Man Page: bsnmp-pcap(8)

bsnmp-pcap(8)             BSD System Manager's Manual            bsnmp-pcap(8)

NAME
     bsnmp-pcap - an SNMP module which captures network traffic and reports
     the number of packets captured, and the throughput.

DESCRIPTION
     bsnmp-pcap is a module for bsnmpd(1) which allows you to measure arbi-
     trary network traffic. It uses the pcap(3) library (ie: think tcpdump) to
     filter traffic and then allows you to measure the throughput in packets
     or octets.

     Multiple flows of traffic can be measured by the module.

MIBS
     The counters will be available as a table under the following MIB:

            .1.3.6.1.4.1.12325.1.1112

     Or if the appropriate MIB.txt files have been installed:

            enterprises.fokus.begemot.pcap

     The following SNMP MIBs are available for use (where X is the counter
     index):

     pcap.pcapCount
                 The number of network monitors present.

     pcap.pcapTable.pcapEntry.pcapIndex.X
                 The index of the network monitor.

     pcap.pcapTable.pcapEntry.pcapDescr.X
                 A human readable description of the network monitor (may be
                 an empty string).

     pcap.pcapTable.pcapEntry.pcapDevice.X
                 The network device that traffic is being monitored on.

     pcap.pcapTable.pcapEntry.pcapFilter.X
                 The filter used to select certain network packets for moni-
                 toring. Uses the tcpdump(1) syntax.

     pcap.pcapTable.pcapEntry.pcapOctets.X
                 The number of octets seen by the monitor.

     pcap.pcapTable.pcapEntry.pcapPackets.X
                 The number of packets seen by the monitor.

OPTIONS
     To activate the bsnmp-pcap module you must load the module in
     /etc/snmpd.config and use the pingDevice and pingFilter SNMP MIBs in the
     same file to configure the traffic that you'd like to monitor.

EXAMPLES
     The following example has two monitors. The first monitors all TCP traf-
     fic on port 80. The second monitors all broadcast traffic.

     The following would be added to /etc/snmpd.config:

           begemotSnmpdModulePath."pcap" = "/usr/local/lib/snmp_pcap.so"
           %ping
           pcapDescr.1 = "Websites"
           pcapDevice.1 = "em0"
           pcapFilter.1 = "tcp port 80"

           pcapDescr.1 = "Broadcast"
           pcapDevice.1 = "em0"
           pcapFilter.1 = "broadcast"

SEE ALSO
     bsnmpd(1), tcpdump(1)

AUTHOR
     Stef Walter <stef@thewalter.net>

bsnmp-pcap                     January 21, 2009                     bsnmp-pcap

   [ back | home ]