[ILUG] Counting data transfer with iptables
Niall O Broin
niall at makalumedia.com
Sat Jun 18 20:28:43 IST 2005
I was asked if it were possible to see what services on a server were
contributing to data transfer usage. The colo provider provides
aggregate usage but we have no way of knowing what's using what. The
box is a web and mail server, and it's likely that the majority of the
transfer is http, but it'd be nice to know more accurately.
A little googling found various things, none of which seem to be
exactly what I want. It occurs to me that in fact this is a somewhat
hard question, because what I'm mainly interested in doing is counting
outgoing traffic from the server, which will be from and to random
ports. To count say HTTP traffic, I presume you'll have to use
something stateful, where you note the IP addresses and source ports of
incoming packets to port 80, and then count packets going back to those
addresses and ports (expiring saved incoming address/port pairs
periodically) and this sounds like it is fairly heavy for a busy
server.
Am I making more out of this than it really is?
Niall
More information about the ILUG
mailing list