Traffic Accounting - How to do?

[Schwarz Hans-Juergen <info () hjs de>]

Hello List,
I'm new to tcpdump, so don't beat me if my question is to stupid, but I 
don't know how to succed. I like to count the Traffic from all my used 
IP numbers of my customers. The results that I need are the IP, the 
used port number and of course the traffic being produced. I'm running 
tcpdump on my Firewall like this:

tcpdump -t -f -q -n -i eth0 -v tcp

and this is the output of it:

2:51:37.154713 192.168.0.3.39502 > 192.168.0.41.6000: tcp 4 (DF) (ttl 
64, id 
4464, len 56)
12:51:37.154868 192.168.0.41.6000 > 192.168.0.3.39502: tcp 32 (DF) (ttl 
64, id 
48505, len 84)
12:51:37.155375 192.168.0.3.39503 > 192.168.0.25.3389: tcp 61 (DF) (ttl 
64, id 
15357, len 113)
12:51:37.157318 192.168.0.40.6000 > 192.168.0.3.39985: tcp 672 (DF) (ttl 
64, 
id 43358, len 724)
12:51:37.157354 192.168.0.3.39985 > 192.168.0.40.6000: tcp 1448 (DF) 
(ttl 64, 
id 43129, len 1500)

IP and ports are clear so far, but what is the produced traffic of each 
paket? I assume it is the value after "len" is it? I'm not shure of it 
because when I transfer a file with 3,5 MB over ftp and count the "len" 
Output from tcpdump divide to 8/1024/1024 I got about 7,5 MB of 
traffic. So my questions is how to get the correct traffic count out of 
tcpdump.
Any help is really appreciated

Hans-Juergen


-
This is the TCPDUMP workers list. It is archived at
http://www.tcpdump.org/lists/workers/index.html
To unsubscribe use mailto:tcpdump-workers-request () tcpdump org?body=unsubscribe