Thanks Richard, So there is no parameter (or combination of parameters) in the syslog entry stating actual packet size? Hmmmm???? The boss wants to know how much bandwidth is used by the different app's we allow. I have some unique app's that run on unique port(s) and rules that log all packets. I set the --log-prefix= to something unique to that app and every day sort it out into individual files. I was hoping to aggregate all the entries to a total bandwidth out and it. On Wed, Oct 28, 2009 at 8:20 AM, Richard Horton <richard.horton@xxxxxxxxxxxxxx> wrote: > > > 2009/10/28 Jeff Jensen <jjensen@xxxxxxxxxxx>: >> Is there an explanation of the LEN and WINDOW fields in an >> iptables/netfilter syslog entry? >> > First example: LEN is the length of the TCP datagram > > The Window field applies to TCP packets and is the receive window size - > the amount of data the receiver will process before having to send an ack > message. > > Second example I believe LEN 1 is the length of the IP datagram, LEN 2 is > the lenght of the UDP payload. > > I would be wary of using this to estimate bandwith useage. > > > -- > Richard Horton > Users are like a virus: Each causing a thousand tiny crises until the host > finally dies. > http://www.solstans.co.uk - Solstans Japanese Bobtails and Norwegian Forest > Cats > http://www.pbase.com/arimus - My online photogallery > > -- To unsubscribe from this list: send the line "unsubscribe netfilter" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
