> we're trying to nut out some possible wayward traffic on some of our networks
> that seem to be artificialy overloading our ascend max access routers.
>
> All our traffic goes via a Linux ethernet router/bridge and we're trying to
> find the best way to count the data statistics of all going through it.
>
> We do have a script that we can run that loops through EVERY single ip we have
> on our systems (nearly a full b class) but this brings the linux ethernet
> router/bridge to a snail crawl as having something like 3000 or more ipfwadm -A
> commands seems to overload it.
>
> We have looked at tcpdump, and although that says where and to the data is
> going, it as far as we can see doenst show the amount of bytes/octets in each
> line/packet thats listed.
If you use the -e switch, it will print the link-level header, which
includes the length of each ethernet frame (this includes any padding,
so you can't always deduce the size of the IP datagram which it
contains).
An alternative would be to have a single accounting rule which matches
everything, and use ipfwadm's -o switch to log the packet details.
This requires that the kernel was compiled with
CONFIG_IP_FIREWALL_VERBOSE.
-- Glynn Clements <glynn@sensei.co.uk> - To unsubscribe from this list: send the line "unsubscribe linux-net" in the body of a message to majordomo@vger.rutgers.edu