Solved

A Broadcast Packet Counter

Posted on 2006-06-14
5
630 Views
Last Modified: 2008-02-26
Hi there,

I'm looking to count the number of broadcast packets received by a Linux box (Fedora Core 1 in this case) - my script would ideally report in real-time how many packets are being received per second or per minute for example. Please could someone recommend the best way to go about this - where to get this information in the simplest form, or what files to analyse to get it.

Many thanks and regards,

Biggs
0
Comment
Question by:BigglesZX
  • 2
  • 2
5 Comments
 
LVL 51

Expert Comment

by:ahoffmann
ID: 16909692
use iptables and make a logging rule for the packets your're interested in, then simply use iptables -v
0
 
LVL 4

Assisted Solution

by:bobgunzel
bobgunzel earned 50 total points
ID: 16909842
You can use ngrep to monitor the broadcasts and pipe it to a file in the background:
ngrep -t -d {interface} host {broadcast-address} > {logfile} &

and use cat, grep and date to filter the file, f.i. per minute:
cat {logfile} | grep "`date +%Y/%m/%d" "%k`:$[`date +%M`-1]"

You can put the above line in a script that executes it every minute as long as ngrep is running:
while [ "`ps -A | grep ngrep`" ]
do
sleep $[59-`date +%-S`]
cat {logfile} | grep "`date +%Y/%m/%d" "%k`:$[`date +%M`-1]"
done
0
 

Author Comment

by:BigglesZX
ID: 16910027
I'm looking to use iptables for this, after considering some of the options - I think I will use the internal counters of iptables and read/reset them every minute or so.

So, with this in mind - can you tell me what arguments I need to give to iptables if I want a rule to count all ip and ethernet broadcast traffic, and possibly ip and ethernet multicast as well.

bobgunzel: That looks like a good solution - I will see where I can get with iptables and if I can't work it out, will come back to that. You'll get some points :-).

Thank you both very much.
0
 
LVL 51

Accepted Solution

by:
ahoffmann earned 75 total points
ID: 16914694
# something like:
iptables -I INPUT -i eth0 -d your-broadcast-ip -j LOG --log-prefix broadcast:

iptables -Z
will delete the counters
0
 

Author Comment

by:BigglesZX
ID: 16914717
Got it. With this and some help from LinuxQuestions.org I sorted it out - now for rrdtool. Thanks all, will split points.
0

Featured Post

Is Your Active Directory as Secure as You Think?

More than 75% of all records are compromised because of the loss or theft of a privileged credential. Experts have been exploring Active Directory infrastructure to identify key threats and establish best practices for keeping data safe. Attend this month’s webinar to learn more.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Have you ever been frustrated by having to click seven times in order to retrieve a small bit of information from the web, always the same seven clicks, scrolling down and down until you reach your target? When you know the benefits of the command l…
The purpose of this article is to demonstrate how we can upgrade Python from version 2.7.6 to Python 2.7.10 on the Linux Mint operating system. I am using an Oracle Virtual Box where I have installed Linux Mint operating system version 17.2. Once yo…
This video explains how to create simple products associated to Magento configurable product and offers fast way of their generation with Store Manager for Magento tool.
A short film showing how OnPage and Connectwise integration works.

932 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

16 Experts available now in Live!

Get 1:1 Help Now