Trying to find how i can List/Graph/Statistics on network connections into my server?

helptonewbie · 06-15-2008, 04:09 PM

Hello all,
As the question outlines, i'm trying to find something that could monitor really just network traffic in some way. So not necessarily including ip addresses and anything like that but just the number of connections to a port number specifically so I can monitor the number of incoming connections. I’ve just seen a website called ntop I’m going to look into some more but is there any other suggestions? I’ve pretty much ruled out something like netstat although I could make it fit the needs, it would be a bit static and only collect the connections when run, I’d like something a bit more dynamic and be able to draw a graph from the data, something like that?

Thanks Regards,
Me

ps - now also looking at zabbix, anything else out there you me does anyone think??

eliufoo · 06-16-2008, 02:23 AM

Hi,

Have you tried using Cacti (google it.) It useful tool to capture interface data and other related information provided by snmp. Cacti is a complete frontend to RRDTool, it stores all of the necessary information to create graphs and populate them with data in a MySQL database.

linuxlover.chaitanya · 06-16-2008, 03:38 AM

I don't know how helpful this can be but can give Ethreal a try.

TaigaIV · 06-16-2008, 04:11 AM

Thanks for your advices, i preferer wireshark and tcpdump for packet anlysis.
Actually my problem is not capturing/analysing traffic but routing and NAT.

Regards,

Mathieu

linuxlover.chaitanya · 06-16-2008, 04:30 AM

For routing and nating Guidedog can help you.

TaigaIV · 06-16-2008, 04:53 AM

I advanced a bit, i can give now more informations and a new part of the problems.

I actually use two tap interfaces.

tap0 : 10.0.254.1 netmask 255.255.255.0
tap1 : 10.0.253.1 netmask 255.255.255.0

I created two entries in /etc/iproute2/rt_tables :
201 test.net1
200 test.net2

I created some iptables rules :
iptables -t mangle -A PREROUTING -d 10.0.254.0/24 -j MARK --set-mark 1
iptables -t nat -A PREROUTING -d 10.0.254.2 -j DNAT --to 172.21.1.69
iptables -t nat -A POSTROUTING -o tap0 -j SNAT --to 10.0.254.1

iptables -t mangle -A PREROUTING -d 10.0.253.0/24 -j MARK --set-mark 2
iptables -t nat -A PREROUTING -d 10.0.253.3 -j DNAT --to 10.1.0.1

And some ip rules :
ip rule del fwmark 1 table test.net1
ip rule add fwmark 1 table test.net1
ip route del default via 10.0.254.4 dev tap0 table test.net1
ip route add default via 10.0.254.4 dev tap0 table test.net1

ip rule del fwmark 2 table test.net2
ip rule add fwmark 2 table test.net2
ip route del default via 10.0.253.2 dev tap1 table test.net2
ip route add default via 10.0.253.2 dev tap1 table test.net2

From 10.0.253.2 i execute : ping 10.0.254.2
Packet never come back.

From the routeur point of view (where all this mess run), i get some informations
from tap1 :

11:45:35.753988 IP 10.0.253.2 > 10.0.254.2: ICMP echo request, id 53277, seq 8, length 64

from tap0 :

11:46:12.759495 IP 10.0.254.1 > 172.21.1.69: ICMP echo request, id 53277, seq 45, length 64
11:46:12.782288 IP 172.21.1.69 > 10.0.254.1: ICMP echo reply, id 53277, seq 45, length 64

And from kernel log something :
martian source 10.0.253.2 from 172.21.1.69, on dev tap0
ll header: 00:ff:ff:88:88:a1:00:ff:f5:cc:7c:74:08:00

I think when packet come back they are re-sent on tap0 after nat/prerouting. Any idea will be greatly welcome.

Thanks for reading.

Mathieu

TaigaIV · 06-17-2008, 02:01 AM

Sorry all, i don't know why my post are here, i was posting in an other threads.

coontie · 06-17-2008, 01:12 PM

MRTG -- google for it.