Passive Collection of Accounting DataLinux Network Administrators GuidePrevChapter 10. IP AccountingNextPassive Collection of Accounting Data One last trick you might like to consider: if your Linux machine is connected to an Ethernet, you can apply accounting rules to all of the data from the segment, not only that which it is transmitted by or destined for it. Your machine will passively listen to all of the data on the segment and count it.You should first turn IP forwarding off on your Linux machine so that it doesn't try to route the datagrams it receives.[1] In the 2.0.36 and 2.2 kernels, this is a matter of: # echo 0 >/proc/sys/net/ipv4/ip_forward You should then enable promiscuous mode on your Ethernet interface using the ifconfig command. Now you can establish accounting rules that allow you to collect information about the datagrams flowing across your Ethernet without involving your Linux in the route at all.Notes[1]This isn't a good thing to do if your Linux machine serves as a router. If you disable IP forwarding, it will cease to route! Do this only on a machine with a single physical network interface.PrevHomeNextFlushing the RulesetUpIP Masquerade and Network Address Translation