Accounting on promiscuous interface
Alexander Demenshin
Alexander Demenshin <aldem-nf@aldem.net>
Mon, 20 Aug 2001 12:54:12 +0200
On Mon, Aug 20, 2001 at 10:49:41AM +0200, Giorgio Bernardi wrote:
> and bytes counted, so it seems that the drop hook does not apply to the
> dropped packet from promisc.
Sure it doesn't - hook works only for packets which are dropped by
netfilter, but packets which are coming through interface in promisc mode
are dropped by IP stack _before_ any filtering takes place.
I suggest to look at http://freshmeat.net/projects/netramet/ or
ftp://ftp.andrew.cmu.edu/pub/argus/argus-1.8.1/ - those are dedicated
to monitoring and accounting of IP traffic (and much more powerful than
iptables/ipchains based accounting).
/Al