Navigation

    Netgate Discussion Forum
    • Register
    • Login
    • Search
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search

    Tools for tracking what is in each queue?

    Traffic Shaping
    3
    4
    2539
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • M
      Mersault last edited by

      I'm looking for decent tools for tracking connections as they travel through the traffic shaper. Mostly I'm looking to monitor my default queue to watch for traffic that I should be siphoning off into other queues (my room mate might install a new p2p app, for instance). Also it would be useful for making sure that my rules really are grabbing all the traffic they should be.

      If there isn't one specific tool which can perform this feat, what combination would work best?

      I've got bandwidthd installed, which is useful for aggregate totals, but since the p2p and passive ftp traffic on my network is on non-standard ports (and I can't find a way to modify what ports are in which groups for bandwidthd) most everything is classified as 'tcp' traffic, which isn't particularly helpful. The state table can be useful sometimes, but I frequently have 1300-2500 states from the bittorrent downloads that are a near constant reality. I'm hoping there's something out there that is a little more sophisticated than those two options.

      1 Reply Last reply Reply Quote 0
      • H
        hoba last edited by

        To check live traffic go to the shell (or even better ssh with a big screen if you have enabled it at system>advanced) and run pftop. It will show you bandwidthusage and states and so on in realtime.

        1 Reply Last reply Reply Quote 0
        • M
          Mersault last edited by

          I've used that before, but if I have a couple of bittorrent transfers going totaling 2 or 3 megabits (but nicely tucked into the p2p queue), I have a hard time finding the source of the 200 kilobits going out the default queue.

          But yes, that is a useful tool, I was just hoping for something with a bit more granularity. Unless pftop does have the the granularity I'm looking for and I just haven't played with it enough, I'm more familiar with iftop on linux. If pftop has support to use regex to remove certain types of traffic from the displayed connections, then that would be useful.

          1 Reply Last reply Reply Quote 0
          • U
            unreal1024 last edited by

            Hi, use command in to shell:
            Example:
            "tcpdump -e -i pflog0 dst host 10.211.0.11"

            tcpdump -e -i pflog0 src host 10.211.0.11

            tcpdump: WARNING: pflog0: no IPv4 address assigned
            tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
            listening on pflog0, link-type PFLOG (OpenBSD pflog file), capture size 96 bytes
            13:05:02.396415 rule 719.qlandef.50/0(match): pass in on rl1: 10.211.0.11.59965                                                      > www.abradio.cz.http: S 1488749629:1488749629(0) win 65535 <mss 1460,nop,nop,sa =""  ="" ckok="">13:05:19.054825 rule 719.qlandef.50/0(match): pass in on rl1: 10.211.0.11.65421 > email.seznam.cz.http: F 1625822815:1625822815(0) ack 2522178552 win 65192
            13:05:19.107717 rule 719.qlandef.50/0(match): pass in on rl1: 10.211.0.11.60423 > email.seznam.cz.http: S 3563559450:3563559450(0) win 65535</mss>

            1 Reply Last reply Reply Quote 0
            • First post
              Last post