3fae1acf14
When packets that are too short to be valid IP packets happen to start
with 0x45 or 0x60, iftop will still try to read source and destination
addresses, which will usually just be random garbage.
Note the assumption about what libpcap guarantees in the comments to
handle_ip_packet():
* It is assumed that the snaplen (currently hard-coded to 1000) is
* big enough to always capture the IP header past the L2 encap, and
* that pcap never truncates the packet to less than snaplen; in
* other words, that pcaphdr->caplen = MIN(pcaphdr->len, snaplen).
README for iftop $Id$ Read the INSTALL file, manual page and source code for more information. iftop must be run as root. KNOWN ISSUES Solaris: On Solaris, iftop has to run in promiscuous mode in order to capture outgoing packets. iftop autoconfigures to run in promiscuous mode on Solaris, but will filter out non-broadcast packets which are not addressed to or from localhost. On Solaris, the -p option merely disables that filter. If you have some other sort of system that behaves like Solaris in needing promiscuous mode, you can pass --enable-default-promiscuous to configure to enable this behavior. Cf. http://www.tcpdump.org/lists/workers/2002/02/msg00010.html The version of curses distributed with Solaris may not be sufficient for iftop's needs. You will probably need ncurses or similar.