Re: NAT-aware traffic analysis

Linux Advanced Routing and Traffic Control

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Greetings,

 : I have tried using iptraf for my NAT firewall to analyse the IP 
 : traffic. Basically I am faced with this difficulty of related the 
 : source IP to the outgoing interface to the internet, so I am 
 : wondering if anyone has a suggestion for a different ways to do 
 : it, or a suggestion for a better tool.

I don't know of a flow analysis tool that records internal and 
external addresses at the NAT boundary.  Without knowing how you 
separate your traffic outbound, it'd be hard for us to guess what 
the shortcomings of any of these solutions might be, but here are a 
few ideas:

  * Record the state of /proc/net/ip_conntrack and your flow 
    information snapshots at exactly the same time.  Use the 
    ip_conntrack state information (programmatically) to yield
    the answers you want about usage information.

  * Use a flow analysis tool (e.g., argus) to record the flow 
    information on your internal interface.  Since you built the 
    rules for distributing traffic and selecting the path for 
    outbound flows, you should be able to map this same logic onto 
    your recorded flows.

In short, I think you may have better luck approaching the problem 
as a flow-analysis problem than a statistical summarization of 
traffic on any specific interface.

Good luck,

- -Martin

- -- 
Martin A. Brown
http://linux-ip.net/
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2 (GNU/Linux)
Comment: pgf-0.72 (http://linux-ip.net/sw/pine-gpg-filter/)

iD8DBQFG3i65HEoZD1iZ+YcRAkqiAJ4rp7p3Sg+b4i0PYvpXRlHZtrm/ogCfe52L
00fFE3OOeNHP8QIiTRuB9LM=
=Egrt
-----END PGP SIGNATURE-----
_______________________________________________
LARTC mailing list
LARTC@xxxxxxxxxxxxxxx
http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc

[Index of Archives]     [LARTC Home Page]     [Netfilter]     [Netfilter Development]     [Network Development]     [Bugtraq]     [GCC Help]     [Yosemite News]     [Linux Kernel]     [Fedora Users]
  Powered by Linux