Linux - NetworkingThis forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
I need to detect the ip address of all outgoing and incoming packets on the outside of my LINUX firewall. Can someone advise me on the best way of doing this?
The above will log packets to /var/log/syslog or /var/log/messages depending on your system. There will be a LOT of data so you should prepare scripts to parse the log (or use something like logwatch)
sure enough you've got several ways to do so...
iptables can log the packets to the console or logfile
tcpdump can output them on the console or to a regular file
i think the winner of the game may be snort, which can output that to lots of format, from binary mode (pretty quick) to database (handy for further processing).
the real question is, what do you want to do with this info... if you write the source and destination IP of every single packet that goes through your firewall, you will have to deal with a _HUGE_ amount of (redundant) info.
Even before talking of processing this info, just writing it to disk will use some ressources and may quickly take lots of disk space if you're not carefull in how you store it and delete it once it's out of date.
You must also be aware that writing to disk is slow, so if you have a too many packets going through, writing all the info may not be possible... as an exemple, you can run tcpdump and generate lots of traffic... you'll see that once stopped, tcpdump tells you how many packets it has captured, how many packets went through and how many were discarded (dropped).
I think you'd better explain what you want to achieve with this info, people might give you better advice.
Anyway, don't misunderstand my post that's definitly doable, the thing is you've got to do it the proper way for what you're after!
Thanks for all your posts and your time in replying to me.
I have found ethereal software, which seems to beable to do what I am looking for. -
Basically I have to setup PAT and want to be able to check that the packets on the outside of the firewall have the same ip address as the firewalls external interface. Also I need to ensure that computers on the inside of the firewall can simultaneously make connections to the outside world, and that the ip address of these connections is the same, but with different port numbers.
So I am hoping I can use ethereal to do all of this.
If you disagree, or you have a better way, please do let me know as the stuff you posted was very helpful, especially to a newbie like me!
Sounds like ethereal is the best tool for the job you are trying to do right now. For long term stats gathering I like ntop which you might like to have a look at here
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.
