One last trick you might like to consider: if your Linux machine is
connected to an Ethernet, you can apply accounting rules to all of the data
from the segment, not only that which it is transmitted by or destined for it.
Your machine will passively listen to all of the data on the segment and
You should first turn IP forwarding off on your Linux machine so
that it doesn't try to route the datagrams it
In the 2.0.36 and 2.2 kernels, this is a matter of:
# echo 0 >/proc/sys/net/ipv4/ip_forward
You should then enable promiscuous mode on your Ethernet interface using the
ifconfig command. Now you can establish accounting
rules that allow you to collect information about the datagrams flowing
across your Ethernet without involving your Linux in the route at all.