• Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login
Netgate Discussion Forum
  • Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login

Tools for tracking what is in each queue?

Scheduled Pinned Locked Moved Traffic Shaping
4 Posts 3 Posters 2.8k Views
Loading More Posts
  • Oldest to Newest
  • Newest to Oldest
  • Most Votes
Reply
  • Reply as topic
Log in to reply
This topic has been deleted. Only users with topic management privileges can see it.
  • M
    Mersault
    last edited by Feb 26, 2007, 10:12 PM

    I'm looking for decent tools for tracking connections as they travel through the traffic shaper. Mostly I'm looking to monitor my default queue to watch for traffic that I should be siphoning off into other queues (my room mate might install a new p2p app, for instance). Also it would be useful for making sure that my rules really are grabbing all the traffic they should be.

    If there isn't one specific tool which can perform this feat, what combination would work best?

    I've got bandwidthd installed, which is useful for aggregate totals, but since the p2p and passive ftp traffic on my network is on non-standard ports (and I can't find a way to modify what ports are in which groups for bandwidthd) most everything is classified as 'tcp' traffic, which isn't particularly helpful. The state table can be useful sometimes, but I frequently have 1300-2500 states from the bittorrent downloads that are a near constant reality. I'm hoping there's something out there that is a little more sophisticated than those two options.

    1 Reply Last reply Reply Quote 0
    • H
      hoba
      last edited by Feb 26, 2007, 10:28 PM

      To check live traffic go to the shell (or even better ssh with a big screen if you have enabled it at system>advanced) and run pftop. It will show you bandwidthusage and states and so on in realtime.

      1 Reply Last reply Reply Quote 0
      • M
        Mersault
        last edited by Feb 26, 2007, 11:24 PM

        I've used that before, but if I have a couple of bittorrent transfers going totaling 2 or 3 megabits (but nicely tucked into the p2p queue), I have a hard time finding the source of the 200 kilobits going out the default queue.

        But yes, that is a useful tool, I was just hoping for something with a bit more granularity. Unless pftop does have the the granularity I'm looking for and I just haven't played with it enough, I'm more familiar with iftop on linux. If pftop has support to use regex to remove certain types of traffic from the displayed connections, then that would be useful.

        1 Reply Last reply Reply Quote 0
        • U
          unreal1024
          last edited by Mar 13, 2007, 12:06 PM

          Hi, use command in to shell:
          Example:
          "tcpdump -e -i pflog0 dst host 10.211.0.11"

          tcpdump -e -i pflog0 src host 10.211.0.11

          tcpdump: WARNING: pflog0: no IPv4 address assigned
          tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
          listening on pflog0, link-type PFLOG (OpenBSD pflog file), capture size 96 bytes
          13:05:02.396415 rule 719.qlandef.50/0(match): pass in on rl1: 10.211.0.11.59965                                                      > www.abradio.cz.http: S 1488749629:1488749629(0) win 65535 <mss 1460,nop,nop,sa =""  ="" ckok="">13:05:19.054825 rule 719.qlandef.50/0(match): pass in on rl1: 10.211.0.11.65421 > email.seznam.cz.http: F 1625822815:1625822815(0) ack 2522178552 win 65192
          13:05:19.107717 rule 719.qlandef.50/0(match): pass in on rl1: 10.211.0.11.60423 > email.seznam.cz.http: S 3563559450:3563559450(0) win 65535</mss>

          1 Reply Last reply Reply Quote 0
          • First post
            Last post
          Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.
            This community forum collects and processes your personal information.
            consent.not_received