Ethertype Packet counter needed

Hi, is there a way to count packets received on a interface of Ethertype 0x8863.

I want to log this into a rrdp db file to understand packet per second over time.

For example with nft tables i can create a chain and just read sum of packets processed in a chain and store that in a rrd using a script, there is examples of this that can be googled. But non IP traffic?

Ebtables? There is in owrt "ebtables-nft Bridge firewall administration tool". Has anyone done a packet counter using ebtables?

I just need a packet count (Ethertype 0x8863) that i can grep into my script.

tcpdump -i eth1 pppoed
Change eth1 to the correct interface name.


Thx, this provides a package count at tcpdump exit. Meaning the counter measure interval is equal to the lifetime of tcpdump. Can this be improved so a counter runs all the time similar to a nft/iptables chain package counter?

I found this perl script/programming example, but im not a programmer.

I tried using a virtual bridge with physical eth0 connected, and ebtables chain to pull stats from a ebtables chain. But i could not get that to work, i think ebtables does not have a packet counter similar to iptables. Have not tried nft tables with the ebtable module but i think its the same.

Maybe need to start python learning and use libcap module in a phyton script/app.

There will be a line printed every time there is a match. You can grep and use that.

You could install the coreutils-timeout package, periodically run tcpdump for a specific period of time (using cron) and check the number of packets received.

Then you can collect the information for analysis or trigger some actions if the number of packets exceeds a certain threshold.

packets=$(timeout 10 tcpdump -i eth0 pppoed 2>&1 | grep 'packets received' | awk '{ print $1 }'); echo "$packets"
1 Like

Thx, yes i think tcpdump for capture is the easiest solution. I just wish nft tables could do it easier. I forgot to mention its about 40k to 60k p/s.
I have an idea mockup using tcpdump to create rolling pcap files and use capinfo application to extract the p/s value. capinfo makes that easy, then push it into a rrdtools file, and trigger action as suggested is ofc easy to do.


opkg update; opkg install kmod-nft-netdev
nft add table netdev filter
nft add chain netdev filter input { type filter hook ingress device eth0 priority 0 \; }
nft insert rule netdev filter input ether type 0x8863 counter
nft list ruleset netdev

That is awesome! This is way better then tcpdump for me.

Thank you! :star_struck:

1 Like

This topic was automatically closed 10 days after the last reply. New replies are no longer allowed.