You know one way I use to see what is coming out and going in is ntop if I want to see foreign traffic I make it listen on my external interface. On Thu, 27 Jul 2000, Dennis wrote: > Date: Thu, 27 Jul 2000 11:58:04 -0400 > From: Dennis <dennis@etinc.com> > To: Glynn Clements <glynn@sensei.co.uk>, Lee <lee@ricis.com> > Cc: Linux Network Mailing List <linux-net@vger.rutgers.edu> > Subject: Re: Loging Foreign Network Traffic > > At 10:51 PM 7/26/00 +0100, Glynn Clements wrote: > > > >Lee wrote: > > > >> My problem is this: I want to log all traffic arriving from and > >> departing to foreign computers (foreign as in not from my network). I > >> want to be able to tell who was here, what time they came, how long they > >> were here, and what they did. > >> > >> If you know of any way to perform this task, even if you have a tiny > >> idea, I would appreciate it very much. > > > >Use "ipchains ... -l" to configure firewall rules which log matching > >packets. See the ipchains(8) and ipfw(4) manpages for details. > > I hope you dont have a lot of traffic. Logging 5,000 packets per second can > put a nasty strain on a box. > > db > - > : send the line "unsubscribe linux-net" in > the body of a message to majordomo@vger.rutgers.edu > Noah ksemat@eahd.or.ug - : send the line "unsubscribe linux-net" in the body of a message to majordomo@vger.rutgers.edu
