Re: How can I get all IP transactions (in/out) logged?

[John Summerfield <debian@ComputerDatasafe.com.au>]

listcomm@ml1.net wrote:

> > It seems to me that the log won't necessarily be very large. It really
> > depends on how the connection is being used, doesn't it? An hours
> > worth of log from a dialup connection couldn't be very large, for
> > example.
> >
> > Of course, on a broadband connection with lots of websites being
> > visited or files being downloaded, the log would become quite large
> > fairly quickly.
> >    
>
> It  would depend on how much information is logged.  Logging the
> contents
> of packets during a web surfing session would generate
> a large file.  But, all I'm interested in is a source and destination
> IP for what has gone in and out of my system, along with possibly what
> port was used, what process ID was using the port, a timestamp, and a
> packet count.
>
>  

The kernel can log stuff like this:

Shorewall:net2all:DROP:IN=ppp0 OUT= MAC= SRC=219.150.118.21 
DST=202.89.174.209 LEN=1106 TOS=0x00 PREC=0x00 TTL=101 ID=28911 
PROTO=UDP SPT=3790 DPT=1026 LEN=1086

Still, you're likely to get big logs.
For more info
man iptables
http://www.netfilter.org/

--

Cheers
John

-- spambait
1aaaaaaa@computerdatasafe.com.au  Z1aaaaaaa@computerdatasafe.com.au
Tourist pics http://portgeographe.environmentaldisasters.cds.merseine.nu/