How to watch traffics from/to masqueraded machines.[solved]

maverick6664 · Last edited by maverick6664 on Mon Oct 15, 2012 7:38 am; edited 1 time in total

Hi all,

I have 2 machines;one gentoo and the other Windows Vista. Gentoo is the gateway and using IP-masquerading, Vista is connected to Gentoo machine.

Now on Gentoo machine I can see network connection from/to Gentoo machine using netstat (as a matter of course!), but netstat doesn't show traffices from/to Vista machine. I use Wireshark also and it shows traffics from/to Vista machine, but wireshark is a little bit verbose.

Is there any way to just check trafics from/to Vista machine?

Thanks in advance.
_________________
Tetsuji Rai
a.k.a. Lukiest in the world

Hu · Moderator Joined: 06 Mar 2007 Posts: 21602

You could inspect the connection tracking table, if you have enabled the right kernel options. It is possible to have a kernel which can perform NAT, but which does not provide the data in a readily-accessible form. I like iptstate for printing the table, but there may be other tools that can do it.

Note that in some cases, a connection tracking entry will exist when no actual connection exists. However, if a connection exists, it should be in the tracking table.

PaulBredbury · Watchman Joined: 14 Jul 2005 Posts: 7310

Can watch the iptables rule-matching totals, e.g.:

Hu · Moderator Joined: 06 Mar 2007 Posts: 21602

Using watch can be a good choice if you want to inspect counters from a program that does not understand repeated runs (e.g. iptables), but the statement shown depends on the mangle table, which is optional for simple NAT setups, and on having a rule that uses CLASSIFY, which is also optional for NAT.

maverick6664 · Posted: Mon Oct 15, 2012 7:37 am Post subject:

Thank you all.
I'll try all and compare. Thank you! :lol:

_________________
Tetsuji Rai
a.k.a. Lukiest in the world