Hi, is there a way to count packets received on a interface of Ethertype 0x8863.
I want to log this into a rrdp db file to understand packet per second over time.
For example with nft tables i can create a chain and just read sum of packets processed in a chain and store that in a rrd using a script, there is examples of this that can be googled. But non IP traffic?
Ebtables? There is in owrt "ebtables-nft Bridge firewall administration tool". Has anyone done a packet counter using ebtables?
I just need a packet count (Ethertype 0x8863) that i can grep into my script.
Thx, this provides a package count at tcpdump exit. Meaning the counter measure interval is equal to the lifetime of tcpdump. Can this be improved so a counter runs all the time similar to a nft/iptables chain package counter?
I found this perl script/programming example, but im not a programmer. https://stackoverflow.com/questions/14614803/how-to-capture-count-of-particular-packets-with-tcpdump
I tried using a virtual bridge with physical eth0 connected, and ebtables chain to pull stats from a ebtables chain. But i could not get that to work, i think ebtables does not have a packet counter similar to iptables. Have not tried nft tables with the ebtable module but i think its the same.
Maybe need to start python learning and use libcap module in a phyton script/app.
You could install the coreutils-timeout package, periodically run tcpdump for a specific period of time (using cron) and check the number of packets received.
Then you can collect the information for analysis or trigger some actions if the number of packets exceeds a certain threshold.
Thx, yes i think tcpdump for capture is the easiest solution. I just wish nft tables could do it easier. I forgot to mention its about 40k to 60k p/s.
I have an idea mockup using tcpdump to create rolling pcap files and use capinfo application to extract the p/s value. capinfo makes that easy, then push it into a rrdtools file, and trigger action as suggested is ofc easy to do.
