Monitoring TCP/IP traffic
As of a few days ago my DSL modem activity light rarely ever goes inactive for long. I am looking for any program anyone could recommend to monitor what's going on. Yesterday I added log options to all my IPFW rules to see if I could find anything suspicious. I added log options even to pass rules and the amount of activity in the DSL modem seems much more than what is reported by IPFW rules. The machine in question is a 4.9 Stable (as of Dec 29) and it acts as a gateway to my other machines. Is there is anything like TOP for TCP/IP? I saw ntop in ports, but it seems only analyzes LAN/internal subnet. ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Monitoring TCP/IP traffic
On Thu, 4 Mar 2004 11:44:48 + (GMT) Francisco Reyes [EMAIL PROTECTED] wrote: Is there is anything like TOP for TCP/IP? I saw ntop in ports, but it seems only analyzes LAN/internal subnet. you could try ethereal (/usr/ports/net/ethereal) ? ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Monitoring TCP/IP traffic
Francisco Reyes wrote: As of a few days ago my DSL modem activity light rarely ever goes inactive for long. I am looking for any program anyone could recommend to monitor what's going on. Yesterday I added log options to all my IPFW rules to see if I could find anything suspicious. I added log options even to pass rules and the amount of activity in the DSL modem seems much more than what is reported by IPFW rules. The machine in question is a 4.9 Stable (as of Dec 29) and it acts as a gateway to my other machines. Is there is anything like TOP for TCP/IP? I saw ntop in ports, but it seems only analyzes LAN/internal subnet. __ tcpdump(1) might be what you want. PWR. ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Monitoring TCP/IP traffic
On Thu, 4 Mar 2004, Francisco Reyes wrote: Is there is anything like TOP for TCP/IP? yes, ntop :) I saw ntop in ports, but it seems only analyzes LAN/internal subnet. You need to tweak its configuration t make it listen on the tun0 interface. Take a look at ngrep too. and snort fr logging suspicious activity. Fer ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
RE: Monitoring TCP/IP traffic
/usr/ports/net/trafshow -Original Message- From: Francisco Reyes [mailto:[EMAIL PROTECTED] Sent: Thursday, March 04, 2004 5:45 AM To: FreeBSD Questions List Subject: Monitoring TCP/IP traffic As of a few days ago my DSL modem activity light rarely ever goes inactive for long. I am looking for any program anyone could recommend to monitor what's going on. Yesterday I added log options to all my IPFW rules to see if I could find anything suspicious. I added log options even to pass rules and the amount of activity in the DSL modem seems much more than what is reported by IPFW rules. The machine in question is a 4.9 Stable (as of Dec 29) and it acts as a gateway to my other machines. Is there is anything like TOP for TCP/IP? I saw ntop in ports, but it seems only analyzes LAN/internal subnet. ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED] CONFIDENTIALITY NOTE: This electronic transmission, including all attachments, is directed in confidence solely to the person(s) to whom it is addressed, or an authorized recipient, and may not otherwise be distributed, copied or disclosed. The contents of the transmission may also be subject to intellectual property rights and all such rights are expressly claimed and are not waived. If you have received this transmission in error, please notify the sender immediately by return electronic transmission and then immediately delete this transmission, including all attachments, without copying, distributing or disclosing same. ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Monitoring TCP/IP traffic
HI! tcpdump is a very good program aswell. / Stefan On Thu, 4 Mar 2004, albi wrote: On Thu, 4 Mar 2004 11:44:48 + (GMT) Francisco Reyes [EMAIL PROTECTED] wrote: Is there is anything like TOP for TCP/IP? I saw ntop in ports, but it seems only analyzes LAN/internal subnet. you could try ethereal (/usr/ports/net/ethereal) ? ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED] -- Stefan Cars Snowfall Communications Tel: +46 (0)18 430 80 50 - Direct: +46 (0)18 430 80 51 Mobile: +46 (0)708 44 36 00 - Fax: +46 (0)708 44 36 04 __ SNOWFALL DISCLAIMER: The information contained in this email and in any attachments is confidential and may be privileged. If you are not the intended recipient, please destroy this message and notify the sender immediately. You should not retain, copy or use this email for any purpose, nor disclose all or any part of its content to any other person. Any views expressed in this message are those of the individual sender, except where the sender specifically states them to be the views of Snowfall Communications. Snowfall Communications monitors the content of emails sent and received via its network for unauthorised use and for other lawful business purposes. The contents of an attachment to this email may contain viruses which could damage your computer system. While Snowfall Communications has taken every reasonable precaution to minimise this risk, we cannot accept liability for any damage which you sustain as a result of software viruses. You should carry out your own virus checks before opening the attachment. ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Monitoring TCP/IP traffic
Is there is anything like TOP for TCP/IP? I saw ntop in ports, but it seems only analyzes LAN/internal subnet. Hm, does 'systat -netstat' maybe already do what you want? ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Monitoring TCP/IP traffic
On 03/04/2004-11:44AM, Francisco Reyes wrote: Is there is anything like TOP for TCP/IP? /usr/ports/net/trafshow ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Monitoring TCP/IP traffic
On Thu, Mar 04, 2004 at 11:44:48AM +, Francisco Reyes said at one point in time: [...] Is there is anything like TOP for TCP/IP? I saw ntop in ports, but it seems only analyzes LAN/internal subnet. net/iftop -r ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Monitoring TCP/IP traffic
On Thu, 4 Mar 2004, ravi pina wrote: On Thu, Mar 04, 2004 at 11:44:48AM +, Francisco Reyes said at one point in time: [...] Is there is anything like TOP for TCP/IP? I saw ntop in ports, but it seems only analyzes LAN/internal subnet. net/iftop Thanks to all that responded. As I was trying different utilities and wasn't seeing anything on my outside card I then decided to disconnect my gateway machine. The high traffic continued. I called my ISP and they told me to run tcpdump and send it to them. A few minutes later the activity was way down. Looks normal now. I still plan to go through all the tools and learn them, but whatever the problem is/was it was not inside my machines/network. ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
