Affichage des articles dont le libellé est TO-DO. Afficher tous les articles
Affichage des articles dont le libellé est TO-DO. Afficher tous les articles

dimanche 23 août 2009

live network trafic view ? iptraf, iftop

A explorer

On trouvera ci dessous les extraits des deux manpages de iptraf et ethstatus.
Intéressant pour comptabiliser la quantité de données qui circulent sur les différentes interfaces, ainsi que pour monitorer quelles sont les connexions ouvertes.

Après un bref test, "ethstatus" m'a cependant l'air d'utiliser beaucoup de ressources CPU, et semble être surtout un reformatage des infos d'ifconfig. Peu intéressant donc.

Au contraire, "iptraf" était plus léger et apportait plus d'informations.

Egalement, iftop fourni plus d'informations et permet de lister les connextions courantes un peu comme "top" le ferait.


iptraf - Interactive Colorful IP LAN Monitor

iptraf { [ -f ] [ -q ] [ -u ] [ { -i iface | -g | -d iface | -s iface |
-z iface | -l iface } [ -t timeout ] [ -B [ -L logfile ] ] ] | [ -h ] }

iptraf is an ncurses-based IP LAN monitor that generates various net‐
work statistics including TCP info, UDP counts, ICMP and OSPF informa‐
tion, Ethernet load info, node stats, IP checksum errors, and others.

If the command is issued without any command-line options, the program
comes up in interactive mode, with the various facilities accessed
through the main menu.


iftop - display bandwidth usage on an interface by host

iftop -h | [-nNpbBP] [-i interface] [-f filter code] [-F net/mask]

iftop listens to network traffic on a named interface, or on the first
interface it can find which looks like an external interface if none is
specified, and displays a table of current bandwidth usage by pairs of
hosts. iftop must be run with sufficient permissions to monitor all
network traffic on the interface; see pcap(3) for more information, but
on most systems this means that it must be run as root.

By default, iftop will look up the hostnames associated with addresses
it finds in packets. This can cause substantial traffic of itself, and
may result in a confusing display. You may wish to suppress display of
DNS traffic by using filter code such as not port domain, or switch it
off entirely, by using the -n option or by pressing R when the program
is running.

By default, iftop counts all IP packets that pass through the filter,
and the direction of the packet is determined according to the direc‐
tion the packet is moving across the interface. Using the -F option it
is possible to get iftop to show packets entering and leaving a given
network. For example, iftop -F will analyse packets
flowing in and out of the 10.* network.