Solved

A Broadcast Packet Counter

Posted on 2006-06-14
5
635 Views
Last Modified: 2008-02-26
Hi there,

I'm looking to count the number of broadcast packets received by a Linux box (Fedora Core 1 in this case) - my script would ideally report in real-time how many packets are being received per second or per minute for example. Please could someone recommend the best way to go about this - where to get this information in the simplest form, or what files to analyse to get it.

Many thanks and regards,

Biggs
0
Comment
Question by:BigglesZX
  • 2
  • 2
5 Comments
 
LVL 51

Expert Comment

by:ahoffmann
ID: 16909692
use iptables and make a logging rule for the packets your're interested in, then simply use iptables -v
0
 
LVL 4

Assisted Solution

by:bobgunzel
bobgunzel earned 50 total points
ID: 16909842
You can use ngrep to monitor the broadcasts and pipe it to a file in the background:
ngrep -t -d {interface} host {broadcast-address} > {logfile} &

and use cat, grep and date to filter the file, f.i. per minute:
cat {logfile} | grep "`date +%Y/%m/%d" "%k`:$[`date +%M`-1]"

You can put the above line in a script that executes it every minute as long as ngrep is running:
while [ "`ps -A | grep ngrep`" ]
do
sleep $[59-`date +%-S`]
cat {logfile} | grep "`date +%Y/%m/%d" "%k`:$[`date +%M`-1]"
done
0
 

Author Comment

by:BigglesZX
ID: 16910027
I'm looking to use iptables for this, after considering some of the options - I think I will use the internal counters of iptables and read/reset them every minute or so.

So, with this in mind - can you tell me what arguments I need to give to iptables if I want a rule to count all ip and ethernet broadcast traffic, and possibly ip and ethernet multicast as well.

bobgunzel: That looks like a good solution - I will see where I can get with iptables and if I can't work it out, will come back to that. You'll get some points :-).

Thank you both very much.
0
 
LVL 51

Accepted Solution

by:
ahoffmann earned 75 total points
ID: 16914694
# something like:
iptables -I INPUT -i eth0 -d your-broadcast-ip -j LOG --log-prefix broadcast:

iptables -Z
will delete the counters
0
 

Author Comment

by:BigglesZX
ID: 16914717
Got it. With this and some help from LinuxQuestions.org I sorted it out - now for rrdtool. Thanks all, will split points.
0

Featured Post

Master Your Team's Linux and Cloud Stack

Come see why top tech companies like Mailchimp and Media Temple use Linux Academy to build their employee training programs.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

The purpose of this article is to fix the unknown display problem in Linux Mint operating system. After installing the OS if you see Display monitor is not recognized then we can install "MESA" utilities to fix this problem or we can install additio…
The purpose of this article is to demonstrate how we can upgrade Python from version 2.7.6 to Python 2.7.10 on the Linux Mint operating system. I am using an Oracle Virtual Box where I have installed Linux Mint operating system version 17.2. Once yo…
Microsoft Active Directory, the widely used IT infrastructure, is known for its high risk of credential theft. The best way to test your Active Directory’s vulnerabilities to pass-the-ticket, pass-the-hash, privilege escalation, and malware attacks …
Finds all prime numbers in a range requested and places them in a public primes() array. I've demostrated a template size of 30 (2 * 3 * 5) but larger templates can be built such 210  (2 * 3 * 5 * 7) or 2310  (2 * 3 * 5 * 7 * 11). The larger templa…

777 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question