0

I am trying to see how to see the amount of traffic for each IP in Python in mbs so I can remove the IP address route in Linux and save my network from an attack when it occurs. but only ban the IP which is sending over 550 mbs. And also whitelist my main server's IP. I have public /29 ipv4 (8 ips) on my server, so im not talking about internal ips.

Sheep
  • 3
  • 2
  • Usually, there are two IPs involved in any communication, which of them do you target? It's generally unclear what the context of your question is. My first guess was that you want to use a network sniffer or something like that, but that doesn't look like a proper fit either. – Ulrich Eckhardt Jan 26 '22 at 18:26
  • @UlrichEckhardt I have public /29 ipv4 (8 ips) on my server, so im not talking about internal ips. I just want a way to see in real-time how much traffic is coming through an interface on a specific IP, but only ban the IP which is sending over 550 mbs. – Sheep Jan 26 '22 at 18:28
  • Please [edit] your question to improve it on details, that's better than comments. Anyhow, my question wasn't aimed at the loopback interface but rather that you always have a local and a remote address for e.g. TCP. Do you want to limit local IPs in traffic or remote ones? – Ulrich Eckhardt Jan 26 '22 at 18:32
  • I want to remove the route of my ips dedicated to my servers, the remote one. that way the person sending the attack cant connect to my server anymore and weakened other people's servers, and limit their bandwidth. – Sheep Jan 26 '22 at 18:38

1 Answers1

0

There are something better done in a particular language then other. In this case you are trying to see the network traffic on each of your interface which can be done better using the linux 'sysstat' package and sar tool.

$ sudo dnf install sysstat
$ sudo systemctl start sysstat.service 
$ sudo systemctl enable sysstat.service

Once the respective package is installed you can monitor the network activity using the sar tool as shown below.

$ sar -n DEV 5 10
Linux 5.15.13-200.fc35.x86_64 (fedser35)    27/01/22    _x86_64_    (8 CPU)

12:03:03 AM IST     IFACE   rxpck/s   txpck/s    rxkB/s    txkB/s   rxcmp/s   txcmp/s  rxmcst/s   %ifutil
12:03:08 AM IST        lo      0.00      0.00      0.00      0.00      0.00      0.00      0.00      0.00
12:03:08 AM IST    enp1s0      0.80      0.40      0.07      0.05      0.00      0.00      0.00      0.00

My answer may not be relevant for python. But this is the best way you can get the information. Python can be used but these tools are native to the linux system and provide more robust information.

sb9
  • 370
  • 3
  • 17
  • yes, this works on my ubuntu 20.04 server. but I want to see it per IP, so I should not just see the interfaces but see the amount of traffic coming in on each of my 8 ipv4s. – Sheep Jan 26 '22 at 18:51