From: Steven M Campbell <Netfilter@SCampbell.net>
To: iptables <netfilter@lists.netfilter.org>
Subject: Re: Packets Counting
Date: Wed, 16 Mar 2005 14:28:07 -0500 [thread overview]
Message-ID: <423888C7.408@SCampbell.net> (raw)
In-Reply-To: <423885E3.4000802@critical.com>
Heh, no fair! That's more clever than the one I did off the cuff :)
Bill Chappell wrote:
>
> I do not have time this instant to share the code but the outline of
> a packet counter I use is to create chain MANGLE_ACTIVITY in -t mangle,
> add a rule that simply RETURNs to MANGLE_ACTIVITY, Insert a jump to the
> MANGLE_ACTIVITY chain in -t mangle PREROUTING (so it is the first chain
> hit by all incoming packets), use whatever matches, like --sport or
> --dport (remember to specify protocol with port matches) and/or an
> interface match. Then, in a script (mine happens to be Perl), run
> "iptables -t mangle -nvL MANGLE_ACTIVITY" and pipe (|) it through grep
> to get the RETURN line with the packet count and pipe it through
> awk to pick off the packet count followed by
> "iptables -t mangle -Z MANGLE_ACTIVITY" to zero the counter,
> both in a loop with a sleep to get the interval (approximately).
>
> Hope this helps.
>
> Bill
>
> (Without deadlines, we'd live forever.)
>
>
>
> M. A. Imam wrote:
>
>> Can i record the the number of packets each 2 seconds with tcpdump. i
>> can see packets with tcpdump but how to count it every 2 seconds
>>
>>
>>> ===== Original Message From edvin.seferovic@kolp.at =====
>>> Maybe you should use tcpdump for testing purposes instead of using
>>> iptables.
>>>
>>> Just my opinion.
>>>
>>> Regards,
>>>
>>> Edvin
>>>
>>> -----Original Message-----
>>> From: netfilter-bounces@lists.netfilter.org
>>> [mailto:netfilter-bounces@lists.netfilter.org] On Behalf Of M. A. Imam
>>> Sent: Mittwoch, 16. März 2005 16:56
>>> To: netfilter@lists.netfilter.org
>>> Subject: Packets Counting
>>>
>>> Hi,
>>>
>>> How can i count the number of packets on an interface evry 2 or 5
>>> seconds.
>>> and
>>> i want to count only specific packets like only arriving packets
>>> from port
>>> 5001
>>>
>>> Any ideas...
>>>
>>> Muhammad
>>
>>
>>
>>
>>
>
next prev parent reply other threads:[~2005-03-16 19:28 UTC|newest]
Thread overview: 10+ messages / expand[flat|nested] mbox.gz Atom feed top
2005-03-16 19:15 Packets Counting Bill Chappell
2005-03-16 19:28 ` Steven M Campbell [this message]
2005-03-17 9:11 ` Jose Maria Lopez Hernandez
-- strict thread matches above, loose matches on Subject: below --
2005-03-16 17:50 M. A. Imam
2005-03-16 18:08 ` Bill Chappell
2005-03-16 15:56 M. A. Imam
2005-03-16 17:43 ` Seferovic Edvin
2005-03-16 17:54 ` Steven M Campbell
2005-03-16 21:24 ` Maxime Ducharme
2005-03-16 21:33 ` R. DuFresne
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=423888C7.408@SCampbell.net \
--to=netfilter@scampbell.net \
--cc=netfilter@lists.netfilter.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox