لطفا منتظر باشید ...
8.6. Passive Collection of Accounting Data
One last trick you might
like to consider: if your Linux host is connected to an Ethernet, you
can apply accounting rules to all of the data from the segment, not
only that which it is transmitted by or destined for it. Your host
will passively listen to all of the data on the segment and count it.You should first turn IP forwarding off on your Linux host so that it
doesn't try to route the packets it
receives.[1] You can do so
by running this command:[1] This isn't a good thing to
do if your Linux machine serves as a router. If you disable IP
forwarding, it will cease to route! Do this only on a machine with a
single physical network interface.
# echo 0 >/proc/sys/net/ipv4/ip_forwardYou should then enable
promiscuous mode on your Ethernet interface
using the ifconfig command. Enabling promiscuous
mode for an Ethernet device causes it to deliver all packets to the
operating system rather than only those with its Ethernet address as
the destination. This is only relevant if the device is connected to
a broadcast medium (such as unswitched Ethernet). For example, to
enable promiscuous mode on interface etH1:
# ifconfig eth1 promiscNow you can establish accounting rules that allow you to collect
information about the packets flowing across your Ethernet without
involving your Linux accounting host in the route at all.
