[H-GEN] Traffic analysis recommendations, Extended Question

Josh Marshall josh at worldhosting.org
Tue Apr 19 19:46:14 EDT 2005


>I too have been looking for a Traffic Analysis program/service/etc
>  
>
My first suggestion would be to use iptables. It can count the number of 
packets and bytes that match the parameters, and if you don't specify a 
target the packets pass right past it untouched.

For example:

iptables -A FORWARD -s 192.168.0.10 -i eth0

matches all packets forwarded from 192.168.0.10, coming from the eth0 
interface.

to see the results just run:

iptables -L FORWARD -v

it will show number of packets and bytes for each rule.

I have extended this information to pull it out and zero the rules every 
5 minutes and store it in a rrd file, which I then use with lrrd to give 
nice display with a browser (I know the images aren't easily read with 
console but it does have min/max/average for daily, weekly, mothly...)

Check it out at: http://220.240.155.197/lrrd/springwood/firewall.html

Regards,
Josh.





More information about the General mailing list