tracking connections through a Linux firewall

Hi all,

I needed help w.r.t. connection tracking on a Linux box running
Mandrake 9.1 acting as a router and firewall (configured through
Shorewall). All outbound connections are NATed though the firewall
public ip. Inbound connections are only allowed into the DMZ.

I need to track down users behind the firewall who are doing long
running heavy downloads.

Is it possible to get such information from the firewall? For example,
can I get info on which connections have been active for the longest
time. Or which tcp connections have transported the most number of
bytes?

/proc/net/ip_conntrack lists the active connections but I cannot get
any info on the time the connection has been up, or the amount of data
that has transported through it.

Any help will be appreciated.

Regards,
Amit Murthy


thodu