From: Bill Chappell <chappewr@critical.com>
To: "netfilter@lists.netfilter.org" <netfilter@lists.netfilter.org>
Subject: Re: Packets Counting
Date: Wed, 16 Mar 2005 14:15:47 -0500 [thread overview]
Message-ID: <423885E3.4000802@critical.com> (raw)
I do not have time this instant to share the code but the outline of
a packet counter I use is to create chain MANGLE_ACTIVITY in -t mangle,
add a rule that simply RETURNs to MANGLE_ACTIVITY, Insert a jump to the
MANGLE_ACTIVITY chain in -t mangle PREROUTING (so it is the first chain
hit by all incoming packets), use whatever matches, like --sport or
--dport (remember to specify protocol with port matches) and/or an
interface match. Then, in a script (mine happens to be Perl), run
"iptables -t mangle -nvL MANGLE_ACTIVITY" and pipe (|) it through grep
to get the RETURN line with the packet count and pipe it through
awk to pick off the packet count followed by
"iptables -t mangle -Z MANGLE_ACTIVITY" to zero the counter,
both in a loop with a sleep to get the interval (approximately).
Hope this helps.
Bill
(Without deadlines, we'd live forever.)
M. A. Imam wrote:
> Can i record the the number of packets each 2 seconds with tcpdump. i can see
> packets with tcpdump but how to count it every 2 seconds
>
>
>>===== Original Message From edvin.seferovic@kolp.at =====
>>Maybe you should use tcpdump for testing purposes instead of using iptables.
>>
>>Just my opinion.
>>
>>Regards,
>>
>>Edvin
>>
>>-----Original Message-----
>>From: netfilter-bounces@lists.netfilter.org
>>[mailto:netfilter-bounces@lists.netfilter.org] On Behalf Of M. A. Imam
>>Sent: Mittwoch, 16. März 2005 16:56
>>To: netfilter@lists.netfilter.org
>>Subject: Packets Counting
>>
>>Hi,
>>
>>How can i count the number of packets on an interface evry 2 or 5 seconds.
>>and
>>i want to count only specific packets like only arriving packets from port
>>5001
>>
>>Any ideas...
>>
>>Muhammad
>
>
>
>
--
William Chappell, Software Engineer, Critical Technologies Inc.
* Creativity * Diversity * Expertise * Flexibility * Integrity *
Suite 400 Technology Center, 4th Floor 1001 Broad St, Utica NY 13501
315-793-0248 x148 FAX -9710 <bill.chappell@critical.com> www.critical.com
next reply other threads:[~2005-03-16 19:15 UTC|newest]
Thread overview: 10+ messages / expand[flat|nested] mbox.gz Atom feed top
2005-03-16 19:15 Bill Chappell [this message]
2005-03-16 19:28 ` Packets Counting Steven M Campbell
2005-03-17 9:11 ` Jose Maria Lopez Hernandez
-- strict thread matches above, loose matches on Subject: below --
2005-03-16 17:50 M. A. Imam
2005-03-16 18:08 ` Bill Chappell
2005-03-16 15:56 M. A. Imam
2005-03-16 17:43 ` Seferovic Edvin
2005-03-16 17:54 ` Steven M Campbell
2005-03-16 21:24 ` Maxime Ducharme
2005-03-16 21:33 ` R. DuFresne
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=423885E3.4000802@critical.com \
--to=chappewr@critical.com \
--cc=netfilter@lists.netfilter.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox