[H-GEN] Traffic analysis recommendations, Extended Question
Josh Marshall
josh at worldhosting.org
Tue Apr 19 19:46:14 EDT 2005
>I too have been looking for a Traffic Analysis program/service/etc
>
>
My first suggestion would be to use iptables. It can count the number of
packets and bytes that match the parameters, and if you don't specify a
target the packets pass right past it untouched.
For example:
iptables -A FORWARD -s 192.168.0.10 -i eth0
matches all packets forwarded from 192.168.0.10, coming from the eth0
interface.
to see the results just run:
iptables -L FORWARD -v
it will show number of packets and bytes for each rule.
I have extended this information to pull it out and zero the rules every
5 minutes and store it in a rrd file, which I then use with lrrd to give
nice display with a browser (I know the images aren't easily read with
console but it does have min/max/average for daily, weekly, mothly...)
Check it out at: http://220.240.155.197/lrrd/springwood/firewall.html
Regards,
Josh.
More information about the General
mailing list