[plug] IP Accounting Problem

[Christian]

Hi all,

I have a problem involving setting up IP accounting for which I can't
really see a simple answer.  Basically we have a router which does it's
own accounting and sends that (via's it own protocol, hi Mike!) to a
machine which collates/processes this data.  Unfortunately the whole
process is a bit iffy at times (for various reasons) so we're trying to
set up a Linux box as a back-up accounting machine to draw a comparison.

We've added a new NIC to the Linux box in question and configured the
router to mirror all IP traffic on the appropriate VLAN to the port that
the second NIC is plugged into.  I can run tcpdump on that interface and
see all the traffic going by so that's all working.  The problem is, I
can't find any way of actually doing accounting on that traffic (i.e.,
record destination IP address and data sent).  I've been trying to use
ipchains but this won't work because the traffic isn't actually being
sent to (or via) the machine and I can't think of any way to configure
it so that the machine will read all the data coming in from one
interface and forward it to another.  The only option seems to be a
program that will read the traffic off the wire and keep a log of (IP,
bytes) but I can't find any program that does this.  Does anyone know of
one?  If not, can anyone suggest an approach that might be successful?

Regards,

Christian.