IPTables IPChains with IPAC-NG

Web Site : http://www.daneben.de/ipac.html

Type : Network Analyser
Operating System : LINUX,FREEBSD,UNIX

PAC-NG is a trafic and packet counter, he read all the information in the IPTABLES table. With this software you can generate a simple ascii table, graph or image.

If you want analyse the traffic of a complete network i have used a linux in bridge mode in front of the gateway but if the linux is down you don't have access to the gateway and you can't leave the network.

You can't use IPAC-NG with a promisc interface because the kernel drop all packet with iptables when all traffic come from a mirror port.

Summary

Install IPAC-NG

How to use IPAC-NG

Install IPAC-NG

Dependancy IPTABLES, PERL 5, KERNEL 2.0.29-* 2.2.3-* 2.4.* 2.6.*, (AWK, MKTEMP)

You must download the archive of the installation
File : http://sourceforge.net/projects/ipac/
The last stable version is : IPAC-1.10.

Download the file :

wget http://surfnet.dl.sourceforge.net/sourceforge/ipac/ipac-1.10.tar.gz

You must extract all files in a directory.

tar -zxvf ipac-1.10.tar.gz
cd ipac-1.10

Installation of IPAC-NG

sh configure
make
make install

create ipac.conf

Howto Use IPAC-NG

When you have created the ipac.conf, you have to create rules to see traffric from or to an IP Address or by protcol.

Name of rule : String to describ the rule
Direction : in or out
Interface : like ethX or empty value
Protocol : tcp, udp, icmp or all
Source & Destination : ip address / bit mask -> 192.168.1.2/32 or 192.168.1.0/24

After you have to run ipac-ng to create the differente table for traffic and for forward traffic

/usr/sbin/fetchipac -S

fetchipac help

Tables:

ipac~o and ipac~i are tables to identify traffic input and output
ipac~fi and ipac~fo are tables to identify forward traffic input and output

Example :

View All traffic

Incoming Total System|ipac~o|eth0|all||||
Incoming Total System|ipac~fi|eth0|all||||
Outgoing Total System|ipac~i|eth0|all||||
Outgoing Total System|ipac~fo|eth0|all||||

View traffic of the host

Incoming Total System|ipac~o|eth0|all||192.168.0.2/32||
Outgoing Total System|ipac~i|eth0|all|192.168.0.2/32|||

Cron config

# get data for ipacsum

*/5 * * * * root /usr/local/sbin/fetchipac

After you can create cron to have value by hour, by day, by week.

0 */1 * * * root /usr/local/sbin/ipacsum -r -H `/bin/hostname` -t "the hour " >/dev/null
1 0 * * * root /usr/local/sbin/ipacsum -r -H `/bin/hostname` -t "the day" >/dev/null
1 0 * * 0 root /usr/local/sbin/ipacsum -r -H `/bin/hostname` -t "the week " >/dev/null

View Data

ipacsum help

# View graph of the day

/usr/sbin/ipacsum -t today

Result :

IP accounting summary
Host: dev / Time created: 2005/11/04 13:56:17 CET
Data from 2005/11/04 00:00:00 CET to 2005/11/04 13:56:17 CET
Incoming Total System : 126K
Outgoing Total System : 360K

# View graph of the week

/usr/sbin/ipacsum -t "this week"

Result :

IP accounting summary
Host: dev / Time created: 2005/11/04 13:56:41 CET
Data from 2005/10/31 00:00:00 CET to 2005/11/04 13:56:41 CET
Incoming Total System : 126K
Outgoing Total System : 360K

GenerationIP

IPTables IPChains with IPAC-NG

Main Menu

Direct Tools

Visitor Data

Share this article:

GenerationIP Links

Generationip Clouds

GenerationIP DNS

Latest News

Popular

Newsflash