reset netstat statistics

Max Laier max at love2party.net
Sat Oct 14 22:22:15 PDT 2006 

On Saturday 14 October 2006 09:14, Dan b wrote:
> I searched the archives for this and was unable to
> find anything relevant.  I have a machine that is
> being used as a NAT Router with IPFW and IPNAT running
> 5.3-RELEASE.  I'm only using IPFW to keep track of
> traffic, no actual packet filtering is going on.

I recommend that you use pf for that.  A simple pfctl -e with no ruleset 
will get you 64bit packet and byte counters for all interfaces using 
pfctl -vvsI or for a specific interface with:

> 7:14 [~]amd64# pfctl -vvsI -i fxp0
> fxp0    (instance, attached)
>  Cleared:     Fri Sep 29 23:24:37 2006
>  References:  [ States:  0                  Rules: 15                 ]
>  In4/Pass:    [ Packets: 46986037           Bytes: 28315507365        ]
>  In4/Block:   [ Packets: 0                  Bytes: 0                  ]
>  Out4/Pass:   [ Packets: 43460700           Bytes: 40071770000        ]
>  Out4/Block:  [ Packets: 0                  Bytes: 0                  ]
>  In6/Pass:    [ Packets: 9982               Bytes: 3320321            ]
>  In6/Block:   [ Packets: 0                  Bytes: 0                  ]
>  Out6/Pass:   [ Packets: 5259               Bytes: 418780             ]
>  Out6/Block:  [ Packets: 3                  Bytes: 192                ]

> The problem is that the statistics reported by netstat
> seem to reset themselves intermittently.  Last night I
> ran netstat -ib and got an Ibytes stat of around 2.1GB
> on my sis0 adapter.  Today I ran netstat -ib and got
> an Ibytes stat of around 600MB on my sis0 adapter.
> The system has around 29 days of uptime, and I have
> run ipfw zero a few times, but have not run netstat -z
> at all.  Let me know if you have any ideas about this.

This is because the numbers reported by netstat are based on (signed) 
32bit counters.  Either you sample these numbers at a high enough rate or 
you use other 64bit counters (see above).

-- 
/"\  Best regards,                      | mlaier at freebsd.org
\ /  Max Laier                          | ICQ #67774661
 X   http://pf4freebsd.love2party.net/  | mlaier at EFnet
/ \  ASCII Ribbon Campaign              | Against HTML Mail and News
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 187 bytes
Desc: not available
Url : http://lists.freebsd.org/pipermail/freebsd-net/attachments/20061015/770bd984/attachment.pgp

More information about the freebsd-net mailing list