Help with iptables and ip accounting

[Tu Nguyen]

On Thu, 7 Jun 2001, [iso-8859-1] Sascha Rei=DFner wrote:

>=20
> From: "Tu Nguyen" <nguyen@ucalgary.ca>
>=20
> > Just wonder if I can do some kind of redirection to force my linux to
> > read all packets. Something like "look, look.. those packets
> > though not for you but go ahead and read them"?
>=20
> well, cou can take tcpdump or similiar programs to manage this.
>=20
> it sets a lan interface into promiscuous mode, thats the mode you want. i=
t
> just "listen" to what transverses in the network i am physically connecte=
d
> to nomatter what destination a packet has. thus a packet doesnt need to h=
it
> or pass your box it just has to run by on the same cable your box is
> connected to.
>=20
> try out "tcpdump -i eth2" and you will see why there is so busy activity =
on
> that device. i dont know how to count packets or bytes with that but that
> would be the right way to do *g*

Sascha:
 tcpdump won't do. My objective is to keep track of the usage for
each department. At the moment, I am using scriptings to add all
the outputs of IPFM (ipflow meter, this is hell of a program to=20
keep track of traffic usages for each individual station). Another
program I use achieve the same purpose is argus. The drawback
of these programs is that they are very time consuming as they
are not designed for this purpose.
 It would be more effective and probably faster to have iptables=20
passively read and count all the packets for each subnet. There
got to be away to force iptables to examine all the packets
without routing them. I just don't know how yet.
Thanks for all the help.
>=20
> --
> Sascha Reissner  -  sascha.reissner@toxicnet.de  -  http://www.fireware.o=
rg/
> PGP Fingerprint: 27C4 F5BB E4D7 7B44 A47A  B1E7 6014 F3E5 85B1 BEF7
>=20
Tu Nguyen
nguyen@ucalgary.ca