# telnet 192.168.0.231 143
Chain OUTPUT (policy ACCEPT 25911 packets, 2907K bytes)
 pkts bytes target     prot opt in     out     source               destination         
25911 2907K tcout      all  --  *      *       0.0.0.0/0            0.0.0.0/0           

Chain tcout (1 references)
 pkts bytes target     prot opt in     out     source               destination         
   49 67341 MARK       tcp  --  *      *       172.20.8.3           192.168.0.231        tcp dpt:22 /* mark ssh packet */ MARK xset 0x2f00/0xff00
   49 67341 CONNMARK   tcp  --  *      *       172.20.8.3           192.168.0.231        tcp dpt:22 /* mark ssh connection */ CONNMARK xset 0x2f00/0xff00
   49 67341 MARK       tcp  --  *      *       172.20.8.3           192.168.0.231        tcp dpt:22 mark match 0x2f00/0xff00 /* count ssh packet with mark */ MARK or 0x400000
   49 67341 MARK       tcp  --  *      *       172.20.8.3           192.168.0.231        tcp dpt:22 connmark match  0x2f00/0xff00 /* count ssh packet with conn mark */ MARK or 0x400000
    4   448 MARK       esp  --  *      *       0.0.0.0/0            0.0.0.0/0            /* count any esp outflow */ MARK or 0x400000
    4   448 MARK       esp  --  *      *       0.0.0.0/0            pub.lic.ip.A         /* count esp outflow to partner */ MARK or 0x400000