Hi,
right now I’m capturing all traffic from the green0 interface using pmacct and this filter option:
aggregate_filter[green]: ( ( src host 192.168.0.1 and dst net 192.168.0.0/16 ) or ( not src net 192.168.0.0/16 and dst net 192.168.0.0/16 ) ) and not ether multicast and not ip broadcast and ip
The purpose of this (pcap-like) filter is to capture all traffic sent from source address 192.168.0.1 (this is IPFire itself) to the green network (192.168.0.0/16).
Additionally capture filter: all traffic which is not from the green interface but addressed to it.
OTH, the capture filter should drop any multicast and broadcast messages. The ip keyword is intended to filter IPv4 traffic only. I don’t want any IPv6 addresses in my statistics. I’m not using IPv6 at all and it’s disabled on various hosts.
The values I get are pretty much OK, however, they differ from those IPFire itself tells me in menu Net-Traffic.
E.g. right now the sum of all traffic collected by the filter above, at the time of writing is, 350.15 GB (this month so far) while IPFire says tx: 358.90 GB and some rx: 16.66 GB (sum ~ 375.56 GB).
No matter which value you look at, IPFire is counting more than my pmacct statistics does.
So, do you think my filter rule is wrong or is there some traffic happening on green I did not look at so far?
Michael