Re: Masquerade bean-counting

• Next message: Jorgen Skjaanes: "Re: 2.2.14 feels slow and non-interactive."
• Previous message: Mike A. Harris: "Re: 2.2.14 feels slow and non-interactive."
• In reply to: Dan Sheppard: "Masquerade bean-counting"
• Next in thread: dans@chiark.greenend.org.uk: "Re: Masquerade bean-counting"
• Reply: dans@chiark.greenend.org.uk: "Re: Masquerade bean-counting"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Dan Sheppard wrote:
>
> [Personal cc's would be appreciated. I read this list via a web
> interface, as I collect my mail over a modem. I'm not sure of the
> latency of the web-page updates].
>
> I help run a machine which hides a network in a shared house by
> putting on a masquerade for an ISP which it dials up from time to
> time. I'd like to see how many bytes are masqueraded to which
> local-addresses during the course of a connection, to keep track of
> what goes where and why.
>
> As far as I can tell (RTFM,UTSL) (I'm using a 2.2.x) accounting is
> only done as a global count of bytes/packets passing through a
> particular chain. Now it's not practical for me to insist that there's
> a separate forwarding chain for each local machine as we have, er, a
> lot of machines passing through the house, these are allocated and
> deallocated ip's in a process with all the refinement and managerial
> control of a street battle.
>
> What I'm asking then, is if it would be sensible for me to write a
> patch which maintains records of what passes through the masquerading
> process, and produces a summary of bytes/packets masqueraded to each
> ip address, and made the results available in, say, /proc.
>
> I can cope with doing that, but I'd be interested in
>
> - The D'oh factor: Is there an easy way of doing this already?
> - Vehement objections to the whole idea.
> - Ideas, suggestions, and half-finished projects which might help.
>
> Thanks for listening,
> Dan.
>
> -
> To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
> the body of a message to majordomo@vger.rutgers.edu
> Please read the FAQ at http://www.tux.org/lkml/

You could use NeTraMet (Network Traffic Meter) which is a mature user
mode solution that uses libpcap to snoop traffic and record traffic
summariess using a simple packet matching rule language. You could
easily configure it to record a summary of traffic on gateway's interior
interface between say <internal RFC1918 address> and <public addresses>
aggregated by internal address.

Source: ftp://ftp.auckland.ac.nz/pub/iawg/NeTraMet/NeTraMet43.tar.gz
Docs: ftp://ftp.auckland.ac.nz/pub/iawg/NeTraMet/ntm43.pdf

The software scales up to OC3 speed realtime traffic accounting and can
even listen to NetFlow accounting records from a CISCO router
(NetFlowMet). I use it at an ISP environment for doing destination based
(global/national/local) traffic reporting per network.

-- 
  ~mc <michael@astrolog.net>
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.rutgers.edu
Please read the FAQ at http://www.tux.org/lkml/

• Next message: Jorgen Skjaanes: "Re: 2.2.14 feels slow and non-interactive."
• Previous message: Mike A. Harris: "Re: 2.2.14 feels slow and non-interactive."
• In reply to: Dan Sheppard: "Masquerade bean-counting"
• Next in thread: dans@chiark.greenend.org.uk: "Re: Masquerade bean-counting"
• Reply: dans@chiark.greenend.org.uk: "Re: Masquerade bean-counting"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b29 : Sun Jan 23 2000 - 21:00:21 EST