See the pkts and bytes

Posted on 2005-03-03
Medium Priority
Last Modified: 2010-04-20
Hi All.
How can I see the pakets and bytes in Linux specifically to one ip address. I try use the iptables commant, and I see all addresses. Whar kind of flag and options I must specify.
Question by:LMikl
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
LVL 16

Expert Comment

ID: 13448063
tcpdump ??

LVL 51

Expert Comment

ID: 13448196
tcpdump -l -n host one-ip-address

Author Comment

ID: 13448343
This command listening, I speak about iptables command.
WordPress Tutorial 3: Plugins, Themes, and Widgets

The three most common changes you will make to your website involve the look (themes), the functionality (plugins), and modular elements (widgets).

In this article we will briefly define each again, and give you directions on how to install them.

LVL 16

Expert Comment

ID: 13448368
iptables command is used to set rules for your network packets. I dont see how you are planning to *study* packets thru it.


Accepted Solution

marxy earned 200 total points
ID: 13448506
You need to log someone, right?

Let's do a simple test. We'll tell the kernel to log all packets destined for, and then create a few for it to log:

iptables -I OUTPUT -d -j ULOG --ulog-nlgroup 1 --ulog-cprange 100

The nlgroup parameter is a kernel "netlink group". My best understanding of this is that by using different nlgroup numbers, you can start more than one copy ulogd, each listening on a different netlink group, and send packets to different files.

The cprange specified how many bytes of the packet to capture, similar to the "-s" snap length parameter for tcpdump. Rather than capturing the (default) entire packet, I only want to capture the first hundred bytes.

Now let's ping that address:
ping -c 5

If you take a directory listing, you'll notice that file as grown a little bit. Let's see what we have:

[root@sparrow root]# tcpdump -r /var/log/ulogd.pcap -qtnp > icmp: echo request (DF) > icmp: echo request (DF) > icmp: echo request (DF)
LVL 51

Expert Comment

ID: 13449425
with iptables you can only see what iptables offers you with the LOG target
see man iptables (kernel logging)

Expert Comment

ID: 13453872
You may want to consider iptraf as well.  This will monitor active connections in an ncurses table.



Featured Post

Enterprise Mobility and BYOD For Dummies

Like “For Dummies” books, you can read this in whatever order you choose and learn about mobility and BYOD; and how to put a competitive mobile infrastructure in place. Developed for SMBs and large enterprises alike, you will find helpful use cases, planning, and implementation.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

If you use Debian 6 Squeeze and you are tired of looking at the childish graphical GDM login screen that is used by default, here's an easy way to change it. If you've already tried to change it you've probably discovered that none of the old met…
In the first part of this tutorial we will cover the prerequisites for installing SQL Server vNext on Linux.
This demo shows you how to set up the containerized NetScaler CPX with NetScaler Management and Analytics System in a non-routable Mesos/Marathon environment for use with Micro-Services applications.
How to Install VMware Tools in Red Hat Enterprise Linux 6.4 (RHEL 6.4) Step-by-Step Tutorial
Suggested Courses
Course of the Month14 days, 21 hours left to enroll

771 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question