[OFB Cafe] Monitoring network traffic
Fred Smith
fps at xicada.com
Mon Sep 22 11:03:29 CDT 2008
On Wed, Sep 17, 2008 at 10:49 PM, Rick Bowers <rwbowers at gmail.com> wrote:
> So, I could setup my server in fire wall mode and track the counters.
> I assume I only need the RX bytes: and TX bytes:
>
> Where do these counters live (what command did you type to get this
> display)? Do you have any scripts to capture the data? I assume I'd
> run a cron job nightly.
Run ifconfig to get the counters I pasted earlier. If your linux
machine is acting as a NAT firewall, you can also use iptables to get
traffic bytecounts. Those counters *don't* roll over, so they're
probably way better to work with. I don't have any scripts to
capture or process this data,
Here's an article from Linux.com which talks about how you can do some
simple reporting with iptables:
http://www.linux.com/articles/50649
>
> What happens when the counter reaches 2GB (my system is
> 32-bit)? Does it roll over to zero? So I'd need to accommodate that as well.
On 32 bit systems, it rolls over to zero, although it seems to not be
at 2GB, since I have a 32 bit system that is showing numbers above 2
GB. Perhaps the counter is unsigned (which would make sense) in which
case it wouldn't roll over until 4 GB. Again, if you use iptables to
do the accounting, you don't have to worry about the counters rolling
over.
More information about the Cafe
mailing list