# how to log network traffic?

## avx

For private needs, thus not to spy on anybody, I need some tool to log my network traffic.

It shouldn't log every packet, as ie wireshark does, but rather connection only. Thus, if possible, it should produce some output like this

```
DATE TIME PROTOCOL REQUESTING-IP TARGET-IP {TARGET-NAME} PID APPNAME
```

, so for example

```
2010-12-12 http 127.0.0.1 22.33.44.55 someserver.com 4340 firefox
```

For protocols, it should ideally be able to identify the most common things, thus: http(s), smtp, ftp, ssh/sftp, nntp, torrent, xmpp, oscar, ... the more the better.

Output should be done in some plaintext format I can easily `grep`, some additional webui would be nice but isn't really needed. Tips? Thanks.

----------

## erik258

You might consider doing this on the firewall level - iptables does logging a few different ways, the simple but easy  LOG target, and the more complicated but fuller featured ULOG userspace logging target.

While the firewall won't know program names (unless you use something like netstat and associate data) it _can_ work with more than one computer.  You could add logging for packets with certain states (like NEW) that might interest you.

Of course there's heavier weight solutions as well, but the iptables solution provides the benefit of working at the kernel packet level.

----------

## avx

Reading good, only has the somewhat major downside, that I've got practically no experience with iptables. For now, it only has to cope with my desktop-pc, thus ideally it should be quite easy to setup. I'd be glad if you could show me some nice example or link me to one of your so called 'heavier solutions', thanks.

Edit, if it's needed/helpfull, my desktop currently goes online through my hardware-router (fritz!box), so I haven't setup any big and networking related stuff at all on the desk.

----------

## lyallp

Not exactly what you are looking for but maybe try net-analyzer/ntop.

Gives all sorts of interesting statistics.

----------

