> How about using the "IP accounting" facility of iptables? Try: > > #iptables -A FORWARD -s 1.2.0.0/16 > > i.e. without the -j option, to create a counter, and use > > #iptables -L -v > > to read out the results.
Thanks, but you are writing about something different. Counters are good, but I must be able to see for all ips byte counts on any port or protocol, which is specified _after_ byte counts are recorded. I must store it into database and select specific port, ip and/or protocol by database query. So I'm asking about accounting _target_, which will allow me to collect all the data without sending one packet to userspace immediately after rule matches (as -j ULOG does). pcap is unusable for me too. I heard, that something like this exists (or existed ;-), but couldn't find anything about it. -- Martin Tomasek, [EMAIL PROTECTED] BOFH excuse #30: positron router malfunction
msg04557/pgp00000.pgp
Description: PGP signature
