From 70e61c9c7f1889fd7cc835d042bb8738b79c7288 Mon Sep 17 00:00:00 2001 From: Vadim Kochan Date: Sat, 1 Aug 2015 17:51:36 +0300 Subject: man: flowtop: Add notes about enabling traffic accounting Add some explanation about traffic counters enabling via sysctl and its limitation. Signed-off-by: Vadim Kochan [tklauser: Reword some sentences] Signed-off-by: Tobias Klauser --- flowtop.8 | 20 ++++++++++++++++++-- 1 file changed, 18 insertions(+), 2 deletions(-) diff --git a/flowtop.8 b/flowtop.8 index c850f12..2debc50 100644 --- a/flowtop.8 +++ b/flowtop.8 @@ -35,6 +35,7 @@ The following information will be presented in flowtop's output: * Used protocols (IPv4, IPv6, TCP, UDP, SCTP, ICMP, ...) * Flow port's service name heuristic * Transport protocol state machine information + * Byte/packet counters (if they are enabled) .PP In order for flowtop to work, netfilter must be active and running on your machine, thus kernel-side connection tracking is active. If netfilter @@ -45,7 +46,19 @@ iptables -A INPUT -p tcp -m state --state ESTABLISHED -j ACCEPT .sp iptables -A OUTPUT -p tcp -m state --state NEW,ESTABLISHED -j ACCEPT .in -4 - +.PP +To dump byte/packet counters flowtop enables the sysctl(8) parameter +\[lq]net.netfilter.nf_conntrack_acct\[rq] via: +.in +4 +.sp +echo 1 > /proc/sys/net/netfilter/nf_conntrack_acct +.sp +.in -4 +and resets it to the previously set value on exit. These counters will only be +active on connections which were created after accounting was enabled. Thus, to +have these counters be active all the time the parameter should be enabled after +the system is up. To automatically enable it, sysctl.conf(8) or sysctl.d(8) +might be used. .PP flowtop's intention is just to get a quick look over your active connections. If you want logging support, have a look at netfilter's conntrack(8) tools @@ -134,7 +147,10 @@ Borkmann . .BR bpfc (8), .BR astraceroute (8), .BR curvetun (8), -.BR iptables (8) +.BR iptables (8), +.BR sysctl (8), +.BR sysctl.conf (8), +.BR sysctl.d (8) .PP .SH AUTHOR Manpage was written by Daniel Borkmann. -- cgit v1.2.3-54-g00ecf