[plug] Track traffic on an aliased interface

bwarff bwarff at obsidian.com.au
Thu Dec 16 11:02:39 WST 2004 

packets can be captured in many different ways.

if your a c coder, you can use libpcap .. if your a perl/python/xxx scripter
you can wrap tcpdump or simmilar... there are also plenty of network analyzing packages out there already,
check out freshmeat.net - i think 'snort' is one of the more popular ones around at the moment, tho it seems
more 'hacker detecting' than 'packet counting'.
http://freshmeat.net/projects/snort/


sorry about "use the ip networks" .. it wasnt the right terminology perhaps, all i meant by that
is that your local stuff should be on a 10.x or 192.x network, and thusly it should be easy to 'ignore'
those packets from the stream captured above, but i said that assuming you where a scripter, looking
to roll your own system.

note: the figures you get from measuring will quite likely not be the same as the figures your isp
gets .. depending on where you measure the traffic the "encapsulation" of the packet changes,
and the more 'encapsulated' a packet is, the bigger it is .. 

 


On Thu, 16 Dec 2004 13:00:32 +1100
Onno Benschop <onno at itmaze.com.au> wrote:

> On Thu, 2004-12-16 at 13:11, bwarff wrote:
> > afaik, the new kernel architecture on the 2.6 series no longer makes that information
> > easily available - they all get aggregated as eth0. Best bet would probably be to use the ip networks to split the data out.
> > eg: id assume your local stuff is 10.x.x.x or 192.168.0.x ... it should be easy enough to script
> > those ip ranges away.
> 
> I understand what you mean about separating the ranges with their
> addresses, but how do I capture the packet count?
> 
> I'm not sure what you mean when you say "use the ip networks".
> 
> Cheers,
> 
> Onno Benschop 
> 
> Connected via Optus B3 at S34°33'15" - E150°21'57" (Moss Vale, NSW)
> -- 
> ()/)/)()        ..ASCII for Onno.. 
> |>>?            ..EBCDIC for Onno.. 
> --- -. -. ---   ..Morse for Onno.. 
> 
> Proudly supported by Skipper Trucks, Highway1, Concept AV, Sony Central, Dalcon
> ITmaze - ABN: 56 178 057 063 - ph: 04 1219 8888 - onno at itmaze dot com dot au
> 
> _______________________________________________
> PLUG discussion list: plug at plug.linux.org.au
> http://spark.plug.linux.org.au/cgi-bin/mailman/listinfo/plug
> Committee e-mail: committee at plug.linux.org.au

More information about the plug mailing list