So for TCP do I add all the LEN fields only? If I have a thousand log entries and all the LEN fields are 60 did I use 60,000 bit's? Or is it Bytes? In UDP do I add both LEN fields? On Wed, Oct 28, 2009 at 9:11 AM, Richard Horton <richard.horton@xxxxxxxxxxxxxx> wrote: > > > 2009/10/28 Jeff Jensen <jjensen@xxxxxxxxxxx> >> >> Thanks Richard, So there is no parameter (or combination of >> parameters) in the syslog entry stating actual packet size? >> >> Hmmmm???? >> >> The boss wants to know how much bandwidth is used by the different >> app's we allow. I have some unique app's that run on unique port(s) >> and rules that log all packets. I set the --log-prefix= to something >> unique to that app and every day sort it out into individual files. I >> was hoping to aggregate all the entries to a total bandwidth out and >> it. > > > For estimating individual application usage they'll be fine, was thinking > more along not using the len fields for estimating total consumed bandwidth > (as IP tables only deals with ip traffic and so will miss other forms of > traffic, ipx, appletalk, arp etc) > > -- To unsubscribe from this list: send the line "unsubscribe netfilter" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html