[]What is it? A tiny app to count in and out-bytes from a given ethernet-device (to and from a given MAC-address) It was made to enable bandwith-monitoring of spesific hosts on a lan, i.e. a HUB-lan, usefull places where the ISP haven't enabled SNMP on the router; or where there are server with more than one IP, and you want to monitor the entire machine's IP-traffic. []Where do I look for new versions? They should appear on http://mybox.trenger.ro []Limitations/missing features * mrtg-'autoconf' when a new MAC show's up * read a given file in tcpdump-format (like the ones tcpdump -w gives you), could perhaps be usefull for forrensic or similar. []What do I need? A system that you can compile c-source on with libpcap on some flavour of unix. This has been tested on: * Linux (2.x) * Solaris (8) * HP-UX (10.20) * NetBSD - compiled, but not tested (no root) on: * OpenBSD 2.8 * FreeBSD 4.4 Please tell me if you make it work on other platforms! []How to install just `./configure; make; make install` this will put the macwatch binary into /usr/sbin, and the macwatch.sh script to /usr/sbin []How to use Just compile and start it :) These are the valid options: -a mac,file[,revert] add "mac,file[,revert]". i.e. 00:0A:1B:AA:03:3D,/var/log/gw mac is the mac-address you want to monitor. file is the filename to write, to use with macwatch.sh. (mawatch.sh file in mrtg-cfg) Revert will reverse counters for the device (usefull if the graph seems 'backwards') I.e. if host pc1 downloads a file, this app will count bytes going from network to pc1, i.e. it will show as outgoing traffic. -f configfile read a file of "mac,file[,revert]" entries -i interface Which interface to listen to, i.e. eth0 -u interval How often to write file (logfile), in minutes. default is 5 minutes. -p Turn off promiscous mode sniffing -U username/UID User to run as, this is for the paranoid penguins. Socket will be opened before we try to setuid ourselves. -C /path Path we should chroot to, also for the paranoid penguins. !NB! - logfile is openeded every 5 minutes, so remember to specify a logfile that's relative to the jail! !! NB: -g,-l and -r are removed from version 0.2.7 to make room for the new config-type! !! If you want the daemon to start automatically when you boot your system; put this into your rc.local; or similar script: macwatch -a 00:0A:1B:AA:03:3D,/var/log/gw You should be able to use the -a parameter several times to monitor more than one host. you will ofcourse have to switch both mac-address and logfile to your proper settings. or you can use a file: macwatch -f /etc/macwatch.cfg where /etc/macwatch.cfg is the a file consisting of "mac,file[,revert]" entries. Here's the samle mrtg config, remember to change the macwatch.sh parameter if you have more than one device: ------------------------------------------------------------- Target[inet]: `/usr/sbin/macwatch.sh /var/log/wan_usage.db` WithPeak[inet]: my MaxBytes[inet]: 1250000 Options[inet]: nopercent Title[inet]: Internet activity in DMZ PageTop[inet]:

Traffic Analysis for Internet GW

Internet link

System:My internet connection
Maintainer:Owner <mail@hotmail.com)
------------------------------------------------------------- []Bugs Please send bugreports and patches to torgeir@trenger.ro []Author Torgeir Hansen