Hi all,
I needed help w.r.t. connection tracking on a Linux box running
Mandrake 9.1 acting as a router and firewall (configured through
Shorewall). All outbound connections are NATed though the firewall
public ip. Inbound connections are only allowed into the DMZ.
I need to track down users behind the firewall who are doing long
running heavy downloads.
Is it possible to get such information from the firewall? For example,
can I get info on which connections have been active for the longest
time. Or which tcp connections have transported the most number of
bytes?
/proc/net/ip_conntrack lists the active connections but I cannot get
any info on the time the connection has been up, or the amount of data
that has transported through it.
Any help will be appreciated.
Regards,
Amit Murthy
|
Similar Threads
Linear Mode
