From: Bill Chappell <chappewr@critical.com>
To: netfilter <netfilter@lists.netfilter.org>
Subject: Re: Packets Counting
Date: Wed, 16 Mar 2005 13:08:08 -0500 [thread overview]
Message-ID: <42387608.2000100@critical.com> (raw)
In-Reply-To: <42389BFF@webmail.wichita.edu>
I do not have time this instant to share the code but the outline of
a packet counter I use is to create chain MANGLE_ACTIVITY in -t mangle,
add a rule that simply RETURNs to MANGLE_ACTIVITY, Insert a jump to the
MANGLE_ACTIVITY chain in -t mangle PREROUTING (so it is the first chain
hit by all incoming packets), use whatever matches, like --sport or
--dport (remember to specify protocol with port matches) and/or an
interface match. Then, in a script (mine happens to be Perl), run
"iptables -t mangle -nvL MANGLE_ACTIVITY" and pipe (|) it through grep
to get the RETURN line with the packet count and pipe it through
awk to pick off the packet count followed by
"iptables -t mangle -Z MANGLE_ACTIVITY" to zero the counter,
both in a loop with a sleep to get the interval (approximately).
Hope this helps.
Bill
(Without deadlines, we'd live forever.)
M. A. Imam wrote:
> Can i record the the number of packets each 2 seconds with tcpdump. i can see
> packets with tcpdump but how to count it every 2 seconds
>
>
>>===== Original Message From edvin.seferovic@kolp.at =====
>>Maybe you should use tcpdump for testing purposes instead of using iptables.
>>
>>Just my opinion.
>>
>>Regards,
>>
>>Edvin
>>
>>-----Original Message-----
>>From: netfilter-bounces@lists.netfilter.org
>>[mailto:netfilter-bounces@lists.netfilter.org] On Behalf Of M. A. Imam
>>Sent: Mittwoch, 16. März 2005 16:56
>>To: netfilter@lists.netfilter.org
>>Subject: Packets Counting
>>
>>Hi,
>>
>>How can i count the number of packets on an interface evry 2 or 5 seconds.
>>and
>>i want to count only specific packets like only arriving packets from port
>>5001
>>
>>Any ideas...
>>
>>Muhammad
>
>
>
>
--
William Chappell, Software Engineer, Critical Technologies Inc.
* Creativity * Diversity * Expertise * Flexibility * Integrity *
Suite 400 Technology Center, 4th Floor 1001 Broad St, Utica NY 13501
315-793-0248 x148 FAX -9710 <bill.chappell@critical.com> www.critical.com
next prev parent reply other threads:[~2005-03-16 18:08 UTC|newest]
Thread overview: 10+ messages / expand[flat|nested] mbox.gz Atom feed top
2005-03-16 17:50 Packets Counting M. A. Imam
2005-03-16 18:08 ` Bill Chappell [this message]
-- strict thread matches above, loose matches on Subject: below --
2005-03-16 19:15 Bill Chappell
2005-03-16 19:28 ` Steven M Campbell
2005-03-17 9:11 ` Jose Maria Lopez Hernandez
2005-03-16 15:56 M. A. Imam
2005-03-16 17:43 ` Seferovic Edvin
2005-03-16 17:54 ` Steven M Campbell
2005-03-16 21:24 ` Maxime Ducharme
2005-03-16 21:33 ` R. DuFresne
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=42387608.2000100@critical.com \
--to=chappewr@critical.com \
--cc=netfilter@lists.netfilter.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.