IPTraf User’s Manual. Copyright © , by Gerard Paul Java. Version 0 Preparing to Use IPTraf · Number Display Notations · Instances and Logging . iptraf is an ncurses-based IP LAN monitor that generates various network Frederic Peters ([email protected]), using iptraf –help General manual page. IPTraf User’s Manual IPTraf has a few optional command-line parameters. As with most UNIX commands, IPTraf command-line parameters are case-sensitive .
|Published (Last):||13 May 2009|
|PDF File Size:||16.59 Mb|
|ePub File Size:||11.49 Mb|
|Price:||Free* [*Free Regsitration Required]|
By default, only IP addresses are displayed, but if you have access to a name server or host table, you may enable reverse lookup for the IP addresses. See the section on Background Operation below.
For easier location, each type of protocol is color-coded text console only. This is an acknowledgment of a previously received packet P PSH. The destination is the host: Therefore, ppp0 is mnaual first PPP interface, ppp1 is the second, and so on. If the Logging option is turned on see Configuration section belowIPTraf will prompt you for a log file name while presenting a default.
Just because a host entry appears at the upper end of a connection iptgaf doesn’t mean it was the initiator of the connection.
Проект OpenNet: MAN iptraf () (FreeBSD и Linux)
When both directions of a connection are marked CLOSED, the entries they occupy become available for new connection entries. Because this monitoring system relies iptrxf on packet information, it does not determine which endpoint initiated the connection.
In other words, it does not determine which endpoint is the client, and which is the server.
The sort operation compares the larger values in each connection entry pair and sorts the counts in descending order. This is necessary because it can operate in promiscuous mode, and as such jptraf determine the socket statuses for other machines on the LAN.
IPTraf User’s Manual
Sorting is not done automatically so as not to degrade performance. The new kernels no longer do it as before and IPTraf now gives output properly on masquerading machines.
However, screen updates are one of the slowest operations the program performs. Every machine has one, and has an IP address of The direction entries for reset connections become available for new connections. If the Source MAC addrs in traffic monitor option is not enabled, pressing M iptarf toggles between the counts and the packet and window sizes.
A synchronization is taking place in preparation for connection establishment.
Pressing any other key will cancel the sort. DONE The connection is done sending data in this direction, and has sent a FIN finished packet, but has not yet been acknowledged by the other host.
In much the same way, packets coming in from the external network will look like they’re destined for the external network’s IP address, and again as destined for the final destination on the internal network.
IPTraf User’s Manual
This figure can be changed at the Configure menu. The M key displays more TCP information. In other words, the figures indicated do not reflect the counts since the start of the TCP connection, but rather, since the start of the traffic monitor.
You may accept this default or change it. Note The TCP timeout Just press W to move the Active indicator to the window you want to control. While reverse lookup is being conducted in the background, IP addresses will be used until the resolution is complete.
This is regardless of whether the connection is closed or not. In addition to that, it also determines the encapsulated protocol within the IP packet, and displays some important information about that as well. That being the case, the system displays two entries for each connection, one for each direction of the TCP connection. The default log file names will also be used if the -B parameter is used to run IPTraf in the background.
IPTraf 2 shows only the source host: Information about TCP packets are displayed here.
iptraf(8) – Linux man page
You can override the defaults with the -L parameter. However, if these get too many, active connections may become interspersed among closed, reset, or idle entries.
The following protocols are detected: This is because the standard lookup functions do not return until they have completed their tasks, and it can take several seconds for a name resolution in the foreground to complete. Most machines only have one.
For all packets in the lower window, only the first IP fragment is indicated since that contains the header of the IP-encapsulated protocol but with no further information from the encapsulated protocol. The Traffic Monitor is a real-time monitoring system that intercepts all packets on all detected network interfaces. There are two windows in the Traffic Monitor. See also the documentation on each statistical facility for the default log file names.