These tools are functional prototypes for monitoring traffic on local interfaces. Both summarize pure IPv4 traffic.
trafficd.pl is a perl script using libpcap. Unfortunately libpcap it is
not very reliable and seems to lose pakets.
trafficd.pl has to be started as user root, but drops its privileges to the user specified by $USER (default: daemon). The first command line parameter denotes the interface which should be monitored by libpcap. After becoming a daemon, it writes its pid to $PID_FILE (default: /var/run/trafficd.pid). Log messages go to syslog ($FACILITY defaults to local3) as accumulated statistics do. $RAWLOG specifies the path to a log file which gets all pakets in a human readable format. Traffic from and to addresses covered by the nets in $CONFIG_FILE (default: /usr/local/etc/mynetworks.conf) is counted as internal, in contrast to traffic, where just the source or destination address lies in those nets.
Trafficd is an ad-hoc command line tool which makes use of the divert(4) socket on FreeBSD. It prints out summarized traffic to stdout. Your ipfw filter list should look something like this:
00020 tee 10001 ip from any to any in 00030 tee 10002 ip from any to any outUse cc -W -Wall -O3 -pipe -s -o trafficd trafficd.c to compile it.