IPTraf User’s Manual. Copyright © , by Gerard Paul Java. Version 0 Preparing to Use IPTraf · Number Display Notations · Instances and Logging . iptraf is an ncurses-based IP LAN monitor that generates various network Frederic Peters ([email protected]), using iptraf –help General manual page. IPTraf User’s Manual IPTraf has a few optional command-line parameters. As with most UNIX commands, IPTraf command-line parameters are case-sensitive .

Author: Gahn Akitaur
Country: Iceland
Language: English (Spanish)
Genre: Software
Published (Last): 6 March 2007
Pages: 108
PDF File Size: 2.11 Mb
ePub File Size: 5.80 Mb
ISBN: 560-1-93342-959-9
Downloads: 12211
Price: Free* [*Free Regsitration Required]
Uploader: Mushakar

Entries not updated within a user-configurable amount of time may get replaced with new connections. The destination is the host: The sort operation compares the larger values in each connection entry pair and sorts the counts in descending order.

See the Logging section below for detailed information on logging.

Проект OpenNet: MAN iptraf () (FreeBSD и Linux)

By default, only IP addresses are displayed, but if you have access to a name server or host table, you may enable reverse lookup for the IP addresses.

The monitor decodes the IP information on all IP packets and displays the appropriate information about it, most notably iptrav source and destination addresses. The rvnamed Process The IP Traffic Monitor starts a daemon called rvnamed to help speed up reverse lookups without sacrificing too ipteaf keyboard control and accuracy of the counts.

Over time, the entries will go out of order as counts proceed at varying rates. To make it easier to determine the direction pairs mxnual each connection, a bracket is used to “join” both together. However, screen updates are one of the slowest operations the program performs. DONE The connection is done sending data in this direction, and has sent a FIN finished packet, but has not yet been acknowledged by the other host. Data link header e.


Packets coming from the internal network will be indicated as coming from the internal IP address that sourced them, and also as coming from the IP manuall of the external interface on your masquerading machine.

In other words, it does not determine which endpoint is the client, and which is the server. Just press W to move the Active indicator to the window you want to iptrxf. UDP packets are iptrqf displayed in address: For all packets in the lower window, only the first IP fragment is indicated since that contains the header of the IP-encapsulated protocol but with no further information from the encapsulated protocol.

In addition to that, it also determines the encapsulated protocol within the IP packet, and displays some important information about that mankal well.

To minimize these entries, an entry is not added by the monitor until a packet with data or a SYN packet is received. Flag statuses The flags of the most recently received packet. If the Source MAC addrs in traffic monitor option is not enabled, pressing M simply toggles between the counts and the packet and window sizes. Packet Size The size of the most recently received packet.

On masquerading machines, packets and connections from the internal network to the external network also appear twice, one for the internal and external interface. Direction entries also become available for reuse if an ICMP Destination Unreachable message is received for the connection.

Just because a host entry appears at the upper end of a connection bracket doesn’t mean it was the initiator of manuwl connection.

See the Screen update interval If the Logging option is turned on see Configuration section belowIPTraf will prompt you for a log file name while presenting a default. Because this monitoring system relies solely on packet information, it does not determine which endpoint initiated the connection. Press P to sort by packet count, B to sort by byte count. If for some reason rvnamed cannot start probably due to improper installation or lack of memoryand you are on the Internet, and you enable reverse lookup, your keyboard control can become very slow.


IPTraf User’s Manual

The manula entries for reset connections become available for new connections. Information about TCP packets are displayed here. In much the same way, packets coming in from the external network will look like they’re destined for the external network’s IP address, and again as destined for the final destination on the internal network.

The following protocols are detected: This is an acknowledgment of a previously received packet P PSH. This is regardless of whether the connection is closed or not.

IPTraf User’s Manual

The non-IP count includes the data-link headers. This is necessary because it can operate in promiscuous mode, and as such cannot determine the socket statuses for other machines on the LAN. See the section on Background Operation below. On forwarding non-masquerading iptfaf packets and TCP connections simply appear twice, one each for the incoming and outgoing interfaces.

The -q parameter is no longer required to suppress the warning screen. Every machine ,anual one, and has an IP address of Because of this relaxation, each instance now generates log files with unique names for instances, depending on either their instance or the interface they’re listening on.

See also the documentation on each statistical facility for the default log file names. This does not determine how long it remains onscreen.