iptraf-ng

iptraf-ng is a console based network statistic monitoring utility. iptraf-ng is a fork of iptraf and are hosted and developed by many other linux distributions. The ncurses text based user interface makes it very easy to configure and to use this tool. There is no need to write extensive commands on the commandline.

Installation

iptraf-ng can be installed with the Pakfire web interface or via the console:

pakfire install iptraf-ng

Usage

There is no web interface for this Addon. To run this Addon open the client console or terminal and access the IPFire box via SSH.

Features

iptraf-ng gathers a variety of network traffic informations such as TCP connection packet and byte counts, interface statistics and activity indicators, TCP/UDP traffic breakdowns but also LAN station packet and byte counts.

iptraf-ng ships:

  • An IP traffic monitor that shows information on the IP traffic passing over your network.
  • The General and detailed interface statistics shows IP, TCP, UDP, ICMP, non-IP and other IP packet counts, IP checksum errors, interface activity, packet size counts.
  • The TCP and UDP service monitor shows counts of incoming and outgoing packets for common TCP and UDP application ports.
  • A LAN statistics module that discovers active hosts and shows statistics showing the data activity for them.
  • TCP, UDP, and other protocol display filters, allowing you to view only traffic you're interested in.
  • A possibility for logging.

Example screenshoot of IP traffic monitor:

Protocols

iptraf-ng recognizes a bunch of protocols such as.

IP, TCP, UDP, ICMP, IGMP, IGP, IGRP, OSPF, ARP, RARP, ESP, AH, GRE and L2TP.

Filters

So, if there is the need for specific statistics, the filter section can be used. Causing ncurses, very differentiated filters they are easy to apply. The filters can specifies also the logging activity.

Logging

There is also the possibility to log the iptraf-ng output. The log is per default off, to switch it on go to the configuration and activate it. All logs are findable under/var/log/iptraf-ng.

A possible (very shortend) output can look like this:

Example log from /var/log/iptraf-ng/ip_traffic-24275.log:

Sat Oct 12 12:21:37 2013; ******** IP traffic monitor started ********
Sat Oct 12 12:21:38 2013; TCP; green0; 116 bytes; from 192.168.22.12:222 to 192.168.22.2:49952; first packet
Sat Oct 12 12:21:38 2013; TCP; green0; 52 bytes; from 192.168.22.2:49952 to 192.168.22.12:222; first packet
Sat Oct 12 12:21:38 2013; UDP; red0; 184 bytes; from 192.168.100.40:631 to 192.168.100.255:631
Sat Oct 12 12:21:38 2013; TCP; green0; 124 bytes; from 192.168.22.12:222 to 192.168.22.2:49155; first packet
Sat Oct 12 12:21:38 2013; TCP; green0; 52 bytes; from 192.168.22.2:49155 to 192.168.22.12:222; first packet
Sat Oct 12 12:21:45 2013; TCP; green0; 64 bytes; from 192.168.22.2:49970 to 192.168.22.12:444; first packet (SYN)
Sat Oct 12 12:21:45 2013; TCP; green0; 60 bytes; from 192.168.22.12:444 to 192.168.22.2:49970; first packet (SYN)
Sat Oct 12 12:21:45 2013; TCP; green0; 52 bytes; from 192.168.22.2:49970 to 192.168.22.12:444; FIN sent; 12 packets, 1660 bytes, avg flow rate     13.28 kbps
Sat Oct 12 12:21:45 2013; TCP; green0; 89 bytes; from 192.168.22.12:444 to 192.168.22.2:49970; FIN acknowleged
Sat Oct 12 12:21:45 2013; TCP; green0; 52 bytes; from 192.168.22.12:444 to 192.168.22.2:49970; FIN sent; 8 packets, 1974 bytes, avg flow rate     15.79 kbps
Sat Oct 12 12:21:45 2013; TCP; green0; 46 bytes; from 192.168.22.2:49970 to 192.168.22.12:444; Connection reset; 13 packets, 1706 bytes, avg flow rate     13.65 kbps; opposite direction 8 packets, 1974 bytes; avg flow rate     15.79 kbps
Sat Oct 12 12:21:45 2013; TCP; green0; 46 bytes; from 192.168.22.2:49970 to 192.168.22.12:444; Connection reset; 1 packets, 46 bytes, avg flow rate      0.37 kbps; opposite direction 0 packets, 0 bytes; avg flow rate      0.00 kbps

Note!
So this logging format makes it easy for further processing (grep, sed, awk, etc.)

Note!
At this time there is no logrotate configuration for iptraf-ng, so take care that the iptraf-ng logs donĀ“t uses too much space.

IPFire uses the iptraf-ng Fedora source package. The source package provides also an iptraf-ng-logrotate.conf file which looks like this:

From: iptraf source iptraf-ng-logrotate.conf:

# Logrotate file for iptraf
/var/log/iptraf/*.log {
    compress
    delaycompress
    missingok
    notifempty
    rotate 4
    create 0600 root root
}

Configuration

Similar to the filter section, the configuration section is easy to handle. The navigation can be done over the arrow keys, switching the options On or Off, does the enter key.

How to start iptraf-ng

To start iptraf-ng, simply type:

iptraf-ng

into the console or your SSH terminal connection.

There is still more. For further informations and documentations, take a look to the below listed addresses.

Edit Page ‐ Yes, you can edit!
Last changed by Jon, August 22, 2019 View Older Revisions