Chapter 10. IP Accounting

Table of Contents
10.1. Configuring the Kernel for IP Accounting
10.2. Configuring IP Accounting
10.2.1. Accounting by Address
10.2.2. Accounting by Service Port
10.2.3. Accounting of ICMP Datagrams
10.2.4. Accounting by Protocol
10.3. Using IP Accounting Results
10.3.1. Listing Accounting Data with ipfwadm
10.3.2. Listing Accounting Data with ipchains
10.3.3. Listing Accounting Data with iptables
10.4. Resetting the Counters
10.5. Flushing the Ruleset
10.6. Passive Collection of Accounting Data

In today’s world of commercial Internet service, it is becoming increasingly important to know how much data you are transmitting and receiving on your network connections. If you are an Internet Service Provider and you charge your customers by volume, this will be essential to your business. If you are a customer of an Internet Service Provider that charges by data volume, you will find it useful to collect your own data to ensure the accuracy of your Internet charges.

There are other uses for network accounting that have nothing to do with dollars and bills. If you manage a server that offers a number of different types of network services, it might be useful to you to know exactly how much data is being generated by each one. This sort of information could assist you in making decisions, such as what hardware to buy or how many servers to run.

The Linux kernel provides a facility that allows you to collect all sorts of useful information about the network traffic it sees. This facility is called IP accounting.