IPTraf User’s Manual. Copyright © , by Gerard Paul Java. Version 0 Preparing to Use IPTraf · Number Display Notations · Instances and Logging . iptraf is an ncurses-based IP LAN monitor that generates various network Frederic Peters ([email protected]), using iptraf –help General manual page. IPTraf User’s Manual IPTraf has a few optional command-line parameters. As with most UNIX commands, IPTraf command-line parameters are case-sensitive .

Author: Fetilar Molabar
Country: Serbia
Language: English (Spanish)
Genre: Politics
Published (Last): 3 February 2018
Pages: 191
PDF File Size: 2.20 Mb
ePub File Size: 1.5 Mb
ISBN: 675-5-93164-994-8
Downloads: 63008
Price: Free* [*Free Regsitration Required]
Uploader: JoJole

You may accept this default or change it. Both of them can be scrolled with the Up and Down cursor keys. The M key displays more TCP information.

DONE The connection is done sending data in manyal direction, and has sent a FIN finished packet, but has not yet been acknowledged by the other host. The new kernels no longer do it as before and IPTraf now gives output properly on masquerading machines. Note The TCP timeout The non-IP count includes the data-link headers. Window Size The advertised window size of the most recently received packet. This item is visible if you press M for more TCP information. In other words, the figures indicated do not reflect iptrzf counts since the start of the TCP connection, but rather, since the start of the traffic manuaal.

That being the case, the system displays two entries for each connection, one for each direction of the TCP connection. Supported Network Interfaces IPTraf currently supports the following network interface types and names. See the section on Background Operation below. This is necessary because it can operate in promiscuous mode, and as such cannot determine the socket statuses manuzl other machines on the LAN.

IPTraf – Linux Information & Scripting

This indicates the source machine and TCP port on that machine from which this data is coming. On masquerading machines, packets and connections from the internal network to the external network also appear twice, one for the internal and external interface. This is the size of the IP datagram only, not including the data link header.


The source machine indicated in this ,anual reset the entire connection.

IPTraf 2 shows only the source host: The destination is the host: Data link header e. However, screen updates are one of the slowest operations the program performs. Because this monitoring system relies solely on packet information, it does not determine mannual endpoint initiated the connection.

Packet Size Mannual size of the most recently received packet. This means iphraf connection was already established when the monitor started.

Source address and port The source address and port indicator is in address: You can override the defaults with the -L parameter. If the Logging option is turned on see Configuration section belowIPTraf will prompt you for a log file name while presenting a default. Therefore, ppp0 is the first PPP interface, ppp1 is the second, and so on. Majual only an S is present S the source is trying to initiate a connection.

Because of this relaxation, each instance now generates log files with unique names for instances, depending on either their instance mnaual the interface they’re listening on. These entries will eventually time out. However, if these get too many, active connections may become interspersed among closed, reset, or idle entries. While reverse lookup is being conducted in the background, IP addresses will be used until the resolution is complete.

Sorting is not done automatically so as not to degrade performance.

Проект OpenNet: MAN iptraf () (FreeBSD и Linux)

Instances and Logging Starting with version 2. Some unclosed connections may be due to extremely slow links or crashes at either end of the connection.

This is because the traffic monitor cannot manua, if a connection was already half-closed when it started. Just enable reverse lookup in the Configure menu. If for some reason rvnamed cannot start probably due to improper installation or lack of memoryand you are on the Internet, and you enable reverse lookup, your keyboard control can amnual very slow. In other words, it does not determine which endpoint is the client, and which is the server. Entries not updated within a user-configurable amount of time may get replaced with new connections.


Pressing S will display a box showing the available sort criteria. See also the documentation iptraff each statistical facility for the default log file names. Most machines only have one. In much the same way, packets uptraf in from the external network will look like they’re destined for the external network’s IP address, and again as destined for the final destination on the internal network.

Flag statuses The flags of the most recently received packet.

iptraf(8) – Linux man page

Pressing any other key will cancel the sort. To minimize these entries, an entry is not added by the monitor until a packet with data or a SYN packet is received. The window contains these pieces of information: The -q parameter is no longer required to suppress the warning screen. A request to push all amnual to the top of the receiving queue U URG. If the Source MAC addrs in traffic monitor option is not enabled, pressing M simply toggles between the counts and the packet and window sizes.

Just because a host entry appears at the upper end of a connection bracket doesn’t mean it was the initiator of the mannual.

TCP connection endpoints are still indicated with the green brackets along the left edge of the screen. The sort operation compares maanual larger values in each connection entry pair and sorts the counts in descending order.

This figure can be changed at the Configure menu.