Gentoo Forums
Gentoo Forums
Gentoo Forums
Quick Search: in
how to log network traffic?
View unanswered posts
View posts from last 24 hours

 
Reply to topic    Gentoo Forums Forum Index Networking & Security
View previous topic :: View next topic  
Author Message
avx
Advocate
Advocate


Joined: 21 Jun 2004
Posts: 2152

PostPosted: Wed Dec 01, 2010 10:52 pm    Post subject: how to log network traffic? Reply with quote

For private needs, thus not to spy on anybody, I need some tool to log my network traffic.

It shouldn't log every packet, as ie wireshark does, but rather connection only. Thus, if possible, it should produce some output like this
Code:
DATE TIME PROTOCOL REQUESTING-IP TARGET-IP {TARGET-NAME} PID APPNAME
, so for example
Code:
2010-12-12 http 127.0.0.1 22.33.44.55 someserver.com 4340 firefox


For protocols, it should ideally be able to identify the most common things, thus: http(s), smtp, ftp, ssh/sftp, nntp, torrent, xmpp, oscar, ... the more the better.

Output should be done in some plaintext format I can easily `grep`, some additional webui would be nice but isn't really needed. Tips? Thanks.
_________________
++++++++++[>+++++++>++++++++++>+++>+<<<<-]>++.>+.+++++++..+++.>++.<<+++++++++++++++.>.+++.------.--------.>+.>.
Back to top
View user's profile Send private message
erik258
Advocate
Advocate


Joined: 12 Apr 2005
Posts: 2650
Location: Twin Cities, Minnesota, USA

PostPosted: Thu Dec 02, 2010 3:34 am    Post subject: Reply with quote

You might consider doing this on the firewall level - iptables does logging a few different ways, the simple but easy LOG target, and the more complicated but fuller featured ULOG userspace logging target.

While the firewall won't know program names (unless you use something like netstat and associate data) it _can_ work with more than one computer. You could add logging for packets with certain states (like NEW) that might interest you.

Of course there's heavier weight solutions as well, but the iptables solution provides the benefit of working at the kernel packet level.
_________________
Configuring a Firewall? Try my iptables configuration
LinuxCommando.com is my blog for linux-related scraps and tidbits. Stop by for a visit!
Back to top
View user's profile Send private message
avx
Advocate
Advocate


Joined: 21 Jun 2004
Posts: 2152

PostPosted: Thu Dec 02, 2010 1:23 pm    Post subject: Reply with quote

Reading good, only has the somewhat major downside, that I've got practically no experience with iptables. For now, it only has to cope with my desktop-pc, thus ideally it should be quite easy to setup. I'd be glad if you could show me some nice example or link me to one of your so called 'heavier solutions', thanks.

Edit, if it's needed/helpfull, my desktop currently goes online through my hardware-router (fritz!box), so I haven't setup any big and networking related stuff at all on the desk.
_________________
++++++++++[>+++++++>++++++++++>+++>+<<<<-]>++.>+.+++++++..+++.>++.<<+++++++++++++++.>.+++.------.--------.>+.>.
Back to top
View user's profile Send private message
lyallp
Veteran
Veteran


Joined: 15 Jul 2004
Posts: 1409
Location: Adelaide/Australia

PostPosted: Thu Dec 02, 2010 11:23 pm    Post subject: Reply with quote

Not exactly what you are looking for but maybe try net-analyzer/ntop.
Gives all sorts of interesting statistics.
_________________
...Lyall
Back to top
View user's profile Send private message
Display posts from previous:   
Reply to topic    Gentoo Forums Forum Index Networking & Security All times are GMT
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum