0

Is there a way with Ubuntu 10.4LTS to detect and aggregate the number of packets transmitted over every port?

In other words, I'd like a process to keep track of the number of packets sent to each TCP port (whether or not a connection is established), and aggregate the number of packets, generating output like this:

PORT ATTEMPTS
22: 2535
67: 12424
6135: 1
6136: 1
6137: 1
11211: 244

It wouldn't hurt if the program kept track of other information, such as the packet flags (TCP SYN, connect, ACK, etc.), ideally by percentage.

I'm not aware of any program to do this seemingly fairly simple accounting, but I assume there is one. I'd be grateful for any information about what programs can provide this information.

Thank you for reading.

Brian

Brian M. Hunt
  • 181
  • 3
  • 17

1 Answers1

1

You can use iptables to account for these. For example:

iptables -A INPUT -p TCP --dport 80 --syn

will count the number of incoming SYN packets to port 80.

If you want to keep track of detailed statistics for a given period of time, I'd recommend using tcpdump to grab everything and then running multiple passes over the data with different filters.

You may also be interested in ntop.

MikeyB
  • 39,291
  • 10
  • 105
  • 189