IPTraf User’s Manual. Copyright © , by Gerard Paul Java. Version 0 Preparing to Use IPTraf · Number Display Notations · Instances and Logging . iptraf is an ncurses-based IP LAN monitor that generates various network Frederic Peters ([email protected]), using iptraf –help General manual page. IPTraf User’s Manual IPTraf has a few optional command-line parameters. As with most UNIX commands, IPTraf command-line parameters are case-sensitive .
|Published (Last):||19 December 2008|
|PDF File Size:||20.15 Mb|
|ePub File Size:||12.88 Mb|
|Price:||Free* [*Free Regsitration Required]|
IPTraf User’s Manual
This indicates the source machine and TCP port on jptraf machine from which this data is coming. If for some reason rvnamed cannot start probably due to improper installation or lack of memoryand you are on the Internet, and you enable reverse lookup, your keyboard control can become very slow. Packet Size The size of the most recently received packet.
Entries not updated within a user-configurable amount of time may get replaced with new connections. The -q parameter is no longer required to suppress the warning screen. Instances and Logging Starting with version 2.
Just enable reverse lookup in the Configure menu. Pressing any other key will cancel the sort.
IPTraf User’s Manual
Supported Network Interfaces IPTraf currently supports the following network interface types and names. However, if these get too many, active connections may become interspersed among closed, reset, or idle entries. This is necessary because it can operate in promiscuous mode, and as such cannot determine the socket statuses for other machines on the LAN.
This applies to all iptraaf except the General Interface Statistics, which is still restricted to only one instance at a time. Flag statuses The flags of the most recently received packet. If an A is also present S-A-this is an acknowledgment of a previous connection request, and is responding.
Most machines only have one. If only an Iptrqf is present S the source is trying to initiate a connection. See the Screen update interval This item is visible if you press M for more TCP information. In other words, the figures indicated do not reflect the counts since the start of the TCP connection, but rather, since the start of the traffic monitor.
The Traffic Monitor is a real-time monitoring system that intercepts all iptrat on all detected network interfaces. Therefore, eth0 refers to the first Ethernet interface, eth1 to the second, and so on. Therefore, ppp0 is the first PPP interface, ppp1 is the second, and so on.
IPTraf – Linux Information & Scripting
This is because the standard lookup functions do not return until they have completed their tasks, and it can take several seconds for a name resolution in the foreground to complete.
Because of this relaxation, each instance now generates log files with unique names for instances, depending on either their instance or the interface they’re listening on. Window Size The advertised window size of the most recently received packet. This means the connection was already established when the monitor started.
In much the same way, iptrav coming in from the external network will look like they’re destined for the external network’s IP address, and again majual destined for the final destination on the internal network. In addition to that, it also determines the encapsulated protocol within the IP packet, and displays some important information about that as well.
There are two windows in the Traffic Monitor. Press P to sort by packet count, B to sort by byte count.
Apply appropriate measures, or the targeted machine may begin denying network services.
Source iptraff and port The source address and port indicator is in address: These entries will eventually time out. On forwarding non-masquerading machines packets and TCP connections simply appear twice, one each for the incoming and outgoing interfaces.
The new kernels no longer do it as before and IPTraf now gives output properly on masquerading machines. These are point-to-point IP connections using the PC parallel port.
This is regardless of whether the connection is closed or not. UDP packets are also displayed in address: The default time is 15 minutes. Every machine has one, and has an IP address of This is the size of the IP datagram only, not including the data link header. You can also press the F key to arbitrarily clear it at any time. You can override the defaults with the -L parameter. The rvnamed Process The IP Traffic Monitor starts a daemon called rvnamed to help speed up reverse lookups without sacrificing too much keyboard control and accuracy of the counts.
Pressing S will display a box showing the available sort criteria. In other words, it does not determine which endpoint is the client, and which is the server. If the Source MAC addrs in traffic monitor option is not enabled, pressing M simply toggles between the counts and the packet and window sizes.