Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x
?
Solved

A Broadcast Packet Counter

Posted on 2006-06-14
5
Medium Priority
?
644 Views
Last Modified: 2008-02-26
Hi there,

I'm looking to count the number of broadcast packets received by a Linux box (Fedora Core 1 in this case) - my script would ideally report in real-time how many packets are being received per second or per minute for example. Please could someone recommend the best way to go about this - where to get this information in the simplest form, or what files to analyse to get it.

Many thanks and regards,

Biggs
0
Comment
Question by:BigglesZX
  • 2
  • 2
5 Comments
 
LVL 51

Expert Comment

by:ahoffmann
ID: 16909692
use iptables and make a logging rule for the packets your're interested in, then simply use iptables -v
0
 
LVL 4

Assisted Solution

by:bobgunzel
bobgunzel earned 200 total points
ID: 16909842
You can use ngrep to monitor the broadcasts and pipe it to a file in the background:
ngrep -t -d {interface} host {broadcast-address} > {logfile} &

and use cat, grep and date to filter the file, f.i. per minute:
cat {logfile} | grep "`date +%Y/%m/%d" "%k`:$[`date +%M`-1]"

You can put the above line in a script that executes it every minute as long as ngrep is running:
while [ "`ps -A | grep ngrep`" ]
do
sleep $[59-`date +%-S`]
cat {logfile} | grep "`date +%Y/%m/%d" "%k`:$[`date +%M`-1]"
done
0
 

Author Comment

by:BigglesZX
ID: 16910027
I'm looking to use iptables for this, after considering some of the options - I think I will use the internal counters of iptables and read/reset them every minute or so.

So, with this in mind - can you tell me what arguments I need to give to iptables if I want a rule to count all ip and ethernet broadcast traffic, and possibly ip and ethernet multicast as well.

bobgunzel: That looks like a good solution - I will see where I can get with iptables and if I can't work it out, will come back to that. You'll get some points :-).

Thank you both very much.
0
 
LVL 51

Accepted Solution

by:
ahoffmann earned 300 total points
ID: 16914694
# something like:
iptables -I INPUT -i eth0 -d your-broadcast-ip -j LOG --log-prefix broadcast:

iptables -Z
will delete the counters
0
 

Author Comment

by:BigglesZX
ID: 16914717
Got it. With this and some help from LinuxQuestions.org I sorted it out - now for rrdtool. Thanks all, will split points.
0

Featured Post

Keep up with what's happening at Experts Exchange!

Sign up to receive Decoded, a new monthly digest with product updates, feature release info, continuing education opportunities, and more.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Have you ever been frustrated by having to click seven times in order to retrieve a small bit of information from the web, always the same seven clicks, scrolling down and down until you reach your target? When you know the benefits of the command l…
The purpose of this article is to fix the unknown display problem in Linux Mint operating system. After installing the OS if you see Display monitor is not recognized then we can install "MESA" utilities to fix this problem or we can install additio…
In a question here at Experts Exchange (https://www.experts-exchange.com/questions/29062564/Adobe-acrobat-reader-DC.html), a member asked how to create a signature in Adobe Acrobat Reader DC (the free Reader product, not the paid, full Acrobat produ…
The Relationships Diagram is a good way to get an overall view of what a database is keeping track of. It is also where relationships are defined. A relationship specifies how two tables connect to each other. As you build tables in Microsoft Ac…
Suggested Courses

564 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question