Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 363
  • Last Modified:

See the pkts and bytes

Hi All.
How can I see the pakets and bytes in Linux specifically to one ip address. I try use the iptables commant, and I see all addresses. Whar kind of flag and options I must specify.
 Thanks
0
LMikl
Asked:
LMikl
1 Solution
 
manav_mathurCommented:
tcpdump ??

Manav
0
 
ahoffmannCommented:
tcpdump -l -n host one-ip-address
0
 
LMiklAuthor Commented:
This command listening, I speak about iptables command.
0
Industry Leaders: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 
manav_mathurCommented:
iptables command is used to set rules for your network packets. I dont see how you are planning to *study* packets thru it.

Manav
0
 
marxyCommented:
You need to log someone, right?

Let's do a simple test. We'll tell the kernel to log all packets destined for 99.99.99.99, and then create a few for it to log:

iptables -I OUTPUT -d 99.99.99.99 -j ULOG --ulog-nlgroup 1 --ulog-cprange 100

The nlgroup parameter is a kernel "netlink group". My best understanding of this is that by using different nlgroup numbers, you can start more than one copy ulogd, each listening on a different netlink group, and send packets to different files.

The cprange specified how many bytes of the packet to capture, similar to the "-s" snap length parameter for tcpdump. Rather than capturing the (default) entire packet, I only want to capture the first hundred bytes.

Now let's ping that address:
ping -c 5 99.99.99.99

If you take a directory listing, you'll notice that file as grown a little bit. Let's see what we have:

[root@sparrow root]# tcpdump -r /var/log/ulogd.pcap -qtnp
172.27.1.66 > 99.99.99.99: icmp: echo request (DF)
172.27.1.66 > 99.99.99.99: icmp: echo request (DF)
172.27.1.66 > 99.99.99.99: icmp: echo request (DF)
0
 
ahoffmannCommented:
with iptables you can only see what iptables offers you with the LOG target
see man iptables (kernel logging)
0
 
avatechCommented:
You may want to consider iptraf as well.  This will monitor active connections in an ncurses table.

http://iptraf.seul.org/

0

Featured Post

Free Tool: ZipGrep

ZipGrep is a utility that can list and search zip (.war, .ear, .jar, etc) archives for text patterns, without the need to extract the archive's contents.

One of a set of tools we're offering as a way to say thank you for being a part of the community.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now