Is there any way to dynamically measure the no of concurrent internal hosts (IP''s) utilising the linux NAT Gateway/forwarding box. The idea is to measure the no of hosts actively using the gateway. I do not want to measure the no of TCP connections which iptraf does because it does not give the actual no of hosts. _________________________________________________________________ Protect your PC - get McAfee.com VirusScan Online http://clinic.mcafee.com/clinic/ibuy/campaign.asp?cid=3963 _______________________________________________ LARTC mailing list / LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
On Friday 07 February 2003 08:35, CLS Prasad wrote:> Is there any way to dynamically measure the no of concurrent internal hosts > (IP''s) utilising the linux NAT Gateway/forwarding box. > The idea is to measure the no of hosts actively using the gateway. I do not > want to measure the no of TCP connections which iptraf does because it does > not give the actual no of hosts.:) On slashdot was an article about the same subject. It can be done if you really want to do so. http://slashdot.org/article.pl?sid=03/02/05/2129218&mode=thread&tid=95 Stef -- stef.coene@docum.org "Using Linux as bandwidth manager" http://www.docum.org/ #lartc @ irc.oftc.net _______________________________________________ LARTC mailing list / LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
: Is there any way to dynamically measure the no of concurrent internal
: hosts (IP''s) utilising the linux NAT Gateway/forwarding box.
If you have root level access to the box, you can use a bit of shell to
determine the number of concurrent "clients" in any given instant.
This
assumes, of course, that you don''t have an internally
SNATed/masqueraded
network which {c,w}ould hide more clients.
ipchains?
# /sbin/ipchains -MnL | awk ''/[0-9][0-9]:[0-9][0-9]/{print
$3}'' \> | sort | uniq | wc -l
iptables?
# awk ''/(ESTABLISHED|ASSURED)/{print $5}''
/proc/net/ip_conntrack \> | sort | uniq
Naturally with iptables, you''ll need to know a bit more about your use
of
the connection tracking to disambiguate any inbound or internal to DMZ
connections to accurately count your SNAT/MASQUERADEd connections.
The above shell is not designed with efficiency in mind (obviously), but
you get the idea.
-Martin
--
Martin A. Brown --- SecurePipe, Inc. --- mabrown@securepipe.com
_______________________________________________
LARTC mailing list / LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/