I want to know the traffic generated by each single IP address in Lan in upload and in download. I have root access on a linux firewall that routes the traffic.
Use this script to start collecting informations:
#!/bin/sh
I="/sbin/iptables"
$I -N wrap1
$I -F wrap1
$I -I FORWARD 1 -j wrap1
C=1
while [ $C -lt 254 ];
do
$I -A wrap1 -i eth3 -o eth1 -s 192.168.1.$C
let C=C+1
done
$I -N wrap2
$I -F wrap2
$I -I FORWARD 2 -j wrap2
C=1
while [ $C -lt 254 ];
do
$I -A wrap2 -i eth1 -o eth3 -d 192.168.1.$C
let C=C+1
done
Don´t forget to setup the script changing the Lan address if it´s not 192.168.1.x
User this script to watch traffic flow in realtime:
#!/bin/sh
echo '***** INBOUD TRAFFIC *****'
/sbin/iptables -L MON2 -n -v | grep -v ' 0 0 all'
echo
echo '***** OUTBOUD TRAFFIC *****'
/sbin/iptables -L MON1 -n -v | grep -v ' 0 0 all'
Check that the correct tabs (tabulation characters) are present in the "grep -v" section of the previous script, or copy and paste that text from you iptables dump... I mean the " 0 0 all" part.