Last active
February 8, 2017 08:31
-
-
Save imweijh/d6d6f7800270cce5e8bab74c25befb19 to your computer and use it in GitHub Desktop.
fprobe-ulog & iptables & nfdump
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| 设置防火墙,打标签,让fprobe-ulog记录(只处理对外的网卡eth0) | |
| iptables -I INPUT -i eth0 -j ULOG --ulog-cprange 48 --ulog-qthreshold 50 | |
| iptables -I OUTPUT -o eth0 -j ULOG --ulog-cprange 48 --ulog-qthreshold 50 | |
| iptables -I FORWARD -j ULOG --ulog-cprange 48 --ulog-qthreshold 50 | |
| 发送给 172.18.20.160:9995 | |
| fprobe-ulog -B4096 -q10000 172.18.20.160:9995 | |
| 接收: | |
| nfcapd -z -w -D -T all -l /var/cache/nfdump -I any -S 2 -P /var/run/nfcapd.allflows.pid | |
| 展示: | |
| nfdump -R /var/cache/nfdump/ 'dst port 53' -o line |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment