IPTraf User’s Manual. Copyright © , by Gerard Paul Java. Version 0 Preparing to Use IPTraf · Number Display Notations · Instances and Logging . iptraf is an ncurses-based IP LAN monitor that generates various network Frederic Peters ([email protected]), using iptraf –help General manual page. IPTraf User’s Manual IPTraf has a few optional command-line parameters. As with most UNIX commands, IPTraf command-line parameters are case-sensitive .

Author: Goltilkis Kalar
Country: Dominica
Language: English (Spanish)
Genre: Technology
Published (Last): 20 May 2005
Pages: 112
PDF File Size: 15.63 Mb
ePub File Size: 20.43 Mb
ISBN: 866-5-80886-417-6
Downloads: 89000
Price: Free* [*Free Regsitration Required]
Uploader: Fenrikazahn

This is because the standard lookup functions do not return until they have completed their tasks, and it can iptfaf several seconds for a name resolution in the foreground to complete. Instances and Logging Starting with version 2. Packets coming from the internal network will be indicated as coming from the internal IP address that sourced them, and also as coming from the IP address of the external interface on your masquerading machine.

Most machines only have one. Therefore, eth0 refers to the first Ethernet interface, eth1 to the second, and so on. The sort operation compares the larger values in each connection entry pair and sorts the counts in descending order. The destination is the host: The non-IP count includes the data-link headers. Pressing any other key will cancel the sort. Direction entries also become available for reuse if an ICMP Destination Unreachable message is received for the connection.

These entries will eventually time out. There are two windows in the Traffic Monitor. Data link header e. To minimize these entries, an entry is not added by the monitor until a packet with data or a SYN packet is received. Just enable reverse lookup in the Configure menu.

That being the case, the system displays two entries for each connection, one for each direction of the TCP connection. This is necessary because it can operate in promiscuous mode, and as such cannot determine the socket statuses for other machines on the LAN.


The window contains these pieces of information: This does not determine how long it remains onscreen. In addition to that, it also determines the encapsulated protocol within the IP packet, and displays some important information about that as well.

Both of them can be scrolled with the Up and Down cursor keys. This applies to all facilities except the General Interface Statistics, which is still restricted to only one instance at a time.

iptraf(8) – Linux man page

The default time is 15 minutes. Just press W to move the Active indicator to the window you want to control. IPTraf iiptraf shows only the source host: See also the documentation on each statistical facility for the default log file names.

You can override the defaults with the -L parameter. While reverse lookup is being conducted in the background, IP addresses will be used until the resolution is complete. This bracket appears at the leftmost part of each entry. The rvnamed Process The Iptrxf Traffic Monitor starts a daemon called rvnamed to help speed up reverse lookups without sacrificing too much keyboard control and accuracy of the counts.

Every machine has one, and has an IP address of If the Logging option is turned on see Configuration section belowIPTraf will prompt you for a log file name while presenting a default. A request to push all data to the top of the receiving queue U URG.

Each entry in the window contains these fields: Information about TCP packets are displayed here. The M key displays more TCP information.

Apply appropriate measures, or the targeted machine may begin denying network services. This indicates the source machine and TCP port on that machine from which this data is coming.


Press P to sort by packet count, B to sort by byte count. See the Logging section below for detailed information on logging.

By default, only IP addresses are displayed, but if you have access to a name server or host table, you may enable reverse lookup for the IP addresses.

If the Source MAC addrs in traffic monitor option is not enabled, pressing M simply toggles between iptrat counts and the packet and window sizes. Therefore, ppp0 is the first PPP interface, ppp1 is the second, iptfaf so on. This figure can be changed at the Configure menu. When both directions of a connection are marked CLOSED, the entries they occupy become available for new connection entries.

These are point-to-point IP connections using the PC parallel port. This is regardless of whether the connection is closed or not. If for some reason rvnamed cannot start probably due to improper installation or lack of memoryand you are on the Internet, and you enable reverse lookup, your keyboard control can become very slow.

On forwarding non-masquerading machines packets and TCP connections simply appear twice, one each for the incoming and outgoing interfaces. This means the connection was already established when the monitor started.

Flag statuses The flags of the most recently received packet.

IPTraf – Linux Information & Scripting

For easier location, each type of protocol is color-coded text console only. You can also press the F key to arbitrarily clear it at ipfraf time. The monitor decodes the IP information on all IP packets and displays the appropriate information about it, most notably the source and destination addresses.