directy connected* with the current host (the freeBSD).
As this host is a router, most of the traffic that pass through it, isn't directy connected with it, it's *just forwards* this traffic.
So, as I wanna monitoring *whole bandwidth*, passing through the interface, the iftop does not show it (all the time, just when I start it); just the traffic of pairs of hosts.
Is possible monitoring all traffic passing through the interface, instead only the traffic of the pairs?
Thanks!
Any difference in behavior if you use the "-p" (promiscuous) option?
Are you using the previous release (0.17) or 1.0pre2?
Scott
On Fri, Oct 21, 2011 at 1:04 PM, joedson marques joedson.anid@gmail.comwrote:
Warren,
Sorry for won't be clear;
Lets me try explain better.
As long I open the iftop (passing an interface as parameter) it's show all traffic passing through the respective interface; but shortly after, it starts decreasing the traffic that value, until remains only: current bandwidth usage by *pairs of hosts*, this means, only hosts *directy connected* with the current host (the freeBSD).
As this host is a router, most of the traffic that pass through it, isn't directy connected with it, it's *just forwards* this traffic.
So, as I wanna monitoring *whole bandwidth*, passing through the interface, the iftop does not show it (all the time, just when I start it); just the traffic of pairs of hosts.
Is possible monitoring all traffic passing through the interface, instead only the traffic of the pairs?
Thanks!
Bertilson,
It's remains the same wiht "-p". Even if this works, is not what I want,I wanna the whole bandwith, passing through a single interface.
I'm using the release 0.17.
Thanks!
On Fri, Oct 21, 2011 at 3:31 PM, Scott Bertilson ssb@umn.edu wrote:
Any difference in behavior if you use the "-p" (promiscuous) option?
Are you using the previous release (0.17) or 1.0pre2?
Scott
On Fri, Oct 21, 2011 at 1:04 PM, joedson marques joedson.anid@gmail.comwrote:
Warren,
Sorry for won't be clear;
Lets me try explain better.
As long I open the iftop (passing an interface as parameter) it's show all traffic passing through the respective interface; but shortly after, it starts decreasing the traffic that value, until remains only: current bandwidth usage by *pairs of hosts*, this means, only hosts *directy connected* with the current host (the freeBSD).
As this host is a router, most of the traffic that pass through it, isn't directy connected with it, it's *just forwards* this traffic.
So, as I wanna monitoring *whole bandwidth*, passing through the interface, the iftop does not show it (all the time, just when I start it); just the traffic of pairs of hosts.
Is possible monitoring all traffic passing through the interface, instead only the traffic of the pairs?
Thanks!
It might be worth your while to see if you can try to build and test the 1.0 pre-release: http://www.ex-parrot.com/~pdw/iftop/download/iftop-1.0pre2.tar.gz
Scott
On Fri, Oct 21, 2011 at 1:49 PM, joedson marques joedson.anid@gmail.comwrote:
Bertilson,
It's remains the same wiht "-p". Even if this works, is not what I want,I wanna the whole bandwith, passing through a single interface.
I'm using the release 0.17.
Thanks!
On Fri, Oct 21, 2011 at 3:31 PM, Scott Bertilson ssb@umn.edu wrote:
Any difference in behavior if you use the "-p" (promiscuous) option?
Are you using the previous release (0.17) or 1.0pre2?
Scott
On Fri, Oct 21, 2011 at 1:04 PM, joedson marques joedson.anid@gmail.comwrote:
Warren,
Sorry for won't be clear;
Lets me try explain better.
As long I open the iftop (passing an interface as parameter) it's show all traffic passing through the respective interface; but shortly after, it starts decreasing the traffic that value, until remains only: current bandwidth usage by *pairs of hosts*, this means, only hosts *directy connected* with the current host (the freeBSD).
As this host is a router, most of the traffic that pass through it, isn't directy connected with it, it's *just forwards* this traffic.
So, as I wanna monitoring *whole bandwidth*, passing through the interface, the iftop does not show it (all the time, just when I start it); just the traffic of pairs of hosts.
Is possible monitoring all traffic passing through the interface, instead only the traffic of the pairs?
Thanks!
On 21/10/2011 19:04, joedson marques wrote:
Warren,
Sorry for won't be clear;
Lets me try explain better.
As long I open the iftop (passing an interface as parameter) it's show all traffic passing through the respective interface; but shortly after, it starts decreasing the traffic that value, until remains only: current bandwidth usage by *pairs of hosts*, this means, only hosts *directy connected* with the current host (the freeBSD).
That sounds like a very strange bug, and not one that I've seen before.
iftop shows bandwidth between pairs of hosts, but neither of those hosts need be the host on which iftop is running.
I've used iftop on routers, and it shows all traffic flowing through the interface.
How much network traffic is the router seeing?
Just one thought - freezing screen order (pressing "o") could give an effect that is a little bit like what you describe.
Paul
-
joedson marques -
Paul Warren -
Scott Bertilson