So I want to monitor a network interface and produce a report over a period of time that lists the local port, the remote ip and the bytes transferred, in the simplest way possible.
This works in theory...
$ jnettop -i ens5 -n --display text -t 20 --remote-aggr port \ --format '$src$:$srcport$ $dst$:$dstport$ $totalbytes$' 172.30.1.180:443 xxx.xxx.xxx.xxx:AGGR. 77491 172.30.1.180:123 xxx.xxx.xxx.xxx:AGGR. 180 172.30.1.180:443 xxx.xxx.xxx.xxx:AGGR. 6833 172.30.1.180:57096 xxx.xxx.xxx.xxx:AGGR. 6761 172.30.1.180:3306 xxx.xxx.xxx.xxx:AGGR. 948 172.30.1.180:51164 xxx.xxx.xxx.xxx:AGGR. 182 (xxx.xxx.xxx.xxx redacted)
But seems to not produce results reliably especially for time periods longer than a few seconds, either producing nothing or demonstrably not producing everything (traffic intentionally generated not recorded).
Can anybody suggest a better way to do this?
No comments:
Post a Comment