<div dir="ltr">A little late to the responses, but what you may want on your FreeBSD box (if it is forwarding all packets) is ntop - it will show the bandwidth hogs real time graphically. I use the pfSense ntop package at most of my sites. pfSense will also show real time bandwidth non-graphically in it's base configuration without ntop.</div><div class="gmail_extra"><br clear="all"><div><div class="gmail_signature" data-smartmail="gmail_signature"><div dir="ltr"><div><div dir="ltr"><div dir="ltr"><div dir="ltr"><div><div>Andrew Ruscica</div><div>519.919.2650</div></div><div><br></div></div></div></div></div></div></div></div>
<br><div class="gmail_quote">On Thu, Jan 12, 2017 at 2:04 PM, Jeremy Gransden <span dir="ltr"><<a href="mailto:jeremy.gransden@gmail.com" target="_blank">jeremy.gransden@gmail.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">Thank you all for the responses. I am currently reading through the<br>
Practical Packet Analysis book and playing with wireshark. It is<br>
showing me a wealth of information. It seems to be more of a "look at<br>
what happened before", more so than a "look at what is happening now"<br>
kind of thing though I am only about half way through it. I am dumping<br>
with tcpdump and looking at the .pcap file with wireshark.<br>
<br>
My eventual goal is to do as Mike has suggested. But for the time<br>
being I am stuck with what is working (sorta).<br>
<br>
thanks again for the pointers, I owe you guys a beer next time i can<br>
make it to a meeting.<br>
<br>
thanks,<br>
jeremy<br>
<br>
On Wed, Jan 11, 2017 at 1:00 PM, Mike Wayne <<a href="mailto:semibug15@wayne47.com">semibug15@wayne47.com</a>> wrote:<br>
<span class="">> On Wed, Jan 11, 2017 at 12:07:25PM -0500, Jeremy Gransden wrote:<br>
>> I have a network of 8 pcs and several phones all connected to the<br>
>> Internet and our other locations via a single T1 line.<br>
><br>
</span>> Not sure of your options here but consider dropping in a broadband<br>
> (cable?) connection at each location and creating VPNs between<br>
> them all. You'll keep security, possibly save money and get<br>
> more bandwidth. Plus each location gets fast general Internet.<br>
> Assuming you are running VOIP phones, this should all work fine.<br>
<span class="">><br>
>> How would i find out what host is using the most bandwidth at the<br>
>> FreeBSD bridge?<br>
><br>
</span>> For monitoring, I would start by installing mrtg and configure it<br>
> to watch the traffic on each switch port as well as the T1. That'll<br>
> get you started and give you a better idea of what bandwidth looks<br>
> like on your network.<br>
><br>
> Then, you can install nagios to watch the mrtg data and bitch when<br>
> traffic exceeds certain levels. Note that you can do all sorts of<br>
> creative things here like:<br>
> (T1 bandwidth > 1,400,000 bps) && (switch port > 750,000 bps) [T1 is 90% used and user is using > 50% of max bandwidth]<br>
><br>
> More involved: write dummynet rules to limit bandwidth to each IP<br>
> address which would automatically deal with the problem. Dummynet<br>
> would also permit you to monitor traffic to IP address, port, etc.<br>
<div class="HOEnZb"><div class="h5">><br>
> ______________________________<wbr>_________________<br>
> Semibug mailing list<br>
> <a href="mailto:Semibug@lists.nycbug.org">Semibug@lists.nycbug.org</a><br>
> <a href="http://lists.nycbug.org/mailman/listinfo/semibug" rel="noreferrer" target="_blank">http://lists.nycbug.org/<wbr>mailman/listinfo/semibug</a><br>
<br>
______________________________<wbr>_________________<br>
Semibug mailing list<br>
<a href="mailto:Semibug@lists.nycbug.org">Semibug@lists.nycbug.org</a><br>
<a href="http://lists.nycbug.org/mailman/listinfo/semibug" rel="noreferrer" target="_blank">http://lists.nycbug.org/<wbr>mailman/listinfo/semibug</a><br>
</div></div></blockquote></div><br></div>