LDP
/
old-www
1
1
Fork 0
Code Issues Pull Requests Releases Wiki Activity
old-www/LDP/nag2/x-087-2-accounting.passive....

205 lines
3.4 KiB
HTML
Raw Permalink Blame History

<HTML
><HEAD
><TITLE
>Passive Collection of Accounting Data</TITLE
><META
NAME="GENERATOR"
CONTENT="Modular DocBook HTML Stylesheet Version 1.57"><LINK
REL="HOME"
TITLE="Linux Network Administrators Guide"
HREF="index.html"><LINK
REL="UP"
TITLE="IP Accounting"
HREF="x-087-2-accounting.html"><LINK
REL="PREVIOUS"
TITLE="Flushing the Ruleset"
HREF="x-087-2-accounting.flushing.rules.html"><LINK
REL="NEXT"
TITLE="IP Masquerade and Network Address Translation"
HREF="x-087-2-ipmasq.html"></HEAD
><BODY
CLASS="SECT1"
BGCOLOR="#FFFFFF"
TEXT="#000000"
LINK="#0000FF"
VLINK="#840084"
ALINK="#0000FF"
><DIV
CLASS="NAVHEADER"
><TABLE
WIDTH="100%"
BORDER="0"
CELLPADDING="0"
CELLSPACING="0"
><TR
><TH
COLSPAN="3"
ALIGN="center"
>Linux Network Administrators Guide</TH
></TR
><TR
><TD
WIDTH="10%"
ALIGN="left"
VALIGN="bottom"
><A
HREF="x-087-2-accounting.flushing.rules.html"
>Prev</A
></TD
><TD
WIDTH="80%"
ALIGN="center"
VALIGN="bottom"
>Chapter 10. IP Accounting</TD
><TD
WIDTH="10%"
ALIGN="right"
VALIGN="bottom"
><A
HREF="x-087-2-ipmasq.html"
>Next</A
></TD
></TR
></TABLE
><HR
ALIGN="LEFT"
WIDTH="100%"></DIV
><DIV
CLASS="SECT1"
><H1
CLASS="SECT1"
><A
NAME="X-087-2-ACCOUNTING.PASSIVE.COLLECTION"
>10.6. Passive Collection of Accounting Data</A
></H1
><P
>&#13;One last trick you might like to consider: if your Linux machine is
connected to an Ethernet, you can apply accounting rules to all of the data
from the segment, not only that which it is transmitted by or destined for it.
Your machine will passively listen to all of the data on the segment and
count it.</P
><P
>You should first turn IP forwarding off on your Linux machine so
that it doesn't try to route the datagrams it
receives.<A
NAME="X-087-2-FNAC01"
HREF="#FTN.X-087-2-FNAC01"
>[1]</A
>
In the 2.0.36 and 2.2 kernels, this is a matter of:
<TABLE
BORDER="0"
BGCOLOR="#E0E0E0"
WIDTH="100%"
><TR
><TD
><PRE
CLASS="SCREEN"
># <TT
CLASS="USERINPUT"
><B
>echo 0 &#62;/proc/sys/net/ipv4/ip_forward</B
></TT
></PRE
></TD
></TR
></TABLE
></P
><P
>&#13;You should then enable promiscuous mode on your Ethernet interface using the
<B
CLASS="COMMAND"
>ifconfig</B
> command. Now you can establish accounting
rules that allow you to collect information about the datagrams flowing
across your Ethernet without involving your Linux in the route at all.</P
></DIV
><H3
CLASS="FOOTNOTES"
>Notes</H3
><TABLE
BORDER="0"
CLASS="FOOTNOTES"
WIDTH="100%"
><TR
><TD
ALIGN="LEFT"
VALIGN="TOP"
WIDTH="5%"
><A
NAME="FTN.X-087-2-FNAC01"
HREF="x-087-2-accounting.passive.collection.html#X-087-2-FNAC01"
>[1]</A
></TD
><TD
ALIGN="LEFT"
VALIGN="TOP"
WIDTH="95%"
><P
>This isn't a good thing to do if your Linux machine serves as a router. If
you disable IP forwarding, it will cease to route! Do this only on a
machine with a single physical network interface.</P
></TD
></TR
></TABLE
><DIV
CLASS="NAVFOOTER"
><HR
ALIGN="LEFT"
WIDTH="100%"><TABLE
WIDTH="100%"
BORDER="0"
CELLPADDING="0"
CELLSPACING="0"
><TR
><TD
WIDTH="33%"
ALIGN="left"
VALIGN="top"
><A
HREF="x-087-2-accounting.flushing.rules.html"
>Prev</A
></TD
><TD
WIDTH="34%"
ALIGN="center"
VALIGN="top"
><A
HREF="index.html"
>Home</A
></TD
><TD
WIDTH="33%"
ALIGN="right"
VALIGN="top"
><A
HREF="x-087-2-ipmasq.html"
>Next</A
></TD
></TR
><TR
><TD
WIDTH="33%"
ALIGN="left"
VALIGN="top"
>Flushing the Ruleset</TD
><TD
WIDTH="34%"
ALIGN="center"
VALIGN="top"
><A
HREF="x-087-2-accounting.html"
>Up</A
></TD
><TD
WIDTH="33%"
ALIGN="right"
VALIGN="top"
>IP Masquerade and Network Address Translation</TD
></TR
></TABLE
></DIV
></BODY
></HTML
>
Reference in New Issue View Git Blame Copy Permalink