For me, I will pu another netfilter-box at the same eth backbone as the user. Put this interface in promiscuous mode. and ...... i thing you can check http://ipaudit.sourceforge.net Sincerely -bino- ----- Original Message ----- From: "Carlos Carvalho" <carlos@xxxxxxxxxxxxxx> To: "Adam Rice" <adamrice@xxxxxxxxxxxx> Cc: <netfilter@xxxxxxxxxxxxxxxxxxx> Sent: Monday, January 19, 2004 3:16 AM Subject: Re: per-connection byte counts > Adam Rice (adamrice@xxxxxxxxxxxx) wrote on 18 January 2004 14:09: > >I'd like to be able to get per-connection byte-counts from the kernel, so I > >can create a sort of top program showing what processes and users are > >currently using the network and how much. Since I want this to be something I > >can keep running all the time, I don't want to do it by snooping the > >interface. Is there some way to do this with netfilter? Sadly > >/proc/net/ip_conntrack doesn't appear to provide this information. > > iftop and iptraf give statistics per interface, per machine and per > traffic type plus other interesting info. That's all that can be > obtained from a firewall since you cannot retrieve user info from > another machine. The performance impact is usually negligible. > > If you want to run the monitor in a multi-user system where users are > logged in you can associate the network connections with processes and > users but I don't know a program that does it. This is a "me too"... > >
