From 306d8fcefa2622c90b6fe3436d29c94100497486 Mon Sep 17 00:00:00 2001 From: chris <> Date: Tue, 2 Apr 2002 11:27:47 +0000 Subject: [PATCH] "" --- iftop.8 | 67 +++++++++++++++++++++++++++++---------------------------- 1 file changed, 34 insertions(+), 33 deletions(-) diff --git a/iftop.8 b/iftop.8 index fea24d9..0a9ccb6 100644 --- a/iftop.8 +++ b/iftop.8 @@ -16,7 +16,9 @@ iftop - display bandwidth usage on an interface by host .SH DESCRIPTION \fBiftop\fP listens to network traffic on a named \fIinterface\fP, or \fBeth0\fP if none is specified, and displays a table of current bandwidth usage by pairs -of hosts. +of hosts. \fBiftop\fP must be run with sufficient permissions to monitor all +network traffic on the \fIinterface\fP; see \fBpcap\fP(3) for more information, +but on most systems this means that it must be run as root. By default, \fBiftop\fP will look up the hostnames associated with addresses it finds in packets. This can cause substantial traffic of itself, and may result @@ -24,15 +26,13 @@ in a confusing display. You may wish to suppress display of DNS traffic by using filter code such as \fBnot port domain\fP, or switch it off entirely, by using the \fB-d\fP option or by pressing \fBR\fP when the program is running. -By default, \fBiftop\fP shows all IP packets that pass through the filter, and +By default, \fBiftop\fP counts all IP packets that pass through the filter, and the direction of the packet is determined according to the direction the packet is moving across the interface. Using the \fB-n\fP option it is possible to get \fBiftop\fP to show packets entering and leaving a given network. For example, \fBiftop -n 10.0.0.0/255.0.0.0\fP will analyse packets flowing in and out of the 10.* network. -\fBiftop\fP must be run as root. - Some other filter ideas: .TP \fBnot ether host ff:ff:ff:ff:ff:ff\fP @@ -45,6 +45,33 @@ Count web traffic only, unless it is being directed through a local web cache. How much bandwith are users wasting trying to figure out why the network is slow? +.SH OPTIONS + +.TP +\fB-h\fP +Print a summary of usage. +.TP +\fB-d\fP +Don't do hostname lookups. This setting may be altered at run time. +.TP +\fB-p\fP +Run in promiscuous mode, so that traffic which does not pass directly through +the specified interface is also counted. +.TP +\fB-i\fP \fIinterface\fP +Listen to packets on \fIinterface\fP. +.TP +\fB-f\fP \fIfilter code\fP +Use \fIfilter code\fP to select the packets to count. Only IP packets are ever +counted, so the specified code is evaluated as \fB(\fP\fIfilter code\fP\fB) and ip\fP. +.TP +\fB-n\fP \fInet\fP/\fImask\fP +Specifies a network for traffic analysis. If specified, iftop will only +include packets flowing in to or out of the given network, and packet direction +is determined relative to the network boundary, rather than to the interface. +You may specify \fImask\fP as a dotted quad, such as /255.255.255.0, or as a +single number specifying the number of bits set in the netmask, such as /24. + .SH DISPLAY When running, \fBiftop\fP uses the whole screen to display network usage. At @@ -79,8 +106,8 @@ hosts responsible for the most traffic are displayed at the top of the list. At the bottom of the display, various totals are shown, for instance: .nf -total: 3.1K TX: 0.3M peaks: 64b totals: 64b 30b 10b - peak: 4.5K RX: 8M 4.5K 4.5K 0.1M 5K +total: 3.1K TX: 0.3M peaks: 64b totals: 64b 30b 10b + peak: 4.5K RX: 8M 4.5K 4.5K 0.1M 5K .Sp .fi @@ -92,36 +119,10 @@ transmitted traffic, and the remaining colums show the 2, 10 and 40 second averages. As with the per-host displays, the top line shows transmitted and the bottom line received traffic. -.SH OPTIONS - -.TP -\fB-h\fP -Print a summary of usage. -.TP -\fB-d\fP -Don't do hostname lookups. This setting may be altered at run time. -.TP -\fB-p\fP -Run in promiscuous mode, so that traffic which does not pass directly through -the specified interface is also counted. -.TP -\fB-i\fP \fIinterface\fP -Listen to packets on \fIinterface\fP. -.TP -\fB-f\fP \fIfilter code\fP -Use \fIfilter code\fP to select the packets to count. Only IP packets are ever -counted, so the specified code is evaluated as \fB(\fP\fIfilter code\fP\fB) and ip\fP. -.TP -\fB-n\fP \fInet\fP/\fImask\fP -Specifies a network for traffic analysis. If specified, iftop will only -include packets flowing in to or out of the given network, and packet direction -is determined relative to the network boundary, rather than to the interface. -You may specify \fImask\fP as a dotted quad, such as /255.255.255.0, or as a -single number specifying the number of bits set in the netmask, such as /24. .SH SEE ALSO .BR tcpdump (8), .BR pcap (3), -.BR driftnet (1) +.BR driftnet (1). .SH AUTHOR Paul Warren