XpressLearn Home

1 Star2 Stars3 Stars4 Stars5 Stars (1 votes, average: 5 out of 5)
Loading ... Loading ...
Format this document for printing Print This Post
Configure IP Accounting

There will be times when any network troubleshooter will need to know if an IP address is passing traffic through a router to a specific destination.  Normally on a Unix machine, such as a firewall, the tool most would choose is tcpdump.  IP accounting doesn’t quite provide this much functionality, but it certainly provides a summary of traffic passing through a router.

interface xxxxxxX/X
ip accounting

The router will only record packets that goes through the router.  Any connections initiated from the router or terminates to the router are not counted.  To view the accounting table:

Router#show ip accounting
 192.168.194.20   192.168.39.19                22549             1894116
 192.168.39.19    192.168.194.20               22617             1899828
 192.168.99.34    192.168.194.20                4825              321528
 192.168.194.20   192.168.99.34                20823             1488977
 192.168.32.32    192.168.196.7               117118            15584552
 192.168.196.7    192.168.32.32               696129            41071611
 192.168.50.106   192.168.196.7               232694            30100216
 192.168.196.7    192.168.50.106              234880            13857920
 192.168.194.75   192.168.99.34                14023             1486289
 192.168.99.34    192.168.194.72                3848              238759
 192.168.194.72   192.168.99.34                18431             1709778

The first column is the source IP address, second is the destination, third is the number of packets, and fourth is the total number of bytes.  The source and destination is from the perspective of the interface configured for IP accounting.  The traffic would be recorded as what is leaving that particular interface.

Let’s say ip accounting was configured on the Serial interface of a router.  Look at the accounting output above, the first line indicates 192.168.194.20 as the source and 192.168.39.19 as the destination.  The host configured as 192.168.194.20 would be behind this router and 192.168.39.19 would be the host reachable via the serial interface that IP accounting is configured on.

You also will notice that every two lines contain the same IP addresses, they are just flipped in the source and destination fields.  This represents two way traffic between the hosts.  If you were troubleshooting a problem and only saw the counters incrementing on one line and not the other, that could indicate the traffic is being successfully to the destination, but is never receiving the response.

Author Info:

 
Scott is the Founder, Administrator, Architect, Chief Editor and Shameless Hack who wrote and runs Xpresslearn.
 

Scott has been working in the networking field for 13 years and has experience in all the areas: Lan, Wan, Security, Optimization, High Availability, Wireless, and others.

When he is not working on further development of Xpresslearn, Scott loves spending time with his family and has such hobbies as Camping, Fishing, Cars, and Woodworking.

Related Posts:

2 Responses to “Configure IP Accounting”

  1. Aaron Conaway Says:
    May 15th, 2008 at 5:54 am

    I will put in a word of caution here — depending on the platform, IP accounting can down a router with the quickness. It can use up a lot of CPU, and I’ve seen routers become completely unreachable after only a few seconds of accounting.

  2. rec Says:
    May 30th, 2008 at 3:33 pm

    very good tutorial. thanks a lot!

Leave a Reply