I'm using my FreeBSD machine as a NAT'ing router (and wireless access point), between the "internal" network (both wired and wireless), and an external network. This is done the usual boring way, enabling forwarding, PF rules to do some filtering and then NAT everything to the external network, and a DHCP server for the internal network. Works great.
I can obviously monitor the total traffic going to the outside world, for example with netstat on the external interface. Similarly, I can monitor all the hosts on the internal networks. Using pfctl -s states, I can see which connections are currently established through NAT.
What I don't know how to do: See which connection is using how much bandwidth. For example, when I find that a lot of bandwidth is being used on the external network, and some users are not getting enough bandwidth, it is very hard to track that down to who is using all that bandwidth. Did someone leave a youtube video running by mistake? Is a windows machine downloading virus updates? Or what else is going on?
Usually, I don't even need the full statistics, the "top 5" would be perfectly sufficient. Also, I don't need quotas, enforcement, alto, QoS, or anything that complicated. Just an answer to the simple question: Which connections are the heaviest network users right now?
Any ideas?
I can obviously monitor the total traffic going to the outside world, for example with netstat on the external interface. Similarly, I can monitor all the hosts on the internal networks. Using pfctl -s states, I can see which connections are currently established through NAT.
What I don't know how to do: See which connection is using how much bandwidth. For example, when I find that a lot of bandwidth is being used on the external network, and some users are not getting enough bandwidth, it is very hard to track that down to who is using all that bandwidth. Did someone leave a youtube video running by mistake? Is a windows machine downloading virus updates? Or what else is going on?
Usually, I don't even need the full statistics, the "top 5" would be perfectly sufficient. Also, I don't need quotas, enforcement, alto, QoS, or anything that complicated. Just an answer to the simple question: Which connections are the heaviest network users right now?
Any ideas?