iptbales to monitor download and upload data

Question

clife 0 Unverified User

9 Years Ago

Hi ,

I would like to monitor upload and download datas of devices connected to the router.

I am using the following iptables rules:

sudo iptables -N DMon
sudo iptables -A FORWARD
sudo iptables -A FORWARD -d 70.70.70.1/26 -j DMon
sudo iptables -A DMon -d 70.70.70.50
sudo iptables -A FORWARD -s 70.70.70.1/26 -j DMon
sudo iptables -A DMon -s 70.70.70.50

After this i am able to see the packets and bytes counters as below

sudo iptables -L DMon -n -v

Chain DMon (2 references)
 pkts bytes target     prot opt in     out     source               destination         
 1123  886K            all  --  *      *       0.0.0.0/0            10.10.10.50         
 1160  236K            all  --  *      *       10.10.10.50          0.0.0.0/0

to parse and display only ip address and bytes i am using the below expression.

sudo iptables -L DMon -n -v -x | awk '$1 ~ /^[0-9]+$/ { printf "IP:%s DLBytes:%d \n", $8, $2 }'

to be frank i am not good at iptables and awk, i got these details from site :

http://www.catonmat.net/blog/traffic-accounting-with-iptables/

My doubt is when i use the expression ( awk '$1 ~ /^[0-9]+$/ { printf "IP:%s DLBytes:%d \n", $8, $2 }' ) which is actually converting KBytes to Bytes , but when i convert the same value using formula XKBytes = 1024 * X Bytes, i am not getting the same values.

for example:

The Download data value from iptables( sudo iptables -L DMon -n -v) : 934K
The value printed using awk expression: 934336
The actual value is : 943 * 1024 = 965632

similarly for upload:
The Upload data value from iptables: 262K
The value printed using expression: 262183
The actual value is : 262 * 1024 = 268288

First of all, I dont understand why the expression to converting KBytes to Bytes , i dont see any conversion logic in expression.
Second is it possible to change the expression to check the value in bytes field if its having K or M, then multiply the value with 1024 or 1024 * 1024 etc , if just value then its Bytes.

Please help me out to solve this problem.

Thanks

file-system

2 Contributors
2 Replies
330 Views
1 Day Discussion Span
Latest Post 9 Years Ago Latest Post by clife

rubberman 1,355 Nearly a Posting Virtuoso

9 Years Ago

You might want to drop iptables and use pcap to capture network traffic in "promiscuous" mode, and then wireshark to filter and analyze it. That has worked well for me in the past.

FWIW, to convert KBytes to Bytes, multiply by 1024. Also, this line "The actual value is : 943 * 1024 = 965632" should be "The actual value is : 934 * 1024 = 956416". The nice thing about math is that everyone has a different answer, unless they agree on specific terms at the beginning... Also, the 934KBytes may be (and probably is) rounded off - up or down? Perhaps the awk answer is correct. In any case, Wireshark and pcap will give you exact answers if you need.

Reply to this topic

Be a part of the DaniWeb community

We're a friendly, industry-focused community of developers, IT pros, digital marketers, and technology enthusiasts meeting, networking, learning, and sharing knowledge.

clife 0 Unverified User · Answer 1 · 2015-07-15T06:52:18+00:00

Actually i am not working with real router, i configured my PC as router.I also have multiple devices connected to my PC using siwtch on different interface.

Just to start, Can you give me some references for pcap and wireshark and how to capture data for multiple devices.

Thanks.