monitoring data traffic with ipfw

[networker_]

Hello,

I need to know the syntax for monitoring the traffic data (in/out) from an interface with ipfw, something like:

ipfw ethX 999 bytes out

I'm on a 8.2 release box 32 bits.

 

[DutchDaemon]

FreeBSD has no ethX interfaces, you know .. Anyway, FreeBSD has tools like netstat(1), systat(1), tcpdump(1), etc. Look into those.

 

[networker_]

ok, thanks for reply.

Well, as you can see I'm new on BSD, so the ethX part was just an example, but replacing that part with a correct interface name the whole idea is clear.

I'll look on the commands that you posted.

Thanks!

 

[ecazamir]

Create the counter rules

/sbin/ipfw add 100 count ip from 1.2.3.4 to 2.3.4.5 out xmit em0 // egress traffic
/sbin/ipfw add 110 count ip from 2.3.4.5 to 1.2.3.4 in recv em0 // ingress traffic

As you can see, the counters can increase only if:
- there is ip traffic from 1.2.3.4 to 2.3.4.5 or back
- the egress traffic is leaving the system via em0, to avoid double counters. traffc from 1.2.3.4 to 2.3.4.5, leaving the machine via em2 won't be counted.
- the ingress traffic is coming through em0

It's a good idea to read the ipfw manual page.

 

[networker_]

Many thanks ecazamir.

That is what I was looking for.

Thanks !