From: Steven M Campbell <Netfilter@SCampbell.net>
To: iptables <netfilter@lists.netfilter.org>
Subject: Re: Packets Counting
Date: Wed, 16 Mar 2005 14:28:07 -0500 [thread overview]
Message-ID: <423888C7.408@SCampbell.net> (raw)
In-Reply-To: <423885E3.4000802@critical.com>
Heh, no fair! That's more clever than the one I did off the cuff :)
Bill Chappell wrote:
>
> I do not have time this instant to share the code but the outline of
> a packet counter I use is to create chain MANGLE_ACTIVITY in -t mangle,
> add a rule that simply RETURNs to MANGLE_ACTIVITY, Insert a jump to the
> MANGLE_ACTIVITY chain in -t mangle PREROUTING (so it is the first chain
> hit by all incoming packets), use whatever matches, like --sport or
> --dport (remember to specify protocol with port matches) and/or an
> interface match. Then, in a script (mine happens to be Perl), run
> "iptables -t mangle -nvL MANGLE_ACTIVITY" and pipe (|) it through grep
> to get the RETURN line with the packet count and pipe it through
> awk to pick off the packet count followed by
> "iptables -t mangle -Z MANGLE_ACTIVITY" to zero the counter,
> both in a loop with a sleep to get the interval (approximately).
>
> Hope this helps.
>
> Bill
>
> (Without deadlines, we'd live forever.)
>
>
>
> M. A. Imam wrote:
>
>> Can i record the the number of packets each 2 seconds with tcpdump. i
>> can see packets with tcpdump but how to count it every 2 seconds
>>
>>
>>> ===== Original Message From edvin.seferovic@kolp.at =====
>>> Maybe you should use tcpdump for testing purposes instead of using
>>> iptables.
>>>
>>> Just my opinion.
>>>
>>> Regards,
>>>
>>> Edvin
>>>
>>> -----Original Message-----
>>> From: netfilter-bounces@lists.netfilter.org
>>> [mailto:netfilter-bounces@lists.netfilter.org] On Behalf Of M. A. Imam
>>> Sent: Mittwoch, 16. März 2005 16:56
>>> To: netfilter@lists.netfilter.org
>>> Subject: Packets Counting
>>>
>>> Hi,
>>>
>>> How can i count the number of packets on an interface evry 2 or 5
>>> seconds.
>>> and
>>> i want to count only specific packets like only arriving packets
>>> from port
>>> 5001
>>>
>>> Any ideas...
>>>
>>> Muhammad
>>
>>
>>
>>
>>
>
next prev parent reply other threads:[~2005-03-16 19:28 UTC|newest]
Thread overview: 10+ messages / expand[flat|nested] mbox.gz Atom feed top
2005-03-16 19:15 Packets Counting Bill Chappell
2005-03-16 19:28 ` Steven M Campbell [this message]
2005-03-17 9:11 ` Jose Maria Lopez Hernandez
-- strict thread matches above, loose matches on Subject: below --
2005-03-16 17:50 M. A. Imam
2005-03-16 18:08 ` Bill Chappell
2005-03-16 15:56 M. A. Imam
2005-03-16 17:43 ` Seferovic Edvin
2005-03-16 17:54 ` Steven M Campbell
2005-03-16 21:24 ` Maxime Ducharme
2005-03-16 21:33 ` R. DuFresne
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=423888C7.408@SCampbell.net \
--to=netfilter@scampbell.net \
--cc=netfilter@lists.netfilter.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.