Linux Network Administrators Guide

   Linux Network Administrators Guide
   Prev    Chapter 10. IP Accounting    Next

10.6. Passive Collection of Accounting Data

One last trick you might like to consider: if your Linux machine is connected to an Ethernet, you can apply accounting rules to all of the data from the segment, not only that which it is transmitted by or destined for it. Your machine will passively listen to all of the data on the segment and count it.

You should first turn IP forwarding off on your Linux machine so that it doesn't try to route the datagrams it receives.[1] In the 2.0.36 and 2.2 kernels, this is a matter of:

   

# echo 0 >/proc/sys/net/ipv4/ip_forward

You should then enable promiscuous mode on your Ethernet interface using the ifconfig command. Now you can establish accounting rules that allow you to collect information about the datagrams flowing across your Ethernet without involving your Linux in the route at all.

Notes

   [1]    

This isn't a good thing to do if your Linux machine serves as a router. If you disable IP forwarding, it will cease to route! Do this only on a machine with a single physical network interface.

   Prev    Home    Next
   Flushing the Ruleset    Up    IP Masquerade and Network Address Translation

* License

* Linux Network Administrators Guide Guide Index