Linux: Bandwidth monitoring excluding certain sites and LAN usage

I am looking for a program that can meter total bandwidth per day. It should not count LAN usage, note that LAN/Internet usage both go through the same interface, eth1, as my setup is as as follows

PC1 - Router - PC2
. . . . . |
. . . Modem

A bonus would be to exclude usage from certain sites. I am doing this to compare usage to my ISP's usage indicator and the ISP has unmetered sites which I want to exclude from the usage indicator.

Can Wireshark do this? It has the ability to set the filters for what I want but I haven't found a simple way to get it to just run in the background and meter the usage of the filtered packets (if it is possible)
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

kebabsAuthor Commented:
I guess iptables rules could be set but it seems too complex. Another option would be to do this on the router, but that means I have to get one that can have linux, openwrt or something installed on it (currently have a di-624 with only 1MB of Flash).
Wireshark does not well fit to your task.

You may use ipchains to account traffic. I suppose you have eth0 connected to WAN modem and that you have LAN address.

Here is an example to account only incoming Internet traffic.

# Add a chain to account _all_ external traffic:
iptables -N ALL_INTERNET
# Add a chain  to account external traffic without excluded traffic
iptables -N INTERNET

# x.x.x.x is a host to exclude from accounting
iptables -A ALL_INTERNET -s x.x.x.x -j RETURN
# Add as many exclusions as you like:
iptables -A ALL_INTERNET -s x.x.x.y -j RETURN
# ...
# At last, account all other external traffic

# Now define what is 'internet' traffic (without -j target, account only)
iptables -A INTERNET -s !

# Bind accounting rules to real interfaces:
# each packet traverses either INPUT or FORWARD chain
iptables -I INPUT -i eth0 -j ALL_INTERNET
iptables -I FORWARD -i eth0 -j ALL_INTERNET

To view counters:
iptables -L INTERNET -v

To zero counters:
iptables -Z INTERNET

You may create a simple script to save counters to file and to zero counters and run it every day from cron.

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
http:// thevpn.guruCommented:
You can try ntop it has a great web interface which allows you to see all kinds of stats.
Powerful Yet Easy-to-Use Network Monitoring

Identify excessive bandwidth utilization or unexpected application traffic with SolarWinds Bandwidth Analyzer Pack.

kebabsAuthor Commented:
Shakoush, I have looked into several utilities like that and the closest I found was MRTG but I had a problem with getting it configured, particularly with getting my router's community name and another parameter. ntop looks promising but I'm going with the iptables setup as it leverages already existing functionality on my box.

Nopius, that is fantastic. I tried for a few minutes and gave up on that as it involved too much documentation and references for the syntax, nice to see someone more experienced quickly whip something up.

kebabsAuthor Commented:
Thank you for points, kebabs.

That may not be so easy to integrate accounting iptables with existing iptables rules.

I have used before another accounting package: 
It's much more customizable and you may have a look at there.
kebabsAuthor Commented:
I've noticed :p However, I think I've got it. Had a little issue where the INTERNET chain showed nothing while there was no problems with the ALL chain but everything seems okay now.

I did like the idea behind NeTAMS and tried it however "make" failed. I'm guessing it was missing libraries but I couldn't work out what I needed.

I couldn't find libpcap or netflow in the Ubuntu repositories and searching got me nowhere expect a demotivational ubuntu forums page:
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today

From novice to tech pro — start learning today.