IPTraf is a very useful ncurses-based
application that shows the traffic passing through your machine.
On startup, you can immediately see all network traffic on your machine by
choosing “IP traffic monitor.” The configuration menu enables you to change
the logging interval (under Timers) or add monitoring of ports above 1023,
as these aren’t monitored by default. You can also turn on DNS lookups and
service name lookups to get names rather than numbers.
One of the best points of iptraf is its flexible traffic-filtering
options. In the Add Filters screen, the left-hand set of filters are for the
source address; the right-hand for the destination. A value of
0.0.0.0 for IP address and netmask translates to “all hosts.” The
I/E at the bottom control whether matching data is included or excluded.
An important point is that iptraf interprets filters to mean
“include/exclude this data, and show nothing else.” For including data, this
works fine. But if you exclude a particular set of data, that data
won’t be shown; nor will any other data. You must add a second filter,
which has both sets of address and mask as 0.0.0.0, and that has “Y” by all
the protocols, to show the rest of the traffic. Filters are applied
in order, so this general filter must be the last in the chain.
After you’ve defined the filter, you need to use the “Apply filter” option
from the Filters – IP menu, before using the display again to examine the
data you want.
This article was first published on ServerWatch.com.