Re: Bandwidth consume by IP address

Previous message: [thread] [date] [author]
Next message: [thread] [date] [author]

From: Peter N. M. Hansteen

Subject: Re: Bandwidth consume by IP address

Date: Saturday, October 2, 2010 - 12:35 am

Hermes Ojeda Ruiz <hermes.o.r@gmail.com> writes:

quoted text> I'm working with a OpenBSD firewall on embedded hardware, and the client
> want to know the bandwidth consume by IP address.
>
> I don't know if this is possible using PF, another tool or making scripts to
> get the information.

There are a few options available. One is to write the rule set with
labels to collect statistics, making sure the labels are one per IP
address.  The other main option is to use pflow(4), with 'set
state-defaults pflow' or 'keep state (pflow)' for individual rules in
your rule set, set up a collector somewhere and extract the data you
need per IP address.  If you go for pflow, the pflow man page will get
you started.  I'd recommend taking a look at Michael W. Lucas' recent
book for the Netflow analysis part, while the upcoming second edition
of the Book of PF contains a bit of material about both approaches too
(the first edition has only the labels part).

- Peter
-- 
Peter N. M. Hansteen, member of the first RFC 1149 implementation team
http://bsdly.blogspot.com/ http://www.bsdly.net/ http://www.nuug.no/
"Remember to set the evil bit on all malicious network traffic"
delilah spamd[29949]: 85.152.224.147: disconnected after 42673 seconds.

Previous message: [thread] [date] [author]
Next message: [thread] [date] [author]

Messages in current thread:

Bandwidth consume by IP address, Hermes Ojeda Ruiz, (Fri Oct 1, 6:57 pm)

Re: Bandwidth consume by IP address, Bret S. Lambert, (Fri Oct 1, 9:59 pm)

Re: Bandwidth consumed by computer on the network, Hermes Ojeda Ruiz, (Fri Oct 1, 11:42 pm)

Re: Bandwidth consume by IP address, Peter N. M. Hansteen, (Sat Oct 2, 12:35 am)

Re: Bandwidth consume by IP address, Stuart Henderson, (Sat Oct 2, 6:28 am)


linux-kernel:
Greg Kroah-Hartman	[PATCH 041/196] kobject: add kobject_init_and_add function
Lukas Hejtmanek	Re: Another libata error related to OCZ SSD
Greg Kroah-Hartman	[PATCH 023/196] MCP_UCB1200: Convert from class_device to device
Florian Fainelli	Re: System clock runs too fast after 2.6.27 -> 2.6.28.1 upgrade
Christoph Lameter	[patch 1/4] mmu_notifier: Core code
git:
Johannes Schindelin	Re: [PATCH 1/2] Add strbuf_initf()
John Bito	[EGIT] Push to GitHub caused corruption
Jakub Narebski	Re: [PATCH 0/2] gitweb: patch view
Junio C Hamano	Re: [PATCH] When a remote is added but not fetched, tell the user.
Andy Parkins	Re: [RFC] Submodules in GIT
git-commits-head:
Linux Kernel Mailing List	ahci: Workaround HW bug for SB600/700 SATA controller PMP support
Linux Kernel Mailing List	V4L/DVB (11086): au0828: rename macro for currently non-function VBI support
Linux Kernel Mailing List	ceph: client types
Linux Kernel Mailing List	ceph: on-wire types
Linux Kernel Mailing List	crypto: chainiv - Use kcrypto_wq instead of keventd_wq
linux-netdev:
Andrew Morton	Re: [Bugme-new] [Bug 14969] New: b44: WOL does not work in suspended state
Giuseppe CAVALLARO	Re: [PATCH 03/13] stmmac: add the new Header file for stmmac platform data
Taku Izumi	[PATCH 3/3] ixgbe: add registers etc. printout code just before resetting adapters
Eric Dumazet	rps: some comments
Thomas Gleixner	Re: [RFC PATCH 02/12] On Tue, 23 Sep 2008, David Miller wrote:
openbsd-misc:
Stephan Andreas	problems with login after xlock in OpenBSD release 4.7
pmc	Make A Change. Alcoholism and Drug Addiction Treatment
ropers	Re: what exactly is enc0?
Fuad NAHDI	Re: What does your environment look like?
Matthew Szudzik	Typo on OpenBSD 4.4 CD Set