[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: opposite direction traffic

To: iptraf-users@seul.org
Subject: Re: opposite direction traffic
From: research@mclachlan.com.au
Date: Wed, 4 Jun 2003 11:30:13 +1000
Delivered-to: archiver@seul.org
Delivered-to: iptraf-users-outgoing@seul.org
Delivered-to: iptraf-users@seul.org
Delivery-date: Tue, 03 Jun 2003 21:28:58 -0400
Reply-to: iptraf-users@seul.org
Sender: owner-iptraf-users@seul.org
User-agent: Mutt/1.2.5.1i

I've installed iptraf on a server. I am using it in the background and I
would like to clarify what is recorded in the ip_traffic log files.

In particular. Is the number of bytes listed against "opposite direction"
traffic actually recorded elsewhere in the log file ?

i.e. Initially I wasn't calculating usage from the opposite direction. Then
I felt that it was required to accurately capture ALL traffic. HOWEVER in
the case below the 147931549 is clearly captured twice. Is this always the
case ? Are there times when the opposite direction traffic won't be recorded
elsewhere as in the example below ?

From the two lines below, can you tell me which "Bytes" portions represent
new and unique traffic ?

Tue Jun 3 15:18:17 2003; TCP; eth0; 40 bytes; from 213.199.146.24:80 to
192.168.1.12:2867; FIN sent; 98639 packets, 147931549 bytes, avg flow rate
0.00 kbytes/s

Tue Jun 3 15:30:00 2003; TCP; eth0; 46 bytes; from 192.168.1.12:2867 to
213.199.146.24:80; Connection reset; 55420 packets, 2562424 bytes, avg flow
rate 0.00 kbytes/s; opposite direction 98639 packets, 147931549 bytes; avg
flow rate 0.00 kbytes/s

Thanks,

Wilson Fletcher

Follow-Ups:
- Re: opposite direction traffic
  - From: research@mclachlan.com.au

Next by Author: Re: opposite direction traffic
Next by thread: Re: opposite direction traffic
Index(es):
- Author
- Thread