On Thu, Jun 17, 2021 at 10:53 PM Ibsen S Ripsbusker <[email protected]> wrote: > > My great and good friends, > > I want to know how much network traffic a Windows computer is > responsible for. The Windows computer is connected to a switch, > the switch is connected to a router running OpenBSD, and the router is > connected eventually to the internet service provider. > > Windows ---------- Switch ---- OpenBSD ---- ISP > Other computers --/ > > How can I find out how many bytes this Windows computer sent or received > through the router within some time period? > > I'm concerned only about communication with the internet, not > communication between Windows and "other computers", so it suffices > to count all bytes passing through the OpenBSD computer that originate > from or are destined for the Windows computer.
I think this simple match rule in /etc/pf.conf does exactly what you need: match out on egress from $windows_host label windows Replace $windows_host with the local IP number of that host or set it in a pf macro. This labels all the traffic matching the pattern. You can look at the statistics using pfctl: # pfctl -s labels windows 11 212902 261910228 174124 259893752 38778 2016476 0 Obviously some scripting and cronjob required if you want this automated in a nice format. man pfctl and pf.conf for more information
