I tend to do this with accounting rules in iptables. I create a custom auditing rule
iptables -N GKT-AUDIT
I then send all traffic coming through, in this case, the OUTPUT
chain, through that rule before anything else
iptables -I OUTPUT 1 -j GKT-AUDIT
I then introduce rules with no targets into the GKT-AUDIT
chain
iptables -A GKT-AUDIT -s 5.5.5.1 -d 7.7.7.2
iptables -A GKT-AUDIT -s 5.5.5.3 -d 7.7.7.4
and so on. Since those rules have no targets, matching packets don't terminate but continue through the GKT-AUDIT
chain, then fall out the end and return to the OUTPUT
chain, so the rules have no effect on data flow. But the packets do increment the packet counts of the matching rules on their way through, so I can slice and dice my traffic any way I want from a statistical basis. I then usually collect them with a munin plugin, and have munin graph them, but that's a refinement that may or may not suit you.
The nice thing about using iptables is that it can slice the traffic so many different ways, so I can be very precise about what traffic any particular rule matches: if I want to count only packets from a certain address, to a certain other address, but only on a certain source port range, and then only if it's part of a connection that has transferred in excess of 10MB, I can do that.