Linux Network Administrators Guide
PrevChapter 10. IP AccountingNext

10.3. Using IP Accounting Results

It is all very well to be collecting this information, but how do we actually get to see it? To view the collected accounting data and the configured accounting rules, we use our firewall configuration commands, asking them to list our rules. The packet and byte counters for each of our rules are listed in the output.

The ipfwadm, ipchains, and iptables commands differ in how accounting data is handled, so we will treat them independently.

10.3.1. Listing Accounting Data with ipfwadm

The most basic means of listing our accounting data with the ipfwadm command is to use it like this: 

# ipfwadm -A -l
IP accounting rules
 pkts bytes dir prot source               destination          ports
 9833 2345K i/o all  172.16.3.0/24      anywhere             n/a
56527   33M i/o all  172.16.4.0/24      anywhere             n/a

This will tell us the number of packets sent in each direction. If we use the extended output format with the -e option (not shown here because the output is too wide for the page), we are also supplied the options and applicable interface names. Most of the fields in the output will be self-explanatory, but the following may not:

dir

The direction in which the rule applies. Expected values here are in, out, or i/o, meaning both ways.

prot

The protocols to which the rule applies.

opt

A coded form of the options we use when invoking ipfwadm.

ifname

The name of the interface to which the rule applies.

ifaddress

The address of the interface to which the rule applies.

By default, ipfwadm displays the packet and byte counts in a shortened form, rounded to the nearest thousand (K) or million (M). We can ask it to display the collected data in exact units by using the expanded option as follows: 

# ipfwadm -A -l -e -x

10.3.2. Listing Accounting Data with ipchains

The ipchains command will not display our accounting data (packet and byte counters) unless we supply it the -v argument. The simplest means of listing our accounting data with the ipchains is to use it like this: 

# ipchains -L -v

Again, just as with ipfwadm, we can display the packet and byte counters in units by using the expanded output mode. The ipchains uses the -x argument for this: 

# ipchains -L -v -x

10.3.3. Listing Accounting Data with iptables

The iptables command behaves very similarly to the ipchains command. Again, we must use the -v when listing tour rules to see the accounting counters. To list our accounting data, we would use:

# iptables -L -v

Just as for the ipchains command, you can use the -x argument to show the output in expanded format with unit figures.

PrevHomeNext
Configuring IP AccountingUpResetting the Counters