--On Thursday, November 03, 2005 1:24 PM -0600 Les Mikesell
<lesmikesell@xxxxxxxxx> wrote:
Is there a generic way to do this with iptables without knowing
what ports are used? Ntop can group them by port/service but
will find the activity regardless of the ports used.
No, not if you want to break out every port into its own graph. (Well, you
could use 128k iptables rules, one per port, but that would likely be a
performance killer.) But ntop would still be overkill if that's all you
want. Just grab the header on every packet using libpcap and count the
ports yourself. ntop is a "full-service" program that's really intended for
a dedicated router with lots of memory to store state.
