Re: Packets Counting

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

Hello

Got a little script that i use to create graphs
with RRD tool.

The main idea is :
create a rule that will match packet that you want to
count. It can be ACCEPTED packets for bandwidth monitoring
or DROP / REJECT to know how many packets have been
blocked on the firewall.

example rules that will count inbound and outbound bytes and
packets for a NATed host :
$IPTABLES -t filter -A FORWARD -i eth0 -o ppp0 -s 192.168.0.2 -j ACCEPT
$IPTABLES -t filter -A FORWARD -i ppp0 -o eth0 -d 192.168.0.2 -j ACCEPT
...



change these rules to fit what you want to count (in your question,
it would be --sport 5001).

Then, another script to extract the information : "iptbwcheck.sh"

# extract information from iptables, put in a file and zero the counter (-Z)
# -x stands for "show info in bytes not megs or gigs"
/sbin/iptables -x -nvL -Z FORWARD >tmp_forward

# put these in local vars
inputPckMax=`grep "^.*ppp0   eth0.*192\.168\.0\.2 .*$" tmp_forward |awk
'{print $1}'`
inputBytesMax=`grep "^.*ppp0   eth0.*192\.168\.0\.2 .*$" tmp_forward |awk
'{print $2}'`
outputPckMax=`grep "^.*eth0   ppp0.*192\.168\.0\.2 .*$" tmp_forward |awk
'{print $1}'`
outputBytesMax=`grep "^.*eth0   ppp0.*192\.168\.0\.2 .*$" tmp_forward |awk
'{print $2}'`

# del tmp file
rm -f tmp_forward

# call RRD
endDate=`date +%s`
/usr/local/rrdtool-1.0.49/bin/rrdtool update nat.rrd \
$endDate:\
$inputBytesMax:$outputBytesMax:$inputPckMax:$outputPckMax

# do whatever else you want to do with this information
# ex : log in a file, log into mysql, upload to another syslog server, ...

See some graphs created from this script :

- Bandwidth monitoring
http://69.156.160.170/mephisto_day_full.gif

- Blocked packets / 5 mins
http://69.156.160.170/mephisto_day_full_firewall.gif

HTH

Maxime Ducharme
Programmeur / Spécialiste en sécurité réseau

----- Original Message ----- 
From: "M. A. Imam" <maimam@xxxxxxxxxxx>
To: <netfilter@xxxxxxxxxxxxxxxxxxx>
Sent: Wednesday, March 16, 2005 10:56 AM
Subject: Packets Counting


> Hi,
>
> How can i count the number of packets on an interface evry 2 or 5 seconds.
and
> i want to count only specific packets like only arriving packets from port
> 5001
>
> Any ideas...
>
> Muhammad
>
[Index of Archives]     [Linux Netfilter Development]     [Linux Kernel Networking Development]     [Netem]     [Berkeley Packet Filter]     [Linux Kernel Development]     [Advanced Routing & Traffice Control]     [Bugtraq]

  Powered by Linux