0

I need to get the rate at which certain packets (i.e. LDAP) arrive on a interface in a linux environment.

I was thinking of using tcpdump to filter the wanted packets and subsequently monitor the rate at which rx packets are seen. Perhaps by monitoring the rate of writes/s to tcpdump output file?

Or perhaps even better iptables where i would match packets by certain rule and then somehow get the packet rate for packets matching this rule.

Any idea how this could be done?

Thanks!

vobelic
  • 193
  • 1
  • 5
  • 17

1 Answers1

1

iptables is the right tool. You can create rules without a target. They just count packets then. And you can reset the counter of this rule (or at least of a chain).

You just have to decide whether you want to count new connections or really all packets and place the rule accordingly (usually an ACCEPT rule for packets with status ESTABLISHED is at the beginning of the rule set). You need the -v switch to see the packet and byte counters:

iptables -L -nv
Hauke Laging
  • 5,285
  • 2
  • 24
  • 40
  • Correct but iptables does not give you directly the rate. You need to call `iptables -L -nv` at N seconds interval and then divide the difference between the two measurements by N. – bortzmeyer Apr 19 '13 at 19:32
  • How to limit packet rate using iptables? – WindChaser May 01 '18 at 07:31
  • @WindChaser That is a completely different question and not suitable for a comment. You should make that a new question. And explain why you want to do this with `iptables` because usually this is done with `tc`. – Hauke Laging May 01 '18 at 10:37
  • @HaukeLaging `tc` or any other tools are OK. I just need to know how to limit packet rate (packet number per second) instead of bandwidth. – WindChaser May 02 '18 at 05:26