Ad Widget

**asd01248967** · 25-07-2016, 07:59

Please...Help

Hello...

Can someone tell me any answer or hint?

or gave a URL ,than i could study myself

**LenR** · 25-07-2016, 16:57

What do you mean by port? Like traffic for port 80 or 443?

**asd01248967** · 26-07-2016, 04:59

thanks you reply

Originally posted by LenR

What do you mean by port? Like traffic for port 80 or 443?

yes!
that's is my target
have any idea can share with me?
apologized for poor english
thank you!

**LenR** · 26-07-2016, 14:47

Ok, how would you get this statistic from the command line? I briefly researched this, but I don't know if this is a good answer, this poster did it with iptables:
http://unix.stackexchange.com/questi...r-network-port

Once you can get the traffic counted, then you need a way to extract it. I think some form of iptables -L -vn | grep | cut could get you a single line with the desired port's byte or packet count.

Now you feed that to Zabbix via a user parameter or zabbix_sender, if your value is total, set the zabbix item to store delta/sec

This is a standard thought process of extending monitoring to items not built into zabbix and/or the OS.

**LenR** · 26-07-2016, 18:25

Be aware that placement and other iptables rules can effect rules that are just for accounting. It's been awhile since I went this deep into iptables, but I think you would want those accounting rules after any rules that would drop traffic to these ports but before any rule allowing "established,related" traffic.

For example, count of dropped packets & bytes from a blocked address range to port 10051

iptables -L -vnx | grep 10051 | grep DROP | grep 10.133.9
142385 8543100 DROP tcp -- * * 10.133.9.0/24 0.0.0.0/0 tcp dpt:10051

**asd01248967** · 27-07-2016, 08:00

Originally posted by LenR

Ok, how would you get this statistic from the command line? I briefly researched this, but I don't know if this is a good answer, this poster did it with iptables:
http://unix.stackexchange.com/questi...r-network-port

Once you can get the traffic counted, then you need a way to extract it. I think some form of iptables -L -vn | grep | cut could get you a single line with the desired port's byte or packet count.

Now you feed that to Zabbix via a user parameter or zabbix_sender, if your value is total, set the zabbix item to store delta/sec

This is a standard thought process of extending monitoring to items not built into zabbix and/or the OS.

I understand what you mean and method
but...needed feasibility method is for Windows Server 2008 R2 or Windows Server 2012 R2
I research on Internet and then wasn't find can to do monitoring Windows specific port traffic(in & out)

Please forgive me for express not clear-cut

thanks

**troffasky** · 27-07-2016, 14:30

If such statistics are collected by the OS [and I'm not optimistic that they are] they may be available with WMI?

If the OS doesn't collect them, the application may do.

You may be able to try the iptables-style approach on Windows - create allow rules for the traffic you're interested in [if you don't have them already] and see if you can get stats from Windows firewall.

Finally, tshark has statistics options - you could run tshark in a loop, dumping statistics once a minute [and discarding the capture].

**asd01248967** · 01-08-2016, 09:10

Originally posted by troffasky

If such statistics are collected by the OS [and I'm not optimistic that they are] they may be available with WMI?

If the OS doesn't collect them, the application may do.

You may be able to try the iptables-style approach on Windows - create allow rules for the traffic you're interested in [if you don't have them already] and see if you can get stats from Windows firewall.

Finally, tshark has statistics options - you could run tshark in a loop, dumping statistics once a minute [and discarding the capture].

WOW~!!
Thanks you very much your advice
I will learn how to using tshark function

Ad Widget

monitoring specific port traffic

monitoring specific port traffic

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment