On Thu, 2004-09-30 at 14:19, Daniel Chemko wrote:
> > Just trying to get an idea of the type and amount of traffic passing
> > through a subnet. I've done this before with tcpdump, but that
> > required an external parsing program to reconstitute all the
> > connections from the tcpdump capture.
>
> The way I track this kind of information is from netfilter/iptables.
>
> In the PREROUTING and POSTROUTING chains, you implement 'null' targets
> to add an internal netfilter counter to the packet stream.
>
> # Detect all outgoing web traffic from that subnet
> iptables -t mangle -A PREROUTING --source ${mynet}/${mymask} -p tcp
> --dport 80
> # Return Traffic
> iptables -t mangle -A PREROUTING --destination ${mynet}/${mymask} -p tcp
> --sport 80
>
> You may find this a little kludgy. I guess it is. The other alternative
> is to use IP accounting packages which are pre-built to do this stuff.
> You may find http://www.ntop.org/ntop.html or http://www.cacti.net/
> useful if you don't feel like doing it yourself.
iptraf is a quick & easy tool for this as well.
-j
--
Jason Opperisano <opie@xxxxxxxxxxx>
