-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Greetings,
: I have tried using iptraf for my NAT firewall to analyse the IP
: traffic. Basically I am faced with this difficulty of related the
: source IP to the outgoing interface to the internet, so I am
: wondering if anyone has a suggestion for a different ways to do
: it, or a suggestion for a better tool.
I don't know of a flow analysis tool that records internal and
external addresses at the NAT boundary. Without knowing how you
separate your traffic outbound, it'd be hard for us to guess what
the shortcomings of any of these solutions might be, but here are a
few ideas:
* Record the state of /proc/net/ip_conntrack and your flow
information snapshots at exactly the same time. Use the
ip_conntrack state information (programmatically) to yield
the answers you want about usage information.
* Use a flow analysis tool (e.g., argus) to record the flow
information on your internal interface. Since you built the
rules for distributing traffic and selecting the path for
outbound flows, you should be able to map this same logic onto
your recorded flows.
In short, I think you may have better luck approaching the problem
as a flow-analysis problem than a statistical summarization of
traffic on any specific interface.
Good luck,
- -Martin
- --
Martin A. Brown
http://linux-ip.net/
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2 (GNU/Linux)
Comment: pgf-0.72 (http://linux-ip.net/sw/pine-gpg-filter/)
iD8DBQFG3i65HEoZD1iZ+YcRAkqiAJ4rp7p3Sg+b4i0PYvpXRlHZtrm/ogCfe52L
00fFE3OOeNHP8QIiTRuB9LM=
=Egrt
-----END PGP SIGNATURE-----
_______________________________________________
LARTC mailing list
LARTC@xxxxxxxxxxxxxxx
http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc
