Re: SYN rate statistics.

[Christian Lyra <lyra@pop-pr.rnp.br>]

Hi,

	why not just do a rule like:

iptable -A FORWARD -m state --state NEW -j ACCEPT

them you can count how many packet/bytes with:

iptables -L -v -x

 if you want to go further you can do something like:

#!/bin/sh
$packets=$(iptables -L -v -x | awk '/state NEW/' {print $1})
echo $packets

now, you can even use it as a input to rrdtool ! :-)


On Thursday 06 November 2003 08:42, Kuba Jakubik wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> hi list,
>
> | How  to determine normal/peak rate of packets with SYN to my debian
>
> box, for using this value
>
> | in iptables limit match.
>
> here you are:
>
> - --- CUT ---
> #!/bin/sh
>
> TEMPFILE=`tempfile`
> SCOREFILE="/tmp/scorefile"
> MYHOST="10.0.0.254"
>
> while [ 1 -eq 1 ]; do
> DATE1=`date +%s`
> tcpdump tcp[13]=0x2 and dst $MYHOST 2> /dev/null > $TEMPFILE &
> sleep 10
> killall tcpdump
> DATE2=`date +%s`
> NUMBER=`cat $TEMPFILE | wc -l`
> echo "$DATE1 $DATE2 $NUMBER" >> $SCOREFILE
> echo -n > $TEMPFILE
> done
>
> rm $TEMPFILE
> - --- CUT ---
>
> just change MYHOST to your ip and viola :)
> then just suck the scorefile to some spreadsheet or just visually
> analise it.
>
> Greetings,
>
> Kuba BIGHard Jakubik
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.2.2 (GNU/Linux)
> Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
>
> iD8DBQE/qiWWYcNicAJN4x0RAlmdAKCjnRdkkGvMH1IH5B0s40Y9dvFjIACgvYSp
> +GfEY0MQcUV9tHMpxZIfD0Y=
> =ePJs
> -----END PGP SIGNATURE-----

-- 
Christian Lyra
POP-PR - RNP

http://lyra.soueu.com.br
http://wecanstopspam.org

  The highest sounds are hardest to hear.
  Going forward is a way to retreat.
  Great talent shows itself late in life.
  Even a perfect program still has bugs.
						The Tao Of Programing