wiki.ipfire.org

The community-maintained documentation platform of IPFire

User Tools

Site Tools


en:addons:iptraf-ng:start

iptraf-ng

iptraf-ng is a console based network statistic monitoring utility. iptraf-ng is a fork of iptraf and are hosted and developed by many other linux distributions. The ncurses text based user interface makes it very easy to configure and to use this tool. There is no need to write extensive commands on the commandline.

Installation

iptraf-ng is until Core 75 in IPFires testing branch (how to change into it, can be found in here IPFire testing branch ), Core 77 ships IPTraf-ng as usual Addon.

Features

iptraf-ng gathers a variety of network traffic informations such as TCP connection packet and byte counts, interface statistics and activity indicators, TCP/UDP traffic breakdowns but also LAN station packet and byte counts.

iptraf-ng ships:

  • An IP traffic monitor that shows information on the IP traffic passing over your network.
  • The General and detailed interface statistics shows IP, TCP, UDP, ICMP, non-IP and other IP packet counts, IP checksum errors, interface activity, packet size counts.
  • The TCP and UDP service monitor shows counts of incoming and outgoing packets for common TCP and UDP application ports.
  • A LAN statistics module that discovers active hosts and shows statistics showing the data activity for them.
  • TCP, UDP, and other protocol display filters, allowing you to view only traffic you're interested in.
  • A possibility for logging.

Example screenshoot of IP traffic monitor:

Protocols

iptraf-ng recognizes a bunch of protocols such as.

IP, TCP, UDP, ICMP, IGMP, IGP, IGRP, OSPF, ARP, RARP, ESP, AH, GRE and L2TP.

Filters

So, if there is the need for specific statistics, the filter section can be used. Causing ncurses, very differentiated filters they are easy to apply. The filters can specifies also the logging activity.

Logging

There is also the possibility to log the iptraf-ng output. The log is per default off, to switch it on go to the configuration and activate it. All logs are findable under /var/log/iptraf-ng.

A possible (very shortend) output can look like this:

/var/log/iptraf-ng/ip_traffic-24275.log
Sat Oct 12 12:21:37 2013; ******** IP traffic monitor started ********
Sat Oct 12 12:21:38 2013; TCP; green0; 116 bytes; from 192.168.22.12:222 to 192.168.22.2:49952; first packet
Sat Oct 12 12:21:38 2013; TCP; green0; 52 bytes; from 192.168.22.2:49952 to 192.168.22.12:222; first packet
Sat Oct 12 12:21:38 2013; UDP; red0; 184 bytes; from 192.168.100.40:631 to 192.168.100.255:631
Sat Oct 12 12:21:38 2013; TCP; green0; 124 bytes; from 192.168.22.12:222 to 192.168.22.2:49155; first packet
Sat Oct 12 12:21:38 2013; TCP; green0; 52 bytes; from 192.168.22.2:49155 to 192.168.22.12:222; first packet
Sat Oct 12 12:21:45 2013; TCP; green0; 64 bytes; from 192.168.22.2:49970 to 192.168.22.12:444; first packet (SYN)
Sat Oct 12 12:21:45 2013; TCP; green0; 60 bytes; from 192.168.22.12:444 to 192.168.22.2:49970; first packet (SYN)
Sat Oct 12 12:21:45 2013; TCP; green0; 52 bytes; from 192.168.22.2:49970 to 192.168.22.12:444; FIN sent; 12 packets, 1660 bytes, avg flow rate     13.28 kbps
Sat Oct 12 12:21:45 2013; TCP; green0; 89 bytes; from 192.168.22.12:444 to 192.168.22.2:49970; FIN acknowleged
Sat Oct 12 12:21:45 2013; TCP; green0; 52 bytes; from 192.168.22.12:444 to 192.168.22.2:49970; FIN sent; 8 packets, 1974 bytes, avg flow rate     15.79 kbps
Sat Oct 12 12:21:45 2013; TCP; green0; 46 bytes; from 192.168.22.2:49970 to 192.168.22.12:444; Connection reset; 13 packets, 1706 bytes, avg flow rate     13.65 kbps; opposite direction 8 packets, 1974 bytes; avg flow rate     15.79 kbps
Sat Oct 12 12:21:45 2013; TCP; green0; 46 bytes; from 192.168.22.2:49970 to 192.168.22.12:444; Connection reset; 1 packets, 46 bytes, avg flow rate      0.37 kbps; opposite direction 0 packets, 0 bytes; avg flow rate      0.00 kbps

So this logging format makes it easy for further processing (grep, sed, awk, etc.)

At this time there is no logrotate configuration for iptraf-ng, so take care that the iptraf-ng logs don´t uses too much space.

IPFire uses the iptraf-ng Fedora source package. The source package provides also an iptraf-ng-logrotate.conf file which looks like this:

From: iptraf source iptraf-ng-logrotate.conf
# Logrotate file for iptraf
/var/log/iptraf/*.log {
	compress
	delaycompress
	missingok
	notifempty
	rotate 4
	create 0600 root root
}

Configuration

Similar to the filter section, the configuration section is easy to handle. The navigation can be done over the arrow keys, switching the options On or Off, does the enter key.

How to start iptraf-ng

To start iptraf-ng, simply type

iptraf-ng

into the console or your SSH terminal connection.

There is still more. For further informations and documentations, take a look to the below listed addresses.


Translations of this page?:
en/addons/iptraf-ng/start.txt · Last modified: 2014/05/16 18:45 by ummeegge