src and dest appear to be reversed?

[Robert Leyba]

Hi, We wanted to start monitoring the traffic volume pasing through our web 
proxy (squid) server (at 10.2.32.24). We are monitoring a port on the switch 
that links our internal network to the internet (via a firewall).  When I tried 
the commands below, I was expecting the proxy server to be sending out only a 
small % of the traffic to external web sites and should be receiving gigabytes 
of traffic from external site to itself.  But from printout below, it "appears" 
that squid is sending out a lot of traffic and receiving only little, which is 
the exact opposite of what we are expecting. Any clarifications would be most 
appreciated.


1st line below: Total bytes with squid as the dest: 1,038,023
2nd line below: Total bytes with squid as source: 2,638,478,509
3rd line below: Just a check if src + dest = total, and yest it checks out.



root at localhost home]# racount -r outfileint.out-as-of-14-feb - dst host 
10.2.32.24
racount   records     total_pkts     src_pkts       dst_pkts       
total_bytes        src_bytes          dst_bytes
    sum   1125        4017           2622           1395           
1038023            925840             112183            
[root at localhost home]# racount -r outfileint.out-as-of-14-feb - src host 
10.2.32.24
racount   records     total_pkts     src_pkts       dst_pkts       
total_bytes        src_bytes          dst_bytes
    sum   197461      5371435        2522843        2848592        
2638478509         471342533          2167135976        
   
[root at localhost home]# racount -r outfileint.out-as-of-14-feb - host 10.2.32.24
racount   records     total_pkts     src_pkts       dst_pkts       
total_bytes        src_bytes          dst_bytes
    sum   198585      5375452        2525465        2849987        
2639516532         472268373          2167248159