Solved

Iptables and mirroring ports

Posted on 2016-10-14
4
109 Views
Last Modified: 2016-10-24
I am running iptables on Centos and want them to count all traffic on other device, so I have mirrored ports between the Centos and the device.
I can dump all traffic with tcpdump but the counters on iptables don´t see anything.
But if I run the Centos as router iptables count every byte for me.

Is it poosible to use iptables counting in mirroring mode ?
0
Comment
Question by:soffcec
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
4 Comments
 
LVL 35

Assisted Solution

by:Duncan Roe
Duncan Roe earned 250 total points
ID: 41844993
I am not familiar with this mirroring mode of which you speak. Iptables will only count packets which match a rule: if the Centos system is not router then will this happen?
Could you elaborate on mirroring mode and also what are your iptables rules when Centos is not router?
0
 

Author Comment

by:soffcec
ID: 41845080
I put one line for each ip address for in and out and call them COUNT_IN and COUNT_OUT
-A COUNT_IN -d 185.152.116.9 -j ACCEPT
-A COUNT_OUT -s 185.152.116.9 -j ACCEPT

The result from Centos when I use it for routing is:
iptables -L -n -v
  300  142K ACCEPT     all  --  *      *       0.0.0.0/0            185.152.116.9
  258  950K ACCEPT     all  --  *      *       185.152.116.9   0.0.0.0/0  
 But when I run Centos as standalone and mirror my Hardwarerouter nothing counts.

How can I make iptables sniff the traffic on the hardware router ?
Or is there any other solution to count the usage of each ip address (have about 1000 addresses on my system)
0
 
LVL 35

Assisted Solution

by:Duncan Roe
Duncan Roe earned 250 total points
ID: 41845292
iptables is  certainly not a sniffer. Unless the packet is destined for the box or to be routed through it, it will not get counted.
For what you want to do, I suggest some combination of tcpdump and awk.
0
 
LVL 35

Accepted Solution

by:
Dan Craciun earned 250 total points
ID: 41845381
I would use ntop/ntopng for that.

HTH,
Dan
0

Featured Post

Free Tool: ZipGrep

ZipGrep is a utility that can list and search zip (.war, .ear, .jar, etc) archives for text patterns, without the need to extract the archive's contents.

One of a set of tools we're offering as a way to say thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

The Cisco RV042 router is a popular small network interfacing device that is often used as an internet gateway. Network administrators need to get at the management interface to make settings, change passwords, etc. This access is generally done usi…
In the world of WAN, QoS is a pretty important topic for most, if not all, networks. Some WAN technologies have QoS mechanisms built in, but others, such as some L2 WAN's, don't have QoS control in the provider cloud.
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
If you're a developer or IT admin, you’re probably tasked with managing multiple websites, servers, applications, and levels of security on a daily basis. While this can be extremely time consuming, it can also be frustrating when systems aren't wor…
Suggested Courses
Course of the Month8 days, 1 hour left to enroll

617 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question