iptraf-3.0.0/0040755000076400000000000000000010311513054011644 5ustar rikerrootiptraf-3.0.0/CHANGES0100644000076400000000000011107410311513217012641 0ustar rikerrootCHANGES File for IPTraf 3.0.0 Changes to IPTraf 2.7.0 and new features in IPTraf 3.0.0 New filter behavior. Except for TCP traffic in the IP traffic monitor, filters now do not automatically match reverse packets for TCP and UDP IPTraf-wide. Rather, each filter entry has a field which tells IPTraf whether to match packets flowing in the direction opposite that specified. The filters for non-TCP, non-UDP IP traffic (ICMP, IGRP, OSPF, etc.) which never automatically matched packets flowing in the opposite direction, now have that same option field. This way related packets (like ICMP echo request/echo reply) can be matched with a single entry. Because reverse-matching is no longer the default IPTraf-wide, the labels are now changed to read Source and Destination. Default value for blank address filter fields is now 0.0.0.0, rather than 255.255.255.255. Fields are therefore no longer pre-filled with 0.0.0.0. Miscellaneous IP filter entries feature a field for other IP protocols not specifically indicated in the dialog. The user must enter a comma-separated list of individual protocols or a range. IP protocols are defined in the /etc/protocols file. The IP traffic monitor consults the /etc/protocols file for miscellaneous IP packets for the protocol names. Previously recognized protocols (ICMP, UDP, OSPF, etc) are still looked up internally for performance reasons. The filter rule selection now indicates the mask in CIDR format (e.g. 10.1.0.0/16) for clarity and to save screen space. Filter selection list box is now alphabetically sorted. Likewise, the CIDR notation can be used when entering IP address data. However the CIDR notation is translated into a mask and discarded. Subsequent editing of the filter will show the corresponding mask. Changed color coding for unknown IP packets (those looked up from /etc/services to bright white on blue (instead of yellow on red, which looked like "errors"). Added internal recognition for L2TP, IPSec AH, and IPSec ESP packets. Changed size of the IP traffic monitor's TCP hash table to 1033 buckets. Prime number used to improve hash efficiency. A new function tx_box() has been added to the screen support library as a solution to the ncurses box() function not accepting the color set by wattrset(), at least on Red Hat 7.3. All calls to box() have been replaced with this tx_box() instead. It takes exactly the same parameters. Added support for tun and brg (tunneling and bridging) interfaces. Thanks to Marcio Gomes . Modified logging options. The -L parameter now works with any command-line invocation of a facility, even in foreground mode. Added -I command-line parameter to override logging interval configuration option. (Thanks to the contributors of the -I and -L patches. I lost your emails when SEUL reinstalled. Please acknowledge. Thanks. Corrected promiscuous mode control code. It ignored Token Ring interfaces. Changes to IPTraf 2.6.1 and new features in IPTraf 2.7.0 Corrected bug wherein the detailed interface statistics did not filter out the packets based on the selected interface. Thanks to the members of the mailing list for this. Corrected minor interface name comparison bugs in the general interface statistics and TCP/UDP service statistics. Corrected stale locks when IPTraf did not start due to an improper terminal size. Added support for additional DVB interfaces sm2*, sm3*, penta*. Added support for wireless LAN interfaces (wlan*, wvlan*). Fixed segfault that occurs when /proc/net/dev is empty or contains no active interfaces. Thanks to Chris Armstrong for actually trying it out. Added error box to handle the /proc/net/dev error condition mentioned above. Added error box when tx_operate_listbox is invoked on an empty list. Changes to IPTraf 2.6.0 Corrected a segfault in the IP traffic monitor and TCP/UDP service breakdown when a sort is attempted on an empty screen. Thanks to for the report. Corrected segfaults in the TCP/UDP service monitor when scrolling using PgUp and PgDn (or space and '-'). Thanks to Ross Gibson . Corrected post-sorting PgUp problem in TCP/UDP monitor. Corrected inaccuracies in the IP traffic monitor's TCP byte counts and flow rates. *** THE BUG ADDRESSED BY THIS CORRECTION DEFERS IPTRAF 2.6.0. *** Adjusted black-and-white color scheme. Minor adjustments to the printlargenumber() function. Minor cosmetic adjustments. New features in IPTraf 2.6.0 and changes to IPTraf 2.5.0 Added support for Token Ring interfaces. Thanks to many people for help with patches and testing, including J. Kahn Koontz , Dan Seto , and Tomas Dvorak . Added support for sbni long-range modem interfaces (Dmitry Sergienko ). Added support for Free s/WAN IPSec logical interfaces (Doug Nazar ). Code cleanup. Got rid of an ugly goto in itrafmon.c. I hate goto no matter what. Moved write_timeout_log.c to tcptable.c. Recoded the PgUp/PgDn routines in the IP traffic monitor, TCP/UDP service monitor, and LAN station monitor. These routines now directly manipulate the table pointers instead of merely calling the single-line scrolling routines repeatedly. Faster. More efficient. Added a highlight bar to the IP traffic monitor, allowing better readability, especially on long-line screens (> 80 characters), and individual flow rate computation. Added flow rates for the highlighted TCP flows (IP traffic monitor) and TCP/UDP ports (TCP/UDP statistical breakdown) I believe this is the best way to allow viewing of data rates without excessively sacrificing CPU time for packet capture. Filters now apply to all facilities except the packet size breakdown and LAN station monitor. You can now view the loads and protocol breakdowns on selected packets only using the filters. No more byte counters in the IP traffic monitor. This line now just contains a simple packet counter at one end, and the TCP flow rate information at the other. Moved menu, selection listbox, and dialog box functions to a separate support/ directory. These routines are first compiled into a library and later on linked into iptraf. Added a confirmation box to the main menu's Exit command. This is as much for me as it is for a lot of people. I accidentaly exit too. Added broadcast packet and byte counts to the detailed interface statistics log. Some cosmetic adjustment. Added 5-minute timeout for rvnamed child processes. New features in IPTraf 2.5.0 and changes to IPTraf 2.4.0 Now includes a more specific dialog for non-TCP and non-UDP filters. Allows specification of packets by source and destination IP addresses. Better organized the filter management and manipulation functions in fltedit.c, fltselect.c, othipflt.c, and utfilter.c. othfilter.c renamed to fltselect.c, same thing with the .h. All filters are now unified in a single data structure allowing handling of TCP, UDP, misc IP, and non-IP toggles with one set of functions. Separate TCP and non-TCP filter menus abolished, everything is now grouped under a Filters... submenu under the main menu. Corrected wrong placement of timer in the packet size breakdown. Corrected scanning code for timed out entries in the IP traffic monitor sort function. Wrong computation for elapsed time resulted in active connections being placed in the list of closed entries. Thanks to Gal Laszlo for pointing out the symptom. Added support for Frame Relay FRAD/DLCI interfaces. Thanks to Raffaele Gariboldi for the information and testing. Sorting is now done with the Quicksort algorithm. IP Traffic Monitor now adds connection entries to the TCP window upon the receipt of header-only packets. There are cases in which we have to check for possible TCP scans which are implemented with non-SYN packets. The reverse DNS lookup function revname() now times out after five seconds, and stops reverse lookups for that session in case rvnamed dies. Added some notes to the packet size breakdown window. Moved rvnamed cache index update code such that updating of the cache indexes will only be performed once fork() succeeds, otherwise, the allocated slot will just be reallocated for the next queries. This is so that should the fork() fail, future invocations for that IP address won't have the rvnamed parent thinking its resolving when there actually wasn't a child performing the resolution. If the fork() problem condition was temporary, the next invocation can still have rvnamed fork() off to resolve the address. This of course assumes the IP address hasn't expired from the cache. Some cosmetic updates (as always). The manual features a new format for the sidebars. Corrected typos and spelling errors. iptraf-x.y.z.tar.gz no longer comes with precompiled binaries. However a separate iptraf-x.y.z.i386.bin.tar.gz will come only with the precompiled x86 executable programs (i386/glibc-2.1/ncurses-5.0). New features in IPTraf 2.4.0 and changes to IPTraf 2.3.1 This version now allows multiple instances of the same facility in different processes, but only one instance can monitor an interface. Please see the RELEASE-NOTES file. As a consequence of the above changes, the default names of the logfiles then reflect the instance or interface being monitored. See the RELEASE-NOTES file. Implemented a dialog box allowing the user to log to a custom log file. Implemented -L command-line parameter to allow specification of the log file name when IPTraf is started with the -B parameter. Removed hardcoded UNIX-domain socket name bound by IPTraf, instead a socket name is generated from the current time and pid. Also removed hardcoded socket name in rvnamed, to which it directs replies to IPTraf. rvnamed still binds to hardcoded socket names though. IP Traffic Monitor can optionally display the source MAC addresses for LAN-based packets. Added appropriate configuration item. IPTraf now reads /etc/ethers in addition to its own database of MAC addresses. Thanks to Frederic Peters for the patch. Moved time-related configuration items to a Timers... submenu to save on screen space. The version.h file no longer exists, rather, a plain version file is in place containing merely the version number. The Makefile reads this file, determines the target machine information and passes this data to the compiler with -D parameters. Imposed an upper limit of 200 on rvnamed child processes. rvnamed should really not go runaway with a normally-functioning DNS server, but I had the good fortune of experiencing a dead DNS server while monitoring. Took my machine down real fast. Precompiled executables now require glibc-2.1 dynamic libaries. Included a Setup installation script to ease somewhat the installation process (installation can still be done the old way though). Cosmetic/color changes. Reflected changes to manual. Changes to IPTraf 2.3.0 Fixed segfault bug when sorting is attempted on an empty TCP window. Thanks to Ramon van Elten for the report and for the assistance in diagnosis. Fixed cosmetic error (sort progress window doesn't disappear) when attempt is made to sort a TCP window with only 1 entry. Thanks again to Ramon for the report. Updated some comments. New features in IPTraf 2.3.0 and changes to IPTraf 2.2.2 Implemented sorting in the IP traffic monitor, TCP/UDP statistical breakdown, and LAN station monitor. Great thanks go to Gal Laszlo for the patch. (Note to Gal: I had to do a heck of a lot of overhaul, and had to implement a clearer screen design, but your patch provided the basis :) Thanks a lot.) Implemented better bounds checking in the text input routine. Added information boxes to TCP/UDP delete and detach filter functions. Added recognition of GRE packets. Modified non-TCP display filters accordingly. Fixed bug in unrecognized IP display and filter code. Added filter item for unrecognized IP packets. Removed leftover code from the old warning on IP masquerading. Reflected changes and corrected typos in manual. Changes to IPTraf 2.2.1 Fixed recognition problem with DVB interfaces. Fixed small buffer overrun in TCP timeout log routine, which can cause a segmentation fault under certain conditions. Minor cosmetic adjustment in TCP connection window. Changes to IPTraf 2.2.0 Fixed segfault in IP Traffic Monitor due to packets from an unsupported link type. Fixed segfault in promiscuous mode management module in the (rare) case of a failure to save or load the interface flags from the temporary storage files. Normally due to a bad installation. Thanks to Udo A. Steinberg for the report. Added support for Ethernet-emulated FDDI interfaces. Thanks to Udo A. Steinberg for the report and help with the testing. Added support for DVB interfaces, thanks to Alex for the notification and the help. Replaced inet_addr() references on filter address entries with inet_aton(). This fixes failure of filters on packets with 255.255.255.255 in their source or destination address fields. Thanks for Peter Magnusson for the report and the test environment. Overhauled TCP/UDP editing facility. Fixed bug wherein garbage entries remain in the filter's parameter list even if an insert/ add dialog is aborted. Fixed detailed interface statistics logging bug (activity and packets-per-second figures were the same). Apologies to Dustin Trammell for my failure to credit him for his report on the behavior of IPTraf on bridges. Changes to IPTraf 2.1.1 and new features in IPTraf 2.2.0 Immediate flushing of disk buffers after a log file write to better accomodate separate logfile parsing scripts. Addition of a manual and automatic clearing of closed and idle TCP entries in the IP Traffic Monitor Added a TCP closed/idle persistence configuration option to control the TCP closed/idle clearing interval. Clarified TCP timeout logfile entries. Saves the state of the interface flags at startup of a facility, and restores them on exit, allowing interfaces previously set to promiscuous mode to retain that state. Important on bridges. Thanks to Dustin D. Trammell and Holger Friese for the patch. However, I had to modify it a little more than a bit and had to overhaul quite a good deal of the rest of the software to better accomodate multiple instances. Promiscuous mode is set only when a facility is started, and restored when it exits. Promiscuous mode is no longer forced at menus. Restoration is not performed though if there is still another facility running, but the interface state remains saved. Fixed a minor bug in the LAN station monitor. The raw socket is now closed when the facility exits. duh. Fixed rare bug in the packet size distribution. The lock file didn't get deleted if the raw socket open failed. Changed the promiscuous mode option to "Force promiscuous". Cosmetic. Added PID's (a la syslog) to daemon log entries. Minor cosmetic adjustments. Changes to IPTraf 2.1.0 Fixed bug in the packet size statistical breakdown. The facility didn't filter packets based on interface name, thus causing inaccurate counts on systems with multiple network interfaces. Fixed a few minor cosmetic errors. Corrected some typographical errors in the manual. Added a FAQ (or the beginnings thereof). Added a spec file for RPM generation. Thanks to Dag Wieers . I'm not a really good RPM'er beyond RPM installation and removal. :) Changes to IPTraf 2.0.2 and new features in IPTraf 2.1.0 Added non-IP to the display/logging filter selections Added interface selection to the IP Traffic Monitor and LAN Station Monitor (with an "All Interfaces" option). Related to the above: now requires an interface name as an argument to the -i and -l command-line parameters. 'all' may be specified for monitoring all interfaces. Added -B command-line parameter to fork program into the background solely for logging purposes. Several people had requested this. Corrected TCP/UDP filter file placement error. Included cfconv program to move files to the proper place. Added program-wide Ctrl+L sequence to redraw the screen if corrupted by outside factors (write, talk, syslog). Added TCP/UDP filter editing facility. Corrected several possible buffer overruns in TCP/UDP filter module. Corrected errors and reflected changes to manual and man pages. Changes to IPTraf 2.0.1 Fixed a rarely-occuring but nevertheless severe segmentation fault bug when long hostnames are coupled with long service names. Great thanks go to Ronald Wahl for the advice and the help. Ron, I'm really gonna find the time to do the code the Right Way :) Changes to IPTraf 2.0.0 Fixed minor non-IP byte count bug in detailed interface statistics. Fixed minor cosmetic bug causing elapsed time indicator to appear in the wrong line on screens not containing 25 lines. Thanks to Uwe Storbeck for the patch. New features/changes in IPTraf 2.0 from 1.4.2 Now uses the new PF_PACKET socket family as its packet capture mechanism. Requires Linux 2.2. Added target/source IP addresses in ARP packet request/reply packet entries in the IP traffic monitor. Also added target/source MAC addresses to RARP request/reply entries. Reorganized menu structure, see the README file for details. Moved packet counts by size to a facility of its own. Added corresponding -z command-line option. New incoming/outgoing packet and byte counts and activity rates in the detailed interface statistics facility. Corrected a bug in the FDDI packet parsing code (wrong link type). Added a check for the IFF_UP flag when generating interface lists, to omit inactive interfaces (but still in /proc/net/dev). This covers the General Interface Statistics and all interface selection lists. Now uses the maximum number of columns on the screen. High thanks to Michael "M." Brown for the patch. Saved me a lot of tedious work. :) Reformatted TCP screen to show only one hostname:port per line, with connections indicated by the green "brackets". I think that's clear enough. Added ARP/RARP opcode and target addresses in the ARP/RARP indicator lines. Added vertical scrolling to the lower (non-TCP) window in the IP traffic monitor to allow for long lines (ICMP, OSPF, some UDP). Allowed for slightly longer host names in the lower IP traffic monitor window. Still increased the rvnamed cache size to 2048 entries. Miscellaneous cosmetic changes. Manual now includes screen shots and comes in HTML format only. Changes to IPTraf 1.4.1 Fixed SEGV condition when attempts are made to load a filter list application or deletion with a zero-length filter list file, which could be caused by deleting the last filter. Thanks to Daniel Savard for the report. Makefile comes with the -m486 option commented out Changes to IPTraf 1.4.0 Moved configuration status window to unobscure a long menu option. Changes to IPTraf 1.3.0 and new features in 1.4.0 Support for PLIP interfaces. Support for other ISDN encapsulations (specifically raw IP and Cisco HDLC) high thanks to Gerald Richter for the information and testing. Added -q parameter to suppress the 1.3.0 masquerading warning for users who wish to automate the various facilities from their inittab and similar non-interactive fashions. Incorporated into the Debian version of 1.3.0 by Debian maintainer Frederic Peters (, carried over to general release 1.4.0. Added an option to change activity indications between kbits/s and kbytes/s. On a suggestion by Paul G. Fitzgerald . Incorporated more flexible compile-time control of directories for configuration, log, and other files. Thanks to Stefan Luethje for the patch. Corrected minor flaws in the default screen update delay code (visually insignificant), that led to occasional skips of the delays. (Call it nitpicking if you will. :)) Moved signal() calls to after terminal checks in iptraf.c, allowing standard behavior of signals when error/warning messages may still be sent to stderr. Allows the user to break out of it with Ctrl+C at the terminal warning if so desired. Reformatted IP traffic monitor log entries on Gerald Richter's suggestions for easier processing with Perl scripts. Included logfile rotation with the USR1 signal. Again on Gerald Richter's suggestion. Moved first-instance tag sequence to after the initscr() call. Indicated IP fragments with no additional information in the lower traffic monitor window. Datagram size, addresses, and interface are still indicated. Changed Non-IP count in IP traffic monitor to byte count (including data-link header lengths) from packet counts. Consistency purposes. Added some extra information for certain non-IP packets. These may eventually grow, but not in too much detail, since this is an IP-oriented utility. Thanks to David Harbaugh for the patch. Removed bind() operation on raw socket to address a condition in which the detailed interface statistics and TCP/UDP statistics stop counting if an interface goes down then up again. This will be studied further. Symptom report sent in by Roeland Jansen . Changed Ethernet/FDDI/PLIP description file formats from binary to plain text, allowing database appends. Other files (configuration and filters) are still binary. On a suggestion by David Harbaugh . Copied IP and upper-layer headers and some data from Ethernet, PLIP, FDDI, and loopback frames into an aligned buffer. Avoids SIGBUS on picky systems (like SPARCs) and general alignment problems. I don't know yet which is worse, the overhead of a 96-byte transfer or the performance hit with misaligned reads. Thanks to Jonas Majauskas for reports and tests. Replaced __-type references with u_int-type references. Increased cache array size in rvnamed to 1024 entries from the previous 512, to better handle combinations of busy networks and slow DNS servers. Cleared up a few instructions in the Makefile, thanks to Arjan Opmeer New features in IPTraf 1.3.0 and changes to IPTraf 1.2.0 Experimental FDDI support. High thanks to Paonia Ezrine for the initial tests on the FDDI code. More feedback is requested on the FDDI functionality. Bugs may still be present. Reestablished ippp interfaces (synchronous PPP over ISDN) after reports that the ISDN problem was fixed with Linux 2.0.34. Fixed fragmentation oversight in TCP/UDP service monitor. Applied the bind() system call to the raw socket to have the kernel filter out packets from interfaces we're not interested in. Makes for better capture times on multiple-interfaced machines. However, a strncmp() is still performed on the returned interface name to counter the race condition between the socket() and bind() calls. Fixed interface statistics print routines to print unsigned rather than signed numbers. Added additional option to adjust screen updates. Useful for IPTraf sessions run on remote terminals (thanks to Lutz Vieweg for the suggestion and Dean Gaudet for the base patch. I modified it a bit, Dean.) Discovered terrible performance penalty due to screen refresh with heavily loaded LAN segments. Therefore, with the new screen update interval option set to 0, all facilities have a 50 ms delay between refreshes (exception: the LAN station monitor has a delay of 100 ms). This is still visually fast (although updates look kinda slower), but this gives more time to packet capture, therefore increasing accuracy and capture performance. Thanks to everyone who responded to my request for advice on this matter and to Ronald Wahl for giving me the symptom report. Modified IP traffic monitor to mark TCP connection entries for reuse once one side is fully closed and acknowledged ("CLOSED" on the screen) and the other closed but even if not acknowledged ("DONE" on the screen. This is because many times, the last ACK gets lost. Included an additional parameter used together with the other command-line arguments to specify an amount of time for which the selected facility would run before automatically terminating (on a suggestion by Linux HOWTO coordinator Tim Bynum . Supplemented the main data structure for the IP traffic monitor with an open hash table for increased search efficiency, especially after the facility has been running for quite some time (the other facilities, which don't grow as much still use linearly-searched linked lists. I'll probably hash them depending on feedback.) Fixed rare bugs in various facilities that caused IPTraf to attempt to proceed even in the event of a raw socket open failure. Fixed SEGV condition when IPTraf is invoked with a command-line parameter that cannot be parsed with getopt(). Added labels to LAN address description selection box. Fixed unsightly LAN address description dialog scrolling. Added a separator feature to the menurt.c module, allowing separation lines within menus. Added separator lines between related groups of menu items in both main and configuration menus. Changed the Options main menu item to Configure. Added the space bar and the '-' key as "unofficial" alternates to the PgUp and PgDn keys (it's not in the manual). Transferred Ethernet description facility option to the Configure submenu, and added a related facility for FDDI addresses. Removed Ethernet-specific references where FDDI and (potentially) other LAN technologies also fit. We'll just use "LAN" as a general term. Adjusted detailed statistics screen to automatically generate the appropriate packet size distribution brackets based on interface MTU. This means the brackets may no longer end on numbers divisible by 10, but rather on boundaries based on the MTU divided by 16 (the number of brackets). But at least 1500 is not hardcoded anymore as the maximum. Related to the immediately preceeding change: packet size distribution updates are done one at a time now, no longer as a whole bunch. In other words, as a frame arrives, only the appropriate bracket is updated. Also related to previous two: changed basis for packet size distribution to the Ethernet frame length from the IP datagram length (which really doesn't matter except for a few frames). Fixed bug which causes the existing log interval to multiply by 60 when the dialog is aborted (instead of retaining the current setting). Thanks to Chris Higgins for the bug report and the patch. (I had to modify it a bit to fit in with the screen update interval patch sent in by Dean Gaudet.) Potentially large counts have been changed to type "unsigned long long" to significantly increase running time on heavily loaded networks, plus automatic switching of denominations (from exact counts to K(ilo) to M(ega) to G(iga) to T(era)) to prevent screen disruption (on a suggestion by Lutz Vieweg ). Separated log file into different logs for each facility. Moved log files to /var/log/iptraf to avoid mixing them with the mess in the /var/local/iptraf directory. At least that way, we humans don't have to look in /var/local/iptraf anymore. Relaxed multiple-instance restriction from a no-multiple-instances-of-IPTraf requirement to a no-multiple-instance-of-the-same-facility. In other words, several copies of IPTraf can run, but only one instance of each facility can run at any one time. The -f parameter removes the tags, overriding the restrictions on that IPTraf instance. This modification was done to address needs indicated by Chris Panayis ). Added a startup warning box if IPTraf detects IP Masquerading enabled on the computer. IPTraf will continue to work, but its results may be quite confusing. The detection is done by opening /proc/net/ip_masquerade. Modified additional port facility to accept ranges of ports rather than several single port numbers (on a suggestion by Lutz Vieweg ) Reduced minimum number of lines from 25 to 24 for better VT100 terminal compliance. Miscellaneous cosmetic retouches. (I consider user interface an important factor too, ya know! :) Distribution binary now comes statically linked with ncurses 4.2. You may recompile to suit your system. Included manual pages derived from the Debian GNU/Linux 2.0 distribution. Man pages written by Frederic Peters who is now maintaining the Debian IPTraf package. Reversed version order (newest first) in the CHANGES file. New features in IPTraf 1.2.0 and changes to IPTraf 1.1.0 Increased buffer size in ifstats.c for /proc/net/dev lines to 161 to better accomodate the longer lines in the new 2.1.x kernels (which will be carried over to the new stable kernel series). Based on bug reports by Dop Ganger and Christoph Lameter et al. Fixed rarely occuring high CPU utilization bug occuring whenever a terminal connection is lost, resulting in a SIGHUP which is ignored. (This is an example of a software author's temporary insanity. I mean, what sane programmer would set SIGHUP to SIG_IGN for a terminal-based program huh? Thought so :) Thanks to Dop Ganger for the symptom report. Refined Ethernet station monitor rate updates and scrolling code. Fixed autosave bug for non-TCP filters (this was working before 1.1.0. All of a sudden, the function call disappeared mysteriously. Must have been sleepy that time :) Fixed bug in UDP filter default settings. Added option to display TCP and UDP ports in either name form or numeric form (on a suggestion by Felix von Leitner and others). Added facility to describe Ethernet addresses for the Ethernet station monitor (to address needs as presented by Erlend Middtun via James Ullman ) Added an additional field to the TCP/UDP filter dialogs to allow the user to "exclude" certain addresses from the display allowing all others. Details on the new behavior are in the manual (on a suggestion by Sean Hough ) Relaxed screen management code to better adjust to the number of lines on the screen. As of this release, columns are still based on a maximum number of 80 though. Also under study is a SIGWINCH handler, but this will have to come later (on comments and suggestions by a *lot* of users...thanks guys :-) ). Fixed a subtle bug in the rvnamed interface IPC code, resulting in an accurate transfer of data but causing recvfrom() to return an EINVAL at unpredictable intervals. Bug was an uninitialized address structure length parameter. Code in both iptraf and rvnamed was fixed. Eliminated unsupported interfaces from interface selection lists. Included enforced restriction disallowng multiple instances of IPTraf and an overriding command-line parameter. (This may just be temporary, in lieu of a more elegant solution). Included autosave for TCP and UDP filters. Filters now survive IPTraf exits and restarts without requiring manual reapplication (on a suggestion by Chad Clark ). Included upgrade program and makefile rule to convert IPTraf 1.1.0 configuration and filter files to 1.2.0 format. Clarified TCP/UDP and non-TCP/UDP filter error messages. Color-coded the TCP and UDP protocol/port indicators in the TCP/UDP service monitor for better identification. Revised IP traffic monitor to query rvnamed only once per invocation of the facility. Less overhead. Revised IP traffic monitor to open and close the rvnamed communication socket only once per invocation of the facility. Less overhead. Added a 2-second delay after the rvnamed invocation to give the daemon more than enough time to open its sockets. Fixed SEGV condition which occurs when an attempt is made to destroy an interface list never loaded (which could only occur if the /proc system is unreadable, something which shouldn't happen on any decent Linux system). Moved filter list load routine to fltmgr.c, for better linking with the cfconv module. Makefile now installs rvnamed together with the iptraf executable in /usr/local/bin by default. Added table of contents (hyperlinked in the HTML version) to the manual. Cleaned up the Makefile. New features in IPTraf 1.1.0 and changes to IPTraf 1.0.3 Added command-line options for direct facility access from the shell, and an appropriate help screen for IPTraf invocation (on a suggestion by BJ Goodwin ). Added separate DNS reverse name lookup program (rvnamed) for quicker response time on reverse DNS lookups. Subsequently modified the revname function to use the new functionality. This also required additions of address resolution state fields to struct tcptableent in tcptable.h. Added checkrvnamed() and killrvnamed() to revname.c, used by itrafmon.c to query and stop the rvnamed daemon. Added scrolling capability to the general interface statistics. Interface list will now grow as packets from newly created interfaces are received (e.g. PPP interfaces). This now makes IPTraf better suited to monitor Linux machines configured as access servers. Interface selection lists can now be scrolled. Increased maximum number of entries in for the non-TCP window in the IP traffic monitor from 256 to 512. Fixed SEGV condition in itrafmon.c that happens whenever the Down cursor key is pressed with the lower window active, but not yet full. Added elapsed time indicators to each facility, showing the hours and minutes that have passed since the start of the monitor (on a suggestion by James Ullman ) Changed ncurses include file references from to Cleaned up preprocessor code for glibc2 support. Thanks for help and suggestions from John Labovitz . Thanks also for a test account on debs.fuller.edu opened by Christoph Lameter . Fixed SEGV condition which may occur when trying to close the log file which may never have opened (thanks to John Labovitz for the patch). Adjusted cosmetic code to better indicate the closed status in the TCP monitor. TCP and UDP filters now accept host names in in place of IP addresses. Host names will be resolved and can still be used with wildcard masks (may be useful for names that resolve to several IP addresses) Distribution now includes an HTML-formatted manual. Changes to IPTraf 1.0.2 Fixed SEGV condition when scrolling commands are applied to an empty Ethernet station monitor Distribution executable now comes compiled with -m486 by default. Binary will still execute on a 386, but a 486 or higher is still preferred. Changes to IPTraf 1.0.1 Fixed conflicting hotkey for non-TCP filter menu items RARP and IGRP (the "R" key). Changed the shortcut key for RARP to "P". Modified layer-2 header stripping code to cleanly ignore packets from unrecognized interfaces (see README). Fixed "duplicate port" misbehavior for the "Additional port" dialog's Cancel command Added error-checking for the port list file open sequence. Added PgUp/PgDn capability to the facilities that can be scrolled (IP traffic monitor, TCP/UDP services, and Ethernet station monitor). Cleaned up scrolling code a bit. Fixed bug in the non-TCP logging facility that caused extraneous log entries whenever the window is scrolled. Sent non-fancy messages to standard error rather than standard output. Changed a few messages Changes to IPTraf 1.0.0 Fixed X/Ctrl-X keystroke bug in the General Interface Statistics module (thanks to BJ Goodwin ). This was kinda an emergency, so I fixed this and released 1.0.1 immediately. iptraf-3.0.0/Documentation/0040755000076400000000000000000010274340316014464 5ustar rikerrootiptraf-3.0.0/Documentation/README0100644000076400000000000000164207470405072015351 0ustar rikerroot*** Documentation 2.7 README *** This directory contains the IPTraf user manual in HTML format. The IPTraf manual has been redesigned and has now been recoded into DocBook 4.1 SGML format, and translated into HTML. It now features navigation much like the Linux Documentation Project manuals and HOWTO's. The main file is manual.html, with the symlink index.html pointing to it. The SGML template is included but gzipped. It needs to be gunzipped and run through the make process for the version numbers to be tacked into the source. Running make will generate the final SGML source and the HTML files. As of 2.7.0, the manual is now released under the terms of the GNU Free Documentation License of March, 2000. Screenshot images have also been converted to Portable Network Graphics (PNG) format. DocBook icons are included in GIF format under the stylesheet-images directory. Gerard Paul R. Java riker@seul.org iptraf-3.0.0/Documentation/iptraf.80100644000076400000000000000570407445317677016071 0ustar rikerroot.TH IPTRAF 8 "IPTraf Help Page" .SH NAME iptraf \- Interactive Colorful IP LAN Monitor .SH SYNOPSIS .BR iptraf " { [ " -f " ] [ " -q " ] [ { " -i .IR iface " | " .BR -g " | " -d .IR iface " | " .BR -s .IR iface " | " .BR -z .IR iface " | " .BR -l .IR iface " } [ " .BR -t .IR timeout " ] [ " .BR -B " [ " .BR -L .IR logfile " ] ] ] | [ " .BR -h " ] }" .br .SH DESCRIPTION .B iptraf is an ncurses-based IP LAN monitor that generates various network statistics including TCP info, UDP counts, ICMP and OSPF information, Ethernet load info, node stats, IP checksum errors, and others. .PP If the .Biptraf command is issued without any command-line options, the program comes up in interactive mode, with the various facilities accessed through the main menu. .SH OPTIONS These options can also be supplied to the command: .TP .BI "-i " iface immediately start the IP traffic monitor on the specified interface, or all interfaces if "-i all" is specified .TP .B "-g" immediately start the general interface statistics .TP .BI "-d " iface allows you to immediately start the detailed on the indicated interface (iface) .TP .BI "-s " iface allows you to immediately monitor TCP and UDP traffic on the specified interface (iface) .TP .BI "-z " iface shows packet counts by size on the specified interface .TP .BI "-l " iface start the LAN station monitor on the specified interface, or all LAN interfaces if "-l all" is specified .TP .BI "-t " timeout tells IPTraf to run the specified facility for only .I timeout minutes. This option is used only with one of the above parameters. .TP .B "-B" redirect standard output to /dev/null, closes standard input, and forks the program into the background. Can be used only with one of the facility invocation parameters above. Send the backgrounded process a USR2 signal to terminate. .TP .B "-L logfile" allows you to specify an alternate log file name. The default log file name is based on either the interface selected (detailed interface statistics, TCP/UDP service statistics, packet size breakdown), or the instance of the facility (IP traffic monitor, LAN station monitor). If a path is not specified, the log file is placed in .B /var/log/iptraf .TP .B "-f" clears all locks and counters, causing this instance of IPTraf to think it's the first one running. This should only be used to recover from an abnormal termination or system crash. .TP .BI "-q" no longer needed, maintained only for compatibility. .TP .B "-h" shows a command summary .SH SIGNALS SIGUSR1 - rotates log files while program is running SIGUSR2 - terminates an IPTraf process running in the background. .SH FILES /var/log/iptraf/*.log - log file /var/local/iptraf/* - important IPTraf data files .SH SEE ALSO Documentation/* - complete documentation written by the author .br .SH AUTHOR Gerard Paul Java (riker@mozcom.com) .SH MANUAL AUTHOR Frederic Peters (fpeters@debian.org), using iptraf --help General manual page modifications by Gerard Paul Java (riker@mozcom.com) iptraf-3.0.0/Documentation/rvnamed.80100644000076400000000000000135607063154457016226 0ustar rikerroot.TH RVNAMED 8 "rvnamed Help Page" .SH NAME rvnamed \- reverse name resolution daemon for .BR iptraf (8) .SH DESCRIPTION .B rvnamed is a supplementary program distributed with iptraf. This is a reverse name resolution daemon used by iptraf to resolve IP addresses to host names in the background, keeping iptraf from waiting until the lookup is completed. .PP This program is only used by iptraf and, therefore, is useless alone. .SH FILES /var/local/iptraf/rvnamed.log - log file .SH SEE ALSO README.rvnamed - documentation from the author .br .SH AUTHOR Gerard Paul Java (riker@mozcom.com) .SH MANUAL AUTHOR Frederic Peters (fpeters@debian.org), using README.rvnamed General manual page modifications bu Gerard Paul Java (riker@mozcom.com) iptraf-3.0.0/Documentation/iptraf-configmenu.png0100644000076400000000000001554507470161111020614 0ustar rikerrootPNG  IHDR2nzgAMA aPLTE4aYYYAAA000Yߪ}}}}}}}}}}}}}}}}}aaa}}}}}<Y]00}Ӛ000}}}}<<}AAAMMMϛdbKGDH pHYs  ~tIME;wJIDATx `OlܝYE_2g _t^T( "3*Xa/Iz7HZok2ok =^:X皒R7 :S_R/۴{ϫ%9aDe-奯AtLDzSDr2OQ)"C9Ed( "2SDrPN)"C9Ed( *zk z62Jo' Ԝtƭ#2?@aSt>1PtEɝ:fW8\Df28b,̎ r}l)=|k/S? >+:ٕGf/&ca ?!t=܇L_"2{TCf #Y2!KQDFzH犾*l,Cd@&l>=%[|=96٣KtA&l@fy}t;p2k32Gd>0wx^eM zw.T.F'j6ȼy7 H8[ƿBͩ^re^Vw{2: LSnaQ [Nn&2,7ΧD @[VfL^^dZ|22E.Pm$6]2E_y2yq72 2elZA&"Y~v̕$\ƾR>ʤ%TQےY ,ҩf<Oh#x;iBUh[`JUC&Ts9j';k26s+ J?V˄pT2w$27Xi äF!I/SϬߨ @eDIfKL u>]Ivn'Hd7+B6q5q#IZٖ_k:p$2P 2z,f_ }~7hu'{p8LP*!323ci"bR1;vfDqa@d"25" Fi{53͌iGu݃wiIȌޖ]ݟ[(d(Ґ;bF#LWax?Ɇ&4A(5PW%cUQP1 N뼡\EcŤv%2Ug>Zۋ4z/0)7,1n4ݵH"S^yňxkU}GηeNVdCFFi,#KMo"چWQ!ҷTˌI'H1ޮX̘  "WOgdW.<7 SDdXD8Ed\Ȩe GBFl;z}*lK>.%L؁#u2!XTxQ.Ӷ33z'{$Tb]szȍS+Kyu<8wȄXeȄ'e*2-]#,DdVdadg1D]avX0 2N"!2N2+?zn=.i@lח"#g1ȘGLφ1;ٸ0-?,/Nv]ngcu ^}w S]f~P1M 2O˕^&4Ed#7dj]vyB&Թ/T2jvaȘu;ܻcB `~V7 .6B1}]-Gܖ$2N29I|G~Mdabdx"fw5͡y]:BzMḇvg#s|2r*,F([ 9D.[.͓~`? -v2!8`4׿RsȘv߷eY^( ˗a2;ke2w52;2d#,ɼyXϴe"z4 - g"3fE(dr@,d9j,Kwm@@~ W#od jDH&(hl͘ YYfu.0j^&ΐppƔ!^ƭǹYKy^.HCq.C#]G 5q!i V<1 mDX KKб;~cZMqy&=j/D3ZqLiga!3-TS%+8NFF[ZEҸV#^MqX: XЙATXȩ[!ctش3f&'WeŒYw AȤ&5a`*GX7j(@l[;%IR,| ' ȈjN}\5*|ÞФ*3+x y4Khekdd[8`I֫YBZ[-VD9l/?02 ⶐIGSyˤJtXf mʬi .,ѵtNCfh{!3\ dDfDŽL[VRfCJ<4 2VuOuT<*3Hc:'f%K3l+jj[F/a@d"2D)"Cd"2D)"Cd"2D)"Cd"2D)"ӃL- Ks CeSD8EdSD8EdSD8EdSDƁL^9DžwTLe*ǺNj~Q|E!f/#_n2LdB-zfdFMdZ ^dO;V^L!f1y;ϩkP4 [ɉ~J,eI%xWkf&r3md>@>C@oȄzxIN/υ̨׽7BfwB c\[ PT:OtX>nU 9mCp(Kɶ8Y¡(ˌ19S^=="2D)"Cd"2D)81;t”5d=] 2u<2GΘp "s9NNzoha DfՖ|VX<˺r)opN6@F,Ӱ1'HP[8Xt\J}x#? A#AGZX^f wF&"3n'ZGTwt̰݁l B#SnNwᯞd ɦld`'qSyFx'3Cdϙ^fV7 >}Na٣=&. "2{mI"!DjCZ}{^1:[mғ lEfg ha*;٭a#28[/Wrn}ɎȔ۲),FAfnSUffK=4(d%ރ4 &ɋA##&Rƽ⿱E I&Q*e.eyא  w2p seI /1xN6x2Ӯ ܶ_Gm4)7L7JTD\nhz1\HPi(;%2mu/S.5C#X&^*7Oi1̨~L0fLɛ&MyS7${Lj7~1<ٿpT7`ZÃL i 9c?,CғeAFT"i=4Nf)V:`+z>+vY>tg|h`^&/$!ߌLjP= &2!#2$YKy58y $: JWl܋ =[-EdPܖAAAAPJDd!Cy("өk"2y("өk"2y("өk* "2SDrPN)"C9Ed( "2SDrPN)"C9Ed( "2SDrPN)"C9Ed( "2SDrPN)"C9Ed( "2SDrPN)"C9Ed( ?d( TFQ= oؙSz^ݹWhh#2/)̉gCi]+^˙W:K^J(ةgyAf/UEͲX_ʲ{YQ<_(bؼΡlQ^KdKd(Yu_^?Jqk2FgRvĠ /.Y*\Sw2Vr7 D&婲 LzOWx&EPҟ㑩J獲Z{@XPoJB|tA1P+y=Y-dd2J1{38+3 qX\tfʤ@S$tqR]xZPϨ%SUη#^/Gh9, B=EyQ3i5YWЅ TT_]7h  2PNd'> oXCo)p p2 -cY>be.ID=NlwlA p\>'U8?Q`^<덲OB&4I_Ԑ ·}leQ٩2w Hݽeτ𭎌VcVݎP,;&CF_)) 6!9*]S^2G QjciȈQVXfRcH |{dj^-_@EHJ. gL~("C9(>ѷZCIENDB`iptraf-3.0.0/Documentation/iptraf-dstat1.png0100644000076400000000000001432507470161111017655 0ustar rikerrootPNG  IHDR1`} gAMA aPLTEYYYAAA0004aYߪ}}}}}}}}}}}}}}}}}aaa}}}}}Y}}}}<]}A}<<AAZbKGDH pHYs  ~tIMEΓfpIDATx PaS $<,ԽWR!F?BEf_ @ d#(K$QGK2:!ƷM191_\(9qD 1:M&u[#1W1pzډA'e/lh@ 0Kb @ dlʉqߧܛ|wf\g;OT1<36~*+1;;tbm#FT9 0wd qLX91ǧ4(8QuI+1IY,~0[OBȩ%qn ĤE|!8ӈI:;w TbG_Vtb rbI@̮:%[.lQ’3-bĉ{f[VxR/co3WV"?f_b @ dl1M  @6&b @ dl1M  @6&b ~CL\/5d/$x3y1Ercs0Rac | O *c?&&.Ak7]#ycLR:X8]x6廮41o,TӌȯeW~nsN?L d:',&3ɔg|nsVt d'1ɟ Yg1Ȯbs>İ\ =[pE+Bc%F_467 {\0HLcf""/vvGmlb t\0Vgۍ&t1js"5=NJj ^Hɜ}+p ੕ˉ)Pĺk8F5m^ML1܉7/n 9x10($wls:O|{P4VƺtjbxUvI"7z)X18/q1vYˬm^M RZhb[YZuE੃^'b=3wJyl҈b;x?!Wl1IH8`&"ߔ?Q/l!ؒqg:XsjOf1cH);Xs}IiT@.b @ dFL{iN=E걠->:Dϼ_eP GRvo!9|:xŽ1a&ȝ뙒/|;%fvãhpXk@ԦI2b [+2t`ᄫvΚg.ZQG;X8Ž:1 TX;%aմpmǤVigK[dM `Ll>?%VG4T $_a'\eL'J1M f -[#NLuvlx,3Kb:=0[],~]0둬輮sp21#)3IkzC)1EY4[@a?qĈ5:o^ vwĊfWD!^Q Bڤ3:b(#&=<ɡAa8kS|r|1[7}i's11 &X-pkJgy2c[X;8~jL%ZY(@ X&b @ dl1M  @6&b @ dl1M  @6&b @ dl1M  @6&b @ d yϕ.FLFpRKfOއ.C4#no;6&sӛ&XA/ko&)1)#s$31r"_ČS)1W#3b*1vc$eήk,X'&_Dux㯵O؍IoTQ#9ͧ)_+~0yM^(bj"vgiu<7+QZ.yϜZ!IA. Wj :'F#fbÀ&U H/*~tJٛZ9K)2!oȈOKKY+yq[bUp) J2~ 7}ﭬ>CD1vNi(dJ)h/ I95 + H)kc8Nj[E)11VɛqN~} |$|ݢ''h8&b79x4#rreij6lC&~F ^ߑNF4U#]H||cbؐ5-&)P>:Q(e<֌ꔌKn2]LO'Ld>N$Xp@h;Ifr~MVF?1C6i$Ig뙗P!9 .6<,Y԰!/ɉ%#f+3y%qb<.(,YjVP ]F1RHS$C4,Y#<$҉݄C_YDŽ8 pNb#+8F'F [? |ŽJՑoէfcbJ]~y 1z_x.MCw  {VSW~I-ײ<ݖ\O XUD t@ dl1M  @6&b @ dl1M  @6Ȧ+]"O{!嗄>U-ݑn T4bb/Œ'RYww1m@r31Sv" [If]C|wL'hRD8, $i\HLY*<ҫU'[҈HbVK91 Y4.˴ˌcN+- m!o9jbdT"3!V"_(XiH#F.15bCy[ÈOj!eĄհ Z/N #Y58IDWJ!Ab֓[z;qzG[F_ɨRc w1bn\O f\^ĄuwM;G 6lЙ6& FlЙ6&F4]+,ބLn@L9Grөe #&݁Vԉ n@ ,l&m?NftbXW%BRV6O1uLcDZ$?NXBӪ)uadDoDzsb̘i p\ٚ|a! fL5bȏl;-3bZ ĈEVφ1C\R/įOj.|abH##qs*1 Y4Ťe|DprV(jQ;1Z!Hdv%Oڝ٭r˧]:Plib/@QB_S:1jO`F12AbPXu;bsׅmc݈]қ3݌^9a:Ӄ)oa&{T"&hs6Q4.x81PY$7?N>y fs4$[g}%M͏ȕ]vޮʈQ⃼@ dS1b "1'/hgn@6VIX z`5%T1yx0ʈcgC9+ *J?Q b? c Rw8#J򟯆^,@6ȦΖIENDB`iptraf-3.0.0/Documentation/iptraf-editfilter.png0100644000076400000000000001145507470161111020611 0ustar rikerrootPNG  IHDR2a]యgAMA a PLTE4aYYYAAA000Yߪ}}}}}}}}}}}}}}}}}aaa}}}}}Y}}}}}AAA<]0008Q}ۚ00㺾Ϛ0<<AMMM'/zbKGDH pHYs  ~tIME ;IDATxmr8C[pWq&if48B_\f̐tȎ_2_:|+Q~g6'͞2iK̟2w_3/!Sn(Gn.JiX{QsPgbKpc/?nL(_ @e@e@e@e@e@e@e@e@e@e@e@e@e@e@e@e@e@e@e@e@e@e@e@e@e@e@e@e@e@e@e@e@e@e@e@e@e@e@e@e@e@e@e@e@e@e@e@e@e@e@e@e@e@e@e@:B3z3y]eoz{h2M|LU䱴/d,I~j5}q;Ɓ)g6ejk:0+e~S .+3Wsߟ۔߭֕Ny{ۤ]K2_g~6%g6\FHT?4ez ɗo2պi|C\uD=w[_LovqIp-ni(27t4[eT]{Q4Nɟe ԕygIjhL&ɮ qBNCe'_[iIW~Lh~Umqhim2&0'>>>l*5)D2=SpH9ÝSf^5Ӌ؅VӔL:;VZ*SZ;(g&$U_aSr?2*DΔj1T]4kJiYܯ-.xPԀH1AeUjc%qev5B}F:g܌`n"ʹr]-uYy̩?T*އ(Wm{D96hޙvlx2˜S& fMNJe/CRgs@#dl] N`KJ E *5CvKm:+sJe!(SϮ \ԛz?v Chu_#(SvG)5`3kc6-J[uM.,@^HZ? >p tm[ 6u;y98Tw?tDpߛpQkS`cv .?̷.̰̺}[SmGl}\l]TR+-8/#$rSE#uD{f'v͔xO7 {9UWK{qz_>CwbCW7 (aqqkJ&/Tv3ʄizWʤ=&JejtERg2e煺I#gJ}.2! ɨF;jpn4OGW*S;ԳkE]g{aMfv(:R*Q}*Ǖ)/Ե_aDr'ԵtyL]mZϤBO$$~m[+mv vx+l֔{;^;'k]XoAo.dqGJ]( ׼ kh0'y|7>/yۥyY>[]>$¯`+49m|ۅAʍ% 3Z:ԯ^QpN^M{)ie4C+EeҞWꚚwP8_)ei um I Y8LLF}6QkuwQJ/AP[8^!t}79y5Sj(:R*v|Ǖ)/_aD2oo:z j,%x=OզzyhLJNt$/M.[5&~dʀʀʀʀʀʀʀʀʀʀʀʀʀʀʀʀʀʀʀʀʀʀʀʀʀʀʀʀʀʀʀʀʀʀʀʀʀʀʀʀʀʀʀʀʀʀʀʀʀʀʀʀʀʀʀʀʀʀʀʀʀʀʀʀʀʀʀʀʀʀʀʀʀʀʀʀʀʀʀʀʀʀʀʀʀʀʀʀʀʀʀʀʀʀʀʀʀʀʀʀʀʀʀʀʀʀʀʀʀʀʀʀʀʀʀʀʀʀʀʀʀʀʀʀʀʀʀʀʀʀʀʀʀʀʀʀʀʀʀʀʀHtR sTq2ap&!Q潹;2}e2^o>˝lvE w+xN(3YWfˬےWڌ oQ7(ӶLEtw(Ӫ8}Ȱ{}YKl+ e1}Rf;e);U5 guXZ[/)ʀPDPDPDPDPDPDPDPDPDPDPDPDPDPDP0>fM{ՉFW|{%{>@8V)38z:O~4uxLm|?Lfc1ycB;nfchnt ͹X7e+Rmogf`2^嘟focaqɭ]C]m}llcǬ ɕ_\J4ؘU&f]TXѬ5觵qGͷ|LH=ej]RƯ]QYJ9*e?ˤi)q1y~ IdOU&z;D7$2qrdݗqJ)KwM:_lO*u<2 z+S&^ |cizӚ>9zQ}q-7e5πqk(uȭ玚]1(3-U&Ǔ_-oeފ7 skIAAAAAAAAAAAAA"L:9F|æX!k5J/i<|!IuL9c#ܜa{l*UX} yp~|QmS&i0wW{osYם?6J?'2c?Ld eY';@LGmDPa&>~kaqm0{PvMØ!a~ W]~mΗ}&hCo)SܛaT׏{p&cUl(GUجevEw}hjg?ٍL.M@a"I#<\1'7;fɔ7)+{Ǽ a~7 D ~dGbO!z_ݨ̼7LkoCǐ՚빼#\Yzf0>ym=zrTPie$c<^ȊIENDB`iptraf-3.0.0/Documentation/iptraf-filtermenu.png0100644000076400000000000001074007603006722020630 0ustar rikerrootPNG  IHDR@P!gAMA alPLTEÂYYY000ϚeÚeee0eeϚee ammmeMMMA0U󲲲UƺvbKGDH pHYs  ~tIME *IDATx풫 @?Mw2J7n=MFePr Fgm~(8z}?dTY/ AĢv`I_7vI4Ԯ sǫUZ+h)[ B0(TnM.G#p!`P `~;, B0(  B0(  B0(  B0(  B0(  B0(  B0(  B0(  B0(  B0(  B0(  B0(  B0(  B0(  B0(  B0_@zi/Ct!^ZA]/eVP2DK+(x륕TOd/EPЂ ZPAA "(hAA_-(苠}/E2_^tGx*Lv(KYpo߮U} ʐ=c 2ג0%x<~q?AA_Q  rRbW*'q}V3SkFP)7/Ң :BPAA "{Lؤ nPpPC.|kT&%刾~WzFT@A_ : "(hAA_-(苠}/E*7eE϶&\;Qevֻ:(X^Qv!TOS; ~b|gSe+U5 "E%vΧ$糳*q$BMA;lkS2g'LܲϺ'Y5U=. ~-)l'FMLS, RH[AeBC+X1G+hx%4-d4|/Q9cCBm#.HL2v˷M_T0fSc!}dq\I' )a%cّ2>( AxEGWtpJ? "(hAA_-(苠}<' ‡|Z(x8Wt_5dYS' 3JYŵdɋs>O_$?IdYwy̘&MK i|O* mVS%aFv(N@WH]@A]'` /x|vXuQzB4T{ZAA]2BHLR#NU ]Mq}kլ( (hj6Sl3)حDA]gV4*h͛\k;(Q ٯ}>Һsl,aAA]b WfB`!&yLz}E1+(AA]( @AwPP @P'(5|LyCdbmS~j{mʹkN.Gԃ$t?nc~; C@A]N_yFkQYQp(X/ϐ} 7=a'O?E1(֫Jl~ @3\HN\Eqk{ `OP 6=AP'(~g*Iλ7?;ɝP(bi-uՇ$SYT0;>E11*8}NOdIν/?;3^FZ~{nuQLj鉯J~Jsfwe.xz%ſ`W;J R/K٩`έl8 |x)ޚ2 VQVuQL3 &.&˩uQL\IAs=R#>YQat|nvkZuQP ` 6=AP'( @`Tp;*=?wğ秶t1sؽE1bova<SYT0 EȺ)[*"|$Y8*83AE1MU%6?\mZS y sXk[٩`Ϊύ) @6^ohuzVGUP7o%(F]]@A]#V0S#lTP?2E?_aYQpw~f] 8L5=AP'( @`(l{ `OP 6=AP'(+h# xΒW>OYʧ=9K>\>Q'gɇ+' ,pD%|Z(ؓÕO{r|i}`Oq(l V8Tl VT R\bg >]MPaLeuFt / [-vѮ\Sw7((û ت`ݹ *_ &n)øN]竮7hU Rj&)T5 :RjtP(((HQPPБBU#FAAAG U)T5 :Rjtd,d4AAw[ ZPAA "(hAA_-(苠}/EPЂ ZP1 'xP`zg}1 E nYO /+i= H\[I /R >Ao2 'xaPݔYYO /R5AA_ : "(hAA_-(苠}/EPЂ ZPAA "(hAA_-(苜i=8%^ZA]/eVP2DK+(x ^zi/Ct µ@A!`PAA!`PAA!`PAA!`PAA!`PAA!`PAA!`PAA!`PAA!`PAA!`PAA!`PAA!`PAA!`PAA!`PAA!`PAA!`PAA!`PAA!`PAA!`PAA!`~~nw@~oGmTyMgޢYL ѐHBY\P0S:O~XQiUpy,QR0PcAvA4]*&~q|%\m;1iyHBS,CA; {Z~& ?>dáa|PK`G-B/;٠3lO2%lyfNep'fm cUG /Zr񹂂JA$pl$Qpz׋5sܞ_o&|ȶ+3#cl~$t~8R+ziX^S' ij*Ɲq$~>t&g{rƸeUզ_oljeMsc,,nsf[3i '= x [4쳏aobEǭr3Q7Bg0ܣU'$뱐4uB[E`%Qv(evJ.ETy[$muG0eVrwYM*/fy/+΂||`CcʹFY)Z4vW^ǭO6]ZDm4,[P> __FfYP}1+(?2>ͲDիr-ӣNCv,Q򃶻z!W>XQ~/?qXZ ~R9Ҵ8J,z]yhqo~{套uT4 =cKhfXmBu}3c;.׊|uJW8Z[}Q~M.׊GV>c*#@e2TFP*#@e2TFP*#@e2TFP*#@e2TFP*#@e2TFP*#@e2TFP*#@e2TFP*#@e2TFP*#@e2TFP*#@e2TFP*#@e2TFP*#@e2TFP*#@e2TFP*#@e2TFP*#@e2TFP*#@eh%)dW,W^1H 2Ml[*+p0b/(wN0(߆aP:,YL%m: ifqQXJRض-;lO Je6CPSH%7>\k*&aed)vSj %Ƞe{J4Q`D_=msur S{z/kISXru5, M^ Ǖ:ݗ'r;ЫrQD5U6bʋV C5f= ʋ6Qѩ 5|o=׃M6i+\vČJ$4W-캉{ʾjNK.5OK0[Ka`1e/Reuvz;}%Nnaj *E~.a8T V*:䣼6~,|͟X+PϵiGk3_F9D0/ʶ*SH~Uw:ʹSUg(c:QV~x_yIjgV^ec=̎7鷏yNnzWKk*Q6?vS9hFQQK<sy{mӏ&ǕzYJiΟE^̔cC 3\:zvK<.d^zYkf`4reQgU\;됲xvnfluS1tR'[luۦL6xb5*eˊ%O{7nޤB@YVo]÷&)FQpIENDB`iptraf-3.0.0/Documentation/iptraf-hw.png0100644000076400000000000001263507470161111017075 0ustar rikerrootPNG  IHDR3S>`6gAMA a-PLTE}}}aaa0t*xbKGDH pHYs  ~tIME -V IDATxIګk U`rj 0kXd U nB7hhd|da qӑfUbk4O hy@OgS" T& כfh[;Tk:::T4M>N;'r{/~IuINCɅ v֞)ͺHo+ O.>_KO0][x{.~:.--^S%csj*/˅=K4!BǮ.މJx7AUSm7gOSMBYznR*Y8}JBSmJζ,иa&QKd/e"jE-S&~Y*h^I5hu**=`29;%''WE :*:eO8hMf?Wv*^Wh|&]/lA0\bA2NB(1h`5o]Z>1hv>^6Wte{b4Z6I/cѡh\; >j4!51sl/5mfh% h7}H,j_VCmjEW cM 5%xB.NcM١YluCCpx͜vʭnf.)H =-_:j40粎FhP(Ӳ\@M@!P]E898kn̑.1&@ 4Q+q,?J//b'넛\L4*U%b{zڒ PѰd4b*×?/n4v jӥi4Fw4ԼrGٞ[ij]UQm#rB\ R)..8JT˙ձțlm(ښ7v!MMR -{|6DaioAKZrC&i:VC LKIN%TIciBW9,7Ш=*o5/قfsHih?aYDcdyc-^ZW(BBׁ7Ѵq>:`w(52 .W3/޶y_S5ּI(fV*-}Լ[x? [a =ˮy_::>y4ɲ MyY<";"O_QLZR:k$ߨ,pG{]1^5MPЌ9Gi 4̚hy:ܽ¢}.h4=v.ޖ(6 ȑy;hgyé}b@]=uo"; s=6Ji7T,x7 !Ez]m}=4мh&8oR4oRQsk׵F.ѨN7h⼿,7$vqqߕDȤW59ZbrE4ߓ%4 KmyOnvn4vj_1mXqތq*rs(49whySRlskޫVSÏԼS7 X3APOмS7]9k״F.Ѩv-6I{;;@4 l?罭T_ewc؛iv65+4G<́- tE< lZhYҚ7JQ>5yS@ ?DP7׼8ohiK4uk׵FS 簎Fyo c0Kv86:0mm&Q@{A׼&9l<;М#hdye |B8hYXй>qkBu4u4}AN]a+6I߬(sx=.bsOѼ$%2<]PcVꞬyyDcc.4.P'7PӼ!y4oo<{ By{5+XGZG}hr䳴/>czыx0J#PS.&4.O@6ǚh9e)d4!75.jXsUqj4S7t / e! .*l2#6V3-/qXU53/Eb^LB+W~I :: & E{ E_ jQQ!⺓? 3߹;wS~+Tj[fFhT [ j6i=|s|?ӝela^Y<Q[u;p% ͒ 4>Mif-, GEU iml?{tޖű?e%:^e.EHK iy U 2QcAg1=~jBqAl1zNͫiK4؆ŷ݌ yn2 oH cRg^'@Cc0kv(XT;~ $y|M 9X@  4s^e4yu{ȏ nfS>d@rz]2V*"mAa@4 Y`+ %i]l# Sl@U{lj. AAIENDB`iptraf-3.0.0/Documentation/iptraf-hwsort.png0100644000076400000000000002305607470161111020004 0ustar rikerrootPNG  IHDR4USgAMA aPLTE4aYYYAAA000Yߪ}}}}}}}}}}}}}}}}}aaa}}}}}Y}}}}}AAA}A<0008Q}ۚ00㺾Ϛ0<<MMM00ee0000000e0e000000eee0e0eeeeeeeeee0ee00e0<bKGDH pHYs  ~tIME 0,ݔ IDATx[ |@99FTZUMڦ  sp\.-\94a14!:%ɖ/H{ЩmMAm;rh~^]< ysO^]o"lTOr-;m]!h{rp/_kװװװװFY꿛o&V莼P.+lpAJ JAs.X {ٴr ;|G^Mi x=V.Y1ugޡЬAK@'UjeMH^ ȞD (tJ5+nC>YEдgCS…Adt pti4邚Zi.ءY¼4t@A\"إkN(ZWeTsA\M4]H;j/bǢ SaVL;/M2cٔB=]0 `//fvEv5M3д]p 3[)4.TR hD-v L+ U)ZifVں By6Ol1L兂OGÄ˩ù.[uAɊu3м]И.xh\CV fvvM@ܥFhxoZېGG!#)HiqWZ{e;lJ(Ci(;Kfʵ ǡ٢[`RJr=5H֜$[Nٓv:Ց4-J=9!K\JVllNJY_ ǽnfQB/փrH .P>CvtQ.XWr۴WMU]_S^g=QRCP Lԋ'kL;;ZByQ-L6{L{´M?Cb *^ nl |14a+*>ji> CAr~&(Uzh: M0]53 M8D)Д.\hj**WF^ HbLy´*VhD[(C߼ w jfys4ɛWBy;.J55a+2fuxR] j/5,5߄ߞWfS%C̉U 0f8`(biE`Z[ݓZM.V0Q-BeINдdt‡kuá642{+  )4^,B!ɴCk j݆&,T b-4f3eS%*48 Zv h lԥ㌵{ UJsE#e&̅ 3`^"fЃ*/ýP-|0KwI$[T dpAa7*s  `"% k ~^? *if|Yk\kX'@#*y+K hdW дof|hBNy 68JKs2Y2M#ΛVܶ DbrCCoBa2SJɮ4gDM1m#/"eUMԕ5;`[NG~-oehˡSq^vIA39K89,6Ϛݞc4eT^?s̓^ x4pDֲq \d)Yx^+Y ly7*KCE@?R. Z8I:A5´'ChuHS%hj#hګ4Q2eДvk(Pvѹ3rg{%_pbmҾA]OPȤ`Ι 5B5vDz`@5c_ɹQ_ 7{+qzzNe a.LOQwO9Y8mVK3WTGe W9‹~^? wW0r[O[y<͙I|F)I};鞃Фǫ5y:l'WS;uw"_ ^ 'CͨM˚Wćա'r2h5qq+ضe = Zr4X]sC#VRFO5pw-2 cCCf 5Gy~ضu@3.1+f+Ǡlhp4cZfxL@9Е> ͬܧqpnSIhrn σfk{7 XM_Xw[tvKph?%(94 EFM;chX AF`hš1Ttck랎X1z34AEz1ahYY [A+uh"R{n܃XۺoχfM({[7s*4{џQ d|N|4;6 eH/& Nn}'{DFl>Z6"@ wJ98x4L^2k+84C44i*Y9[ R1S2N UGF Ʀ9444"! >2P(4و|1tfѡQj@˵[FSJt*y#]`84>05O`pQ`|TsV(IӋΙU @#Y 44Ɍ'}If) ѡ9 R hC,'-@<4huHS%hӁMoKc֡PFh>X]#Pܱ)[{%HnL{AB֪f3I2;9(wòýh\C4W#|C4ѝ*K{Y=cdhU^kb1#4g,a9d%Oq@)BФ?j4aYЈ+cP͠\Al@/#+xjMC^R/Qdu/a9 cY+ݸKrˡn(6JtHEܛ4Ikn@*F&kn%xfu͂M4W/ccEsnKSYƲ}WQfRS|Kaf:4u#3BKhgAcwO?h~І/PZaYpH;Sip!sF.Nc˜A<]i3rg?t+g<3rס~iۋp7kY8 |4s jij7P7校c3hpSHfx),ay4rd;ݙʮYsyڦ>}-wĢZGO_mB b[4-wj>t]_huh-; j4t]_h&4F^٩4fiς-_hܹs"٥{Qh_˝{EqֆR21{|_hFxG0]rh+:4JW.a Ea4+;Xw7g'OZ"emGL{qwro 2?xJ֚7σFJp^а/_a͜c-ۡyӜXg)-j5"/*4Ve+z#ýÍא l~́~}rå}a++,fpLCZK#r[I7Zqhf`Y4l ]64RF<=M^=ͽ;@8:r64 4#kӼ,w;~;%O3Q+Z@xt-wn]j-{萯>x'H-S#+ K%(1dN,/E9y 7$ю<]|AYri牫M_ Di;b`7jpiv]ҟ3uBV#8x4l4X2]`h*[9$?W)XtάFp !b1wV'r0qJk-1H!GW>@цfYX]l MsL#k!ۋ?3smhR/D4uա)v{zM)> BIW4nLso.[^hR 2\)_ˍ0|o,:IḢCPthN_mRɡi(:4JW@sZ}Z{M{j65t_^֣ݼ4SVp*nDM3SuCB~GtZ3ZyKX~/uva+ =<4AhrK׿ .XI&)iơ㻽6uZ;>Mg$rC._d"τfNyrCVN&tB7wB}kQh?^Há7E#E᧠Ii&l04÷Gz84oBԍk&2yUr( MKMC_X*94 EF1?%sby)2Q΋igG^uَӖcdY}ֲ\qZUOć1cR9hD ˵]9搷c(5̃|{οX` P6e&8fLhjmzwMXeTM<.:gVic?4mCѫotO_]O[ QRD4$ʻrxrWc7uA#eAs˿!u8)gd1K{{zBS(p?teh,SMn!^q,fΨ[S{¶,݀o,7𺘛_Yr̀e9rW˳.F8Xnɡi(7+&_U=/,F(A˺KoWG O-y|&_wf(4|ZV#tz{h^L棬t@'[ xT~|n y/[s9 hχD<+B?1#(ȟ?"0V 3&4^hY "CAZώ8QxxYC^h(Xeʟ1BMAx6%@r?͟F2SVXܨ- \;nkw,AhdcIҊxm-5 {{r349aEowBQ= Қ/,jzj9Vښzk'j!ѯs4²OqEFM)EVdN,/Ey9G11-N[vh 1t8ǚ&nq<رe؞X,hh^gMmUAǦ\^܄dX5 ЌC֎:QJL@Chpd&}*mth1^'ftK 4<4f!uiCs@цfoUJ14sSШ&ϡ9 <'+ц&,2 milѡPFdP0شIA) @dH.8Uf7fK|{LL+g{P@@%(]{%(] AIoyXLGyrucb97LЬ/].cP'yZTm5@M1 lM]-5@3;4}4&x;4#dhfr-7=.$)SOc=r.hiHҠ [CSw>qh\rh\*AcoɜX^sԭbfّ9EAvc*C^{sbMn$]Jol8楝H0|[j@h!}۫Q\P.BaF$hshJiBL ܄fKh՜_t2ʠɁE*)^2 tO*tO|A{t()HC BȊCmh?F=Ѐ1ћr %.@<Ƽ) {Fr-YZP4c/P&]Ѹ252b>5rj>۫+9~mCD!gƒFp ˡq 6 _kXA ?sJ&n ^3ܳO}SScW]1+W~+9C$hi-Q1&R9e\veF;>#4%C3V<^X \5o勠S 7.Knww- gŻ SY-dHBL;=]agrCCC U_fVNFY?EIDATkWFQ}Ѓ 1n|A9}qdTA3844cY0i>gA>҂fܓ64ӊCqhZ~Q4vSlAr4Z5 - *7pzoKf^5LCR=fU4fId,H6*Zmh:.GC=Vl)[SSO̠.ѪYlR!DJ*i2Ac h C|X$rp-lUhO, U2؎GhɎA#Ь40^'p'YF1E|';dޚڄCJ+Di*r>YJa嬖lu0]dF֠!Bm>SgBWm/rGr i -IENDB`iptraf-3.0.0/Documentation/iptraf-iptm1.png0100644000076400000000000003012007470161111017476 0ustar rikerrootPNG  IHDR`{8gAMA afPLTEMMMYYYAÂ000 ammmeee0eeeee0ee0e$ A6bKGDH pHYs  ~tIME:gI IDATxݖ*:^;1P*I8NH;5c>lB@PhBJPrCa> 1xCHt [Fe  @RF]Ib(>PFT/C#* ͕"m'x x+ 04WA`h\ Csexi"P.)vwX>ϵKO~8;Q@\l(r n!!P{_ar A$"ը|4RI`i2.ZO+u#%G7H`'} @3,@SUߜ0Vxp/@4Hȣy_^Քjʋ K߯̾Kd#s3s6p!kgdVg(}TC!"Ӝwz c> 1 wvC} *": H`Ec+IGaA=R{vpr\p.?xZ.Is~q: wai >yG'%YEk* U 04WA`h\;rWYp' C"86cK{jqrn|5Ii ?uZ.^+=FkCU.2tp"^sD'W:*G p{:4_%*g~H0'=kXFg<d]GJ(NtPDp tV @rX2tr hl\9[:Co>mz4QNpnC!/r]XZ@z@4lk5 _(l\jA`(9E`%GcEZ+,2 rRTͽpH报NĂRgtz!(b  0VN<@as48{DFw",/_96H˺@G/Xtt𜜄@#>lpыĬA"_?𰯷u Q&QcP x~ s]OMb"Мp];s4}TDzdO<3Op@2V{ N[=Վ\ Cs* UZЉ!!D.e%WlY:6)_g2cDtaC{Aq[Հ~!KeC`e@Uĭ[%?PPz-$ R`Na9?YdC;ҋX19(;zRYu4M$tHs*!Ј04C*4B0mǨ>/5), >Ow"<  X]nY׶q~P1pT}Y3]9!^9@Owϊ>s~r*_) (Eu񳮲%i\G2k4߻^>sQvxBk COkEp(M`("}?p~`:_xז*Եc͎]i%4͍Qdվh7#\3E'8EOPr[Yֿ`5<_gu,khf[%}D>ܶDŽ$ΛD `hz0 CK5J4 #~3a)Qsd:gF<0y98Dy61o1R/buxaki3S'ciŀA`j\kp(SӸ6}?4>m gX  x&=?M`No䓄X~O~+&ջ8_'M $^ b]y೿_Aljz +\ 04WA`h\ CsUsȿd^Z^/%>2t ~ŘjC.m ,Wcpq{`Zp^7 , +4DDy5$Υ :wt+0 t­%"ëd,(N$Pnrb[-2ЍZ)H.1<Ί‡h˜g'8@?B”sF|C |@I^yV;.1 2[`LIk@~w:=?wEZr l߁jǩ \)'CEoJ`c* Qԫ'bFY*w VKpUe}s9Wc.ċ'i=p~XѶ9#{i@[灠$qMkh4#x/Ȕ~Hoj 8z{wV{/ov䷗w"Eў}?аo3 ~3×iY/:6:(^}?Ј3OOwa\P@v5GO:4(9^,^tw mJxW!4O"y'KxX-uWlOCgx ؘ.V<78+|WO>cvNY5Վ\ Cs* USiqU&ױO[;+,t7m ٪1NJ^2VE:6ӝV;~ r6$t+D2[c_;up|+~ 4GᕺYwc>16o8Nk+E*x ^}1ؗ^{PWu+#OyرP*yezr p] "D6' "tD:k^>G]z?@~B$y]?^#C0<Q?'yȐ!o-=~(0@usawOKN-W;Bs* U 04WA`h|jZM/Vz°]h]4}|;: hR3xgi?u]/KtGxg]ߜ%{[bϡY_H1E|,2t$BjU cgX'[X0,#PuSw,x ]ïf8N8$ y9ŝ8R?:ub}0>ommܧpOrsDt9/#FIDJӓwTv"+;H2U=2}1:{W!63}3ܵC \` x<{ch4vݖ՘dJ%klYVkz $pg(%P9":~!P?BP!0tZ Cs\xg[}yT}a+8z]XR۱u!cYs⹳}A~W@{eh VwH#=DNBg1XTJ mY|| 3X"p{a(X",)4ANUQ5f8y ~7PݳvUKVH]VOnpUr(CW5KWg t%rWwt$4G]^.oӔrǏ~?;sb O BFFT@#l1s=5ԥM9J =%BDk֍w0ǶŔ p v_ cHS%h7< ĺb@nMTṞ]GL!1뭷5sEvh|`S"\O碶i48hO71o3^g+b <@تK#S&F,b?Fˣ|WF 좏ovh'sD:R?$A#WS*΅I":Aeb]zAM-杗dw ,ᴿv"C/TbaMS n oL7]!h9v; #n||3t(zx;;tboLh\z@7hziC0VcSw-W:WA8'(巑`N.6*9񊞲?Љ֧\ҹh-f yx΅r #6ˀ]1Lks2N?/r~:ɵ`zZE'hrvP)nƝۣ|h'K*ؿԄNsR7w@Eum1~V_9{w @;3I䯈yIHBf L)+لS]mRJrT˧jٗPg֝?I WSV̍ԅ߸+qǨ>VO9 |Sⷸ[:w$A{@Ji!Gx(]bv@M`,HE{nc&l g(MUjZT;4@mjU pQŴ_Oi@'ƒ +{FO*xp:f80+SDLMy \,'7r@[X9#U~S:>8H f_Yz.giu(};K9U7&4WP CsS9~,)VbC[2:.%7fڐ/(W7GL&֌bݞ/na?(=A^TIDATjftէkF g ;Ú]?#y^w&ޙ@SO`5Qk eG.:_s"gCoЬ?uU.n է=Y*®P9u%1jK*C ]iiVHYUA4H<ӺZ/HOvi XPK (G`-W5Sll_wY_Oz#Bf@ϡf}`"(U)~BOVU#K͟gȮ<@q$\ǵNዑF#T,z@n]*\7vMrgVQ/+׋y2RQlvW%3xڱ"-s&/V|iJkzr̲ggo0r3N [SӾd=釕ߒa[|R+|+r?H{WkzL^{cBs* մ~L^~bek̾Z: /Ҽ^LƮ`o/zeꑼ0?GbV:1bZϐz݊ϳ$ 4Vޓ^?0W HҚrw](AF_Vi?tJ>9_YJ?뜟̧?-͗e1g1S#[~Jzd>w\V׹Tz%me?Z3J5έ ^ѷp>oť*v5}+@*F \&P8C@NK`LeE(xCы>@'Hz_-lO`"P7 [ھWїtʕ*K`M[~TJ W/֬+3N~ɐ0_F;V S%("U l=ffKjR pܬ/i6A0 v#M!Aw77$p<> ,V(4 iLGn[0"0wQh_#//~zM׎̐)`rnb5aIFp)˭"η,_\"z=@d}QN0QMR >K/Pi< ? @vzSɣ]GhԗY: '!P@tY{ÝZ[5MvчeYcVKk#ЪJ,uH4j4]f Q9 r6K: l̗юEƂG..s7_擢?~uU= `%V%uzwԃZ ;Ω 04WA`hbz>=FDHMDv#63}J7\ؼחEX,\CT#lMedO_q>-MK:TQn8 a8-,P?Lz/g*8N0QMR >K/Pi< ? @v^N@.GQ4H,ݓ(A N-r ݈-&}ò{׬q Zԏ("i}*?K?0G..sʏe奌'"ʃ|M9 ]5qDXDɏDA0ݯQv@r' &--7&O@[ɪx \GP"P*6x#p {c~ކ@9?$u;y@^| 4tsH^ZslC2Lta #["2rg uabK{ ϖ?AA`hޘ?BoL`#,5 }Ee+T~t;Qk<]nDQ h=\o?j98U%;w ҍE:_D9sυB/Jm } ތjؾ _ Zv0so卺wo2C?\!c$P|D $b 2!$ ^-zn?$dE5oiJϣLt{QEWr-y[Lz8_ \RWUTdi-Z*J_"%t/Y >Y_پ~ڿj=Y} Q*L_եx=,v.BP ׫w/zg-jÈVG'sg3 YFV}T<… $^"E#PKC vs{^Z&JrqW+\Q.:1ꣃ@uA'+R'@í$x^b NTbPP{ tWI A&k@'O]1%l͝Ty(:%0[^5 _W@/bM [8WE Q%+cY(^E կʠ]U`zw"MOɂp+=(=C"kıC)d$YE=x8Ϫ> gArsH$aԪ:@5sӾVe$XnO !1?= ,IENDB`iptraf-3.0.0/Documentation/iptraf-iptmsort.png0100644000076400000000000002667107470161111020345 0ustar rikerrootPNG  IHDR@P!gAMA afPLTEMMMYYYAÂ000 ammmeee0eeeee0ee0e$ A6bKGDH pHYs  ~tIMEjv IDATxۖ*ESCw%IFrl@2 ݏ\KpVt.Z1!5. dVwt*/֔Ds˵j._}^I4kr֦2r]zAAQbTI52NPrb*d(db{,A4##>NZ=? KUH?$|rQd1I2isr e v=f6sd@pO A,N ͓JL/(ȏ`YJn/[1GJ/kTGfk>K*#`x :3N"`}uW,'doagQ!(t}?]No ?_&`oeE"s A%NGAJICPvٯVVYE0 i, .悑GUMxNHUW7#)Xyoܑ|Y?jy{t!bw+HI>VgPӖfs}~o^I#Rb9e#H'\fwx ;t cE7:fIgܺ/1k7%#*h`?Gi!H A'*'ߡ C0Lz $l`i" k  ;9W |\:UvR]vZ A[_+^XEWN }3sr< OĊL}1+Gi%W 8?(ILSiQՇfjS/8j ?F=s`oQAp` ^j.?m Z`sEEmXYaeE6>`,C:4 7i&r,y׭x}`y~N6sƖb@tҩ&*\A:AnluI \\b9e#/IEbU낚_W6OZKË2FR\R#$ HWӿ -񭉭3 #;vek~i;Q3h#d'Êt91ĈH=["8vn!/H6>@ܬcă׃4T/Ж2=j߸OޫzG<_j`eqd~wilJ{2pұ #S!y"&7ݻ{A 80.5:$ A Q&e_Lh?|%T\j.Fʿ#&K2( cG;uUIҌy˃?Xb9.#Xb5e_X c4<_VӡSfUyEζVW,odiŘȏpuG\SF$F{Bbti&P+:#ߊGp~IK6BvP.ѽ䟴D72dVk6^5aVz%) J>>Cѭ!XE*f 1r\8%9sE,h&l4_8~` љ{A5LorWzg-p|Ɯ42Z\w/\CBzA 803SkTiCP#~ ]$ɫP74aAb*kie~"mɚpP—s`0pa(㽫`-Mw)'S (b9.#Xb9}AbFyӯ4x~À`@Wc\;ې8'dQWCN`iqd cb6J`q~_"_E4yI_FTeSPh<:>m^EjQf\05$;` ؋|NO!l ~Ut(D_)LOuAr]t],GuA}A2nk2iSem!~ p}[Y^aw_U [aޞXӆ鵩CSo8v}A[W#yk};B7d ./ܘ <ܶt}7gR/?/}An[w* '_01PS 2q%y0/ʬ Jma>qd}yr=Yѥr2?1uAr]t],Gp类U s{HWmZt!'8ۤV.erx[EM~l|պ*,KIv!O{tiV]vt<%>$p*|V]#MLiƻ^ng#|'L#M}WЪ~AԪ ԥ1x(emxQ@L(r=ǹ]#x7 M:Mq!RV aGGj1 ?b>98]fp!vn"| }Dc~ǙEGPQ3##vAEߎ  ,Mi4M%%X?(wI J2}A.ٛa_t?C(}AܦNԹ !eP\͔<_5d؂J}K ΂1=$הyfDQpQ6k' IVFjCJGlLgo6|4L'q>Any8! j~A Gk#rUpQ Β]Ԯa 5 5f0x"80oDP>B $u|UĮj*N *jkͧU]Svۯ< h$MŰ'Кh\"~n ٓCOĄA%^ {Vx ^κY6nmxAPpQ[0'uGt )8(G\GGPǔ)95ay'}MpQ aULrU|SGaLb6L_YZH<]"G% q#/"X\!iA~L7ߧ"KZAlNt*Pa`Q.W>ϿHp\6wK|Nu{,}B|'u+X31izs$<ήxACDP텊c6:K:Aܵ T1_?^OOAmC0PrӔ{BL޴ 9"V__Ooxw(!8-N#팚₂ǟK0}yuH h @8Oy!*u_1As(ց^ >8=dDD /oA 8˛(x82ҷ"HX bK]T%uu!FdM I& `si:Zb{Ԯ3{W,6,MS]C !M\pE#x&'o G\3V]c jÖU Gd&fk}=з%Dw+^ks͇m=z璣SfE# 0{z#w 9'u՜">jA{.QEPI"sI[4t*/bf ]hy{ߢ$duF޿1,-ɃlQ=JG߫W}vYצV]EB tp^+5E7i;x${F5z>A1LcDki/|\FT!O\PsA- Ks,U/V1EN09yxSba9MOpaElٜN<Óx"61T2_{A׀AU{mo_ M ~ b{]Aԫ>Zv@r Lݰy4tlm6Pd] *!Xm*@M|,*tfkه D-۹`Jy$cTb4Y)f:*VڹWk<3/XI{cL H!Q#h&W~8wٟDAGW0VPo XFbB8'8(VEvOgIKzhjv.z[U1WW#RWU4te\BLEPj/Gs=mu -oYt@péyb4M}W y\S'cqyb~ U"1 ح䇔ꦾTpȅ k$GRЫjU#JZ9n껪U"(O\vuuSUܹf]wUAr]\6Փk!U{B.zbQg0 2U$qRjf,De 4QzA*] zOUZ뚼叁p#Jez!H(/HH!hTHoן嗴EJYwQGtJ:=2*Um/]2i GԃJr[ꇘP5dס2zm}CP*AheM(AYy76  -_0‘ \zFBTѭ$ۺ;I{'RX,rˤ/ PݔrkCz/ //<ɘ]v}}-mm{*X 99NeU0?ĝm5_?x]rLh0'X՗l# ߬M_Wnҷ~Úk|b)\'t],ߟiJuUZ|dԔbp$"f)ec(юj: er%jz=VzD`B/f yx0ˑh7ŮK9Hv+0sՕu/}A TwD5z?ݼ.DPĝ]ԗq],GuAźn%_DXY5Pf`-}K׉_ Z1]!~{T-SZc@]jc//h$5TC\mw,<FS" IDATQ*KIgL)Y+Mҿ: q$qK7=]'DC~{Sa/H"Hy1jOCD)OկnmV !+ S~fXp(ѨM#gHD-ǪIZs 0]Џ7+YPv j*W `pXEPQ V$.=T8G"#(}A^_#,/xٴUl`Ti _2$oB%P/s4dzYtPz}،>)SؖsJb_i2֕[~Cw@ j rs[~HSu+.ViJ,M~m>uiN'z[%toJq7C <r\s}Agt],Gu|SY#,/OHE2E._)C QXY_u]LZMoεXBe䆝Xu^ZU݂NN_Pōή@V? Avo!xuJ[B"ʷAi3@Y:”'ջ}*%΄UUb vԉ5 w䗝;J##SAP2~u~J})G ذ!#,Ո)d+ԫ!XÏ DPkR?ԧ# A Q\> DW9MHy|+~&VX~GQx N ^НR)3f:7BP_!L)\'t],  ǝZ~́zޝ:@ɏdd6@fX<><[!wA/>Caj">-gd)f7!''#WP8T;BnsFD7Hdszz$^: x/`!M7&O䃢UG0!w"8Z>W2Vȣ?0};t\ح@KRDVdG"H;`#dA"w Te5f>]JA0F2"Fp2;LĜѰخ#wr]֍t}!xԪK+[#x/ҠV?OhЊCtǩCwrY,n,%}>וOns=.y3b=SLInr+uDO k`\gZ (AB+,P {l6/e:aW_,_7 'xcԐ2zx~B3{p؆rx Acd(~ ׋bJ<#Hښ\! 9}d[ZrUĊ#Ek"UTj9ɴ1#mEកsA *?C&٦ h~Vj` #H,AQoK+_`\UΑ Zd nU$Z L#x*u.hUYATru#^r("h=sA YXhR2r*L3OO2_ q+ysGP\Q  Z)`Εi=ZԢ_ )ER[/W")sUr] pII p*4#-·|JcOW%j+XV}dlv w`ůjUp:rځY6#V#ߒx赟Z&!zwz^Z__@%*ٸGwW2 L~ BiOT{sNK?-} 9N:Ddi -Z Jr)g =|iÚx'W'$Ưx=Z\H}4\=tͪɠDk٬Z9M(3'^ j*[Q}l utC{ aZ>4ЪYn}SysASh(rag˯N>L:QGf c$#,KA1%iijzA2 X)E)vF]Y,Ja d뱂FPsTs%87<A1"t!X`_Fh#hC{XnxS`UieL!QO̕CۑtӦ"׵tZz2[.yT*1Q(񤇽 Nd`abDg4p~ρz]|J^El/7]~Suc`5ic$nIu5UԼ-ɋ[ozeJE]c{PO/u&vDwPr2P/G݋ήq8U<hѾ6֌Ub*fz IݯF1? q&t6M/?+1?;{}vFݺޭ:n7V0p-,j Fdc~X ̶,yq* XFRq& b`5 k@ofXOIcDvZ*m@WGz3Нy;a`u Lu:khs:]RǙ̕;m~Q|%כQq;K t/yojVrJ, ~,zP9 (v~:".` Ă B,` Ă B,` Ă B,` Ă B,` Ă B,` Ă B,` Ă B,` Ă B,` Ă B,` Ă B,` Ă B,` Ă B,` Ă B,` Ă B,` Ă B,` Ă B,` Ă B,` Ă B,` Ă B,` Ă B,d o͡,{9TziU{w8CUYn/q_Vq*˓5/t @"*C?reg^=m9B ܊WQ_@wEqT~Iɶ\ig_06?7V/ұvDy59)@xNǟ 0b@! X0b@! X0b@! X0b@! X0b@Wr858ywΠǝ5E{͚ߞ(o|YoZo m[~Ж5lۖ;e qCwCװ=M~O 5OGrЇ\n4'TK]{@sl!Afa`0bjeh*:݊(՚UkgsLmD.6eT*="J:LbU:? 7u)M- l 2pF të~5/*n2P}&,/oKm?n2P6i~U?cڰO?gw]ᔗu"x}Ns7Jmh@_:[w-7z/k`3lO^8wM`SV`Gnѓ ?=Ѱ[~Ἑr` ĂˋYi=sk7E e.N['o i#1gg29bG2d@]$l9 g19+?KDu ,Od98Xt>ҵXtwM6)H z{R3P%8kz@-x*c 41f.ٺd` tjCuOe:ow0s +EQfcU(ۙpSzQY{Y˭յTw*oVe ە'ߓ%$of|yx3@! X0b@! X0b@! X0b@! X0byQ>4/Qc`? i^ASkKntWL6Ujݪ_ChYtc3n4;J7;bF9N}E|?ƴ De[ [V֔zn՗qbmiF4pωG(r,"e/ ޲qNSdm/W/˹7Oל8o_~~~ev \W:5L'ec Slqضޗ8_u}ojݴ:kvwW0G1]i!Y-b4}f}GUCU0ZMDybY(-PB;Th}ǡ7p1ς=Ö}mρ戭 ,h l:d\Dz*_(*9Az"S7# Ժ7"K9i<'L s/2*c뵙Tw"SOuU_exYx{f][3@w6(Дz~ XN[Ý`-ҼD6` Ă B,` ĂySx;0Xq^m@! X0b@! X0byQ]#Q7w0ɹUK_v7;نׄFajyQ/\4f:WsUY;/.%4_q^owwcOLpw4_Շi=%kJ^V+}ZoNKV.`M̥ ҿYsZ1i~`10:(bu%_X_Bʶ7@ѽIrIE.ks^1`^7lRLrl2*&,XwXgTߔ 4X:e;UQ=)1py;(މ k_GVƬ´Mi1܈k2p= alc`IyoN`9R0'L{ubF-UIgs\gJ& d`o|yo޻OE <&8w+ojs `s7}80b@! X0b@! X^@xO^@xcUe@ˡ,{9Ta/` PU ʂCUY0r*  B,` Ă B,` Ă B,` Ă B,` Ă B,` Ă B,` Ă B,` Ă B,` Ă B,` Ă B,` Ă B,` Ă B,` Ă B,` Ă B,` Ă B,` Ă B,` Ă B,` Ă B,@a` Ă B,` Ă B,d;0)v(2]\s`M6(n*6R~K!&媟H;aMi/? :DXo8Υ[]N5bV^9>BQJfIg&4ad;?T! X57[]m;~#a|+KPV~Dn~ٚTm Qf4vbnXԜa7 v "mhc m[Hbv׋OIn<| ${ T[o1n>S97޵e^wq4;mUxjrZ5Z:@@on+rT;9:t= o>ZOן'g{Tr^<9ɪ(fӽ*Z{8U0Ds +jRXq[ lίs>ަc`\@bk7hK 6zC2o迿*O/KV95huT66S.[[5="\tIL$d;^=,g!jyMH#l\⭇,_2ߤtw5-KUpG~T#*7~kgp\t6pLfl7b?}FV ǽIENDB`iptraf-3.0.0/Documentation/iptraf-mmenu.png0100644000076400000000000000752507470161111017602 0ustar rikerrootPNG  IHDR3a"ۑgAMA aPLTEYYYAAA0004aYߪ}}}}}}}}}}}}}}}}}aaa}}}}}Y}}}<}]}}A<<AAMMMvvbKGDH pHYs  ~tIME" 2 IDATx AJ{I$ďI0Iw `Cp2f$$b94&\;s4_fיJ™3aw9Uݤ_ vkř3c&2F87M87xvYpܜ@,8Yp dȂ3g @,8Yp dȂ3g @,8Yp dȂ3g @,8Yp dȂ3g @,8Yp dȂ3g @,8Yp dȂ3g @,8Yp dȂ3g KΜpEg싾 t}鎳/.8g_]p;ξLw}wޙgZ9sL333]3tt4#8!pfx0>>y8#r,:F.he8 G}98iFpCp+p3ѐhlH^4#+soiᓜ`#Τ3u ԁD=lRk)m n#LgA^hsUggXj0θI82,bOb$Yp3ZTM\;,rkgf%ŷ gMΜl0dvsά&s4 WyjS3l83@5oS8g3N^g3U:9Yӫ]R&NkN&sۛY",Zgޏwghg@.Sfg:gg ]l?y8ӌOuY.[4,YMDPն,\aG)AtlZiXџѭK]vF,r&_ռ(,z;OT0e<> Z4j;j}fg52q(M.nw71|pf36w?g.ZBYt9>ΘR6cSXؾ3>9H4klIU4gWkJ56=MA/z r\oo1&n@g~~v&p3wA%?ecu1}2FN V:7B 6K3S8S,#Q6>[Ѵ6'NL%a:O9I5s5] 6Tţ~%X+@J=NVDuUxi  g淂9#u3~kXs;#3)@8Ȗ35@83Y568DgřNG/t|<U9uFoEǴ ȰџQr&jglΘVe?3\oÌ9GT?%;..4)DHZaRJYHo<;{@i?A/IENDB`iptraf-3.0.0/Documentation/iptraf-othipfltdefine.png0100644000076400000000000001201607470161111021454 0ustar rikerrootPNG  IHDR2btgAMA aPLTE4aYYYAAA000Yߪ}}}}}}}}}}}}}}}}}aaa}}}}}Y}}}}}AAA<]0008Q}ۚ00㺾Ϛ0<<AMMMVbKGDH pHYs  ~tIME,ޑ܆vIDATxk*F3QL֒Ot'UEV|ɷ=Vy*WvbN2w"|rDE|7o(%eg)(P˔u Pl(7}>2_Jep( aK   N~y'P82 N pe(@'P82 N pe(@'P82 N pe(@'P82 N pe(@'P82 N pe(@'P82 N pe(@'P82 N pe( L?"ޅލލލލލލލ|Pf#tΟ eʌeʌeʌeR|s׼wle*F|v'S{wauL L+3OSqT&cZ\ґѧȽ8v\0(PqA@LKi7kV?xq̀s[i*cuZvW8B e.7tsZNfmBcgǼ3[v^d!4rH3Jyf%*FfZL}qeb&G8#"!F8wˤ=b4M_~1}ŜߦA4WLAʮ*SQ9r~i(cD*LX ;ƚ;}m0%d2941kdCᩌ\ 8)#{@wݯ7#ʨQШTF(Qcµٝ%'Ɵ en"@99ՔԨ51=sʰ{噂ٛWL,퐯RRY;o*#zҪQCCꦑ`ݗ(sɌe~iAe2s?BCg{} +(:I"ޭ =+Ϟ{[J1upoPfOUz,2qefi*A 6w`+ssן+<=*+{\Km )(N\*LEƒeʨ8bWV_L(Ck2t%e]e*ӜsŸ)WQP& e^uŻ}d1tj/ȷMgL_WWӋM]uʰĔ[MP3~eı1_?}ӡv*fRſbHfќt-p23g8 |u#hO\A\4D5䤙$eGICLi+{t 2;=ʜ+QP2P(e\P2P(e\P2P(e\P22ote T'P?(sZ}2g*O@w*SYR>bԹ2,e PXe[|̪3s-e%#VLk)3^.|2jIVb^22:>rAe2f:>r-e%A|ʕyW7GO@/b^2+8Mʬp ʬp ʬp gxeg_>)dteލލލލލލʀ2 N pe(@'P82 N pe(@'P82 N pe(@'P82 N pe(@'P82 N pe(@'P82 N@$Ô'9m"oF$"C喝(ft;]δҖn?ssSyWFgFOP(Zd0ê(cv9Ôy 2H`*#vx{ڲzke|l'V8xCكo|>K'"P+1KJ̼Of`;c+mytbemQщhfn[ʤɾg?+֒[LQFF(&dCWhYV (gkU[yGf!eQV~3Ze)PJS4Oُ"kK(#hBY(sdtO'A}dTQT)c~^*J> D%"W}5|ʘX>=3!OT6cSܙTz(SK0dkEZRόw2Vd*ebTЃ eEe)CMDar( ה7'&VetŊoV8a$Vb;S/M$eXđ:!aEK/MSꪈ5Ny}a =2w;?X $Q{R3f9\㊉EWtɄN1^RuɛxJgC2'P8YV5+po,X^(uP/RiE}LgW߱M<}9 _5j5atEtm$ eܹ8YZ7#O,eTW&؊bw-jde&KV=22i(g23Rrf;V]ME㪎O;:RYL.SF$NYc<e 2ր\Fph eYVf\Ђ_DҾRzh|xPK$kUQ&Aє\je+7( ̑Nn8f ]IENDB`iptraf-3.0.0/Documentation/iptraf-othipfltdlg.png0100644000076400000000000001772407533152070021007 0ustar rikerrootPNG  IHDR2`.obKGD pHYs  ~tIME . ,aIDATx_n*aQ5BGQAE[gGSTC?KX_/Jıc29}~e࿾?.IW THaC(%uP|/֬I;sx$h1{ʯCDf%u:Gt*-Ò~U\[J:,qIT:2w}ܙ㴣FH? @wx[;W^^y` a `a `a `a `a `a `a `a `a `a `a `a `a `a `a `a `a `a `a `a `a `a `a `a `a `a `wՅh `a6ރC\n[kibWK;73-cXdF#phkh8zڭ6-MbtəYX~W&n+}h٤{B֫I|oι7,,&5mUF:xUK돿~Kz .DGqoH,y.MSLƥ暰:,!τrz۞Ɔ4MI2MeQaJp[[0w 4tI~1гlGܯ]֬~!*0usm lFGL)Y=fҰ!.LG7,-%_j[M KQiH*Ią쵽|82p>ԘӨӟfѣ›ނ 'kxzO I6c  p!]^SzO TUX9T,,DNn.pOT4Ϡ|ܣCxMXͅwqI$>"ekbVח간5L| y'ތF1/̈́g$,Voe=##, !, !, !, !, !, !, !, !, !, !, !, W -^Uc0z~sy-闚_Rzo[o(.)~Cyrq!ik˯]v̝ׯ#2ZїI_ӵ o&|m~k”x[&q0jdMX3lTV GT aFKS,2W ]*[ `aaI3_'UUzg+`W.*2]..$Mk\$^g?Zf&Q}qsiqw>*LM9MK2:Dæ-LI!M,,:NTBQ즑iX!o&jϿ zd ޝSg a ¹<%~>-|EuV=>i>/?#vMwQo'WFމ?F3b%xi&<#a Rx-,V6Fa `a `a `a `a `a `a `a `a `a `a `a `a `a `a `a `a `a `a `a `a `a `a `a `a `a ` xH Vb$>h FKCFK/?ՐKۆ49eDl$B$ת-ۣe‹ Owj\"vߗmȾ;> €z_3$^nGaӜUPqs_t](֗GU{q1Enct~(C kT] ε%'q]D vS,|4Ecl}v~!bA~;3teXWbmuGy53zVu+Mm}?Md򡨂e8&_複 K[ΨBڌ?֔hnw&^@wy`cf B3[l7cK[_#أ5FKO< D{X _I;ݰ9 wA%M5N=GvC5b02ZҼ<Կ5z[{srH,JR B?Ͻ\ӌ` ~{=hiJ}-JGiF-L"6Wi}}THzq1'ʦvKe>p[&ҵ)45kuZ&F%p@AVrbg59WO |Uy_=^XOy 07?~.5h W=1FC`l .x@|M)gӿI#6 W:FR42ޜt 10n{/¼ī ϽB4dpmx;B[lՓx+oֿAU//$s7]>n:,l\{<g?ݳB?pnZExVO$Uxw'[`'׾0{Yi~Qzní{[@˽%M5o|/exF+6B=9Uo| .ڦ=މ$ XXզY\l?%FK*L@?M0Iͅ!&] z\]- &@򟿎x`x SyLPkې"L6J0]XrAX5ihU҈rԗDr.0tb_% هĤtH&1 ҭfz6ُ1j& `[4fR海|\t_Un4k:}&r%[>ǯqĽ[unW\^x\I<,2c70ZaprfEjuwh `a `a `a `a `a `a `a `a `a `a `a `a `oǖB^)&B6Z|}/u%R +SvhrUVrn7$(|;%:?=cd8e)m|Ul۶,,U<>˕;D2Յ:g 4{I<k>4J *k>{:h̚jZ].Y] a)wˣ8_x63:Ǵx[yyM=73W]nm|T@B'jK7_T.wOkbuZ*4\h'ƔI4]=)nPϸ*5MZ20¦ X3Igxxff\o*\y+ݺMӐ}^3Ip[c->fLTu4͓{k[t)|g% ]h\I1* mB:7/†Ǖx~ @ |KN%!%!%!%!%!%![ޯ(ι8,BXBXBXBX9g h v1~izϏ/}|ӱ~qgrJTn_y|K\^lʣkXDMs It"OmIJrٰ*˝,wGo'=k\&80|Wv='H,^`>[iK,{éh)G3u+"ZYWX45է_Xg7{Erv⎟鷍(sOsoU\4'Iْs iV^\d湅z U)f׸RXյ& _!Lyj5ŅBIn͞Y$}}RZ̈́<2mMVzvi'B)i!w\miaz]uUW4Y4Q׃bVC}L3w1$ጌ[_sE5D穽,Z&z(Y.8}`/՟m74g,kOvH֬KUOS4_hPѲ4:odiŃZ8`seYOsN[/}b;ؼ4=#B_P=ZnMdE׬%fT]?-YSRCt!2^NH6o‹ĚҼ&p=i-msߜsuu1vDΎGs27xy}x74 FK[憥IO&):'wm?#IUi-EҥSn8JD<{: 6Y~+Q(ŵޤw` 8"L =n15`ZJ_=[W->Q~taŸ.Dr _"MwqéUΚMTbF&'u{$|y.6.D䨙M{ǂr҉wkm?u+y0 Wo%3IddPہ ˅XaۘZ$;}HNh __Qei/tCE!qx\</$Åb.i/Cn!\ =ZߣQ%)EYor*ibܪZ*~i9{jI<7>}=ဣԎʙk!}΂w3StꞶ2:46ɚ{'S|˜SN-k6Zk!Gc#kd;WNnm9gFe] ұ}?Mf{i ]l>Ԑ*'R:\vOhv*Pp7yJ ce{٧?7Ӆ4<_N+$̨UuQa3ΝJ-99wvmɅ=R>P8ۺ6FRoι?~)Æ<;IfK$|2gW4hRIENDB`iptraf-3.0.0/Documentation/iptraf-othipfltselect.png0100644000076400000000000001066407470161111021510 0ustar rikerrootPNG  IHDR1a gAMA aPLTE4aYYYAAA000Yߪ}}}}}}}}}}}}}}}}}aaa}}}}}Y}}}}}AAA<]0008Q}ۚ00㺾Ϛ0<<AMMMVbKGDH pHYs  ~tIME6v?IDATxarF 6*fV#z76 Av ;041CBS>;[c>l4;2n 7;Ƭ{ӺEa۳oC>NG"$ܪט #/Ƽ=nj?;qv% nW_ @c@v` h` h` h` h` h` h` h` h` h` h` h` h` h` h` h` h` h` h` h` h` h` h` h` h` h` h` h` h` h` h` h` h` h` h` h` h` h` h` h` h` h` h` h` h` h` h` h` h` h` h` h` h` h` h` h_H3f^+ۗMcȭ5&.-rL-LاzZpQO-c6Fi007//p!7o1 141 }cj솼zzN0f^7eU975%Z]0Mmz,}ʇ2CٺVjƬY_&wdZם/^z0Pε+iTҼą6¦t+kwpR1I=sz&Ol[n{w2>?7q8j%chϘ%j͋{]+dcvKMbM.W b\{DRYX:7m%{JS3v;i9Z:g2 n}5|sJc#s[ Oف3|x]LJ-shpfϽ+;ZFTbcbK35lyTZt-]cƘ'?LK^?G}u6f)SbE${~5 vMᙙ/w[nvewXj\ݘJ טgkcPI1>I$ة4$OgLHAcDcl]qcdk{2K]AW]Ӯ=%o(M֡sؘ%f2"5bCk7kϧisژZ &OJv{m'IZaBoz/|cH; oǛg]dK[+h;z׻6,4# =c&LFXm4Wo٥c&JyE_U&.scOɟ| O]bL[n]̅t]pǍ0njy]Ɇ[XM4&11ؕ^cvc|=3(1FyȞ\McmkټLɸ>+ 5J\.?O7 '1QVvOZcn~Qy*|>Wkܚ#]1us4`d_bL 1Ƙ2uKFfXa'{]r_Tecom|1G̘W i4$R&|{ƬR|rixŘ?L+n?+k}1 ƀva<'L5fGUڣ<+i=^~<c'T]Q5cLlKs-miv?ַsmfLxM!3ƝP'b3 cl9=UycF3ʵcw{Tͬi0elT,|Cwsr~1`hKd&$7s1k~͟1k\ÎgkF7_ٌ}{kky&ѦI'/^INNST^c]XӢxSX]L|͟I11cb>"ɹسq`LzC9U^p91\nMظK$$Ƥ[q[jJF!=71jƠw֘[@r1&hϘ޷ Giퟸ ͵/kL4njIJ\_XYlwzwW2=1&1Mssy%sLr"^c殜lL|tjå^>ܴ,Ƿiw`KЭ|V2C1)2bϜMg8c/c8𥞝9,Qa0~]cz Z~ @ˏ;;]1 tfy6}KƴO1f3ObL׾l226Yu[[7n0_F?ަr5d:ֈ$_21F9fLVwk= ל1>t3cF;|麝T/5xYǸm8su׸HW﹟vN8qmhr]=|=mkgo.n6my~DŽU_RR┣,ۙ6Mj{s|ڌJcn;5=cw/MYoSdYi͞y^_~u>g ^(}i?ge51c( 5dfe eڻm&89/Ou׻^kKb;K$h` h` h` h` h` h` h` h` h` h` h` h` h` h_H1cߚjg|7Z\l!+Ӌտ)Fr IUUqۦW%KeZo@-=c>L\Ԟ1IyӘNZwo:d-vJDc1y_3wbl1uz0,w?^5GX˖ {IclP4 cpE16t,{ۚ:vgFShjaެÛחGLۍQ U!^dQ9\}T{$[iv;_bOmniYmV-l{$cRoq;Θˏx`a}nc{fKz4-&,nw|b0 i}clv1^hŘ8gU$Bi/5dc1> (LGJ"Y'^$Bcl>Kfi2ٕL?go3b~҄%7c.nmy <115L٘l^]=nL!h.e$̆kfsىsIgkn@ zQ gv -J._D[`S'Gc^_6@-,:IENDB`iptraf-3.0.0/Documentation/iptraf.xpm0100644000076400000000000000017507267512327016512 0ustar rikerroot/* XPM */ static char * iptraf_xpm[] = { "5 5 2 1", " c None", ". c #15FF00", " ... ", ".....", ".....", ".....", " ... "}; iptraf-3.0.0/Documentation/iptraf-pktsize.png0100644000076400000000000001632307470161111020146 0ustar rikerrootPNG  IHDR1a gAMA aPLTEYYYAAA0004aYߪ}}}}}}}}}}}}}}}}}aaa}}}}}Y}}}}}AAA<]}<<A00ee0000000e0e000000eee0e0eeeeeeeeee00ee00eeϚ0<0}0e<e}e<}<}<0<0}000<00}000e<0e}0e0<0}00<0}0Ͼ0<0}0e> ?T Zc-ZR1>XİF1I4MrbbξEq~W>I:AG*7RнWt`?x8sFg!N˼C%AE1oՊi>'s\O+'NQNsHi*F<,<>/~W~pzp2g)@jh|7K*shbY*Ab$-/ĥEuKu.Y Op\̜hI:3_v1Sq GDTR7kPR (֨` Pcuj\5IkYQDѐNDY~Y,OKbj#'g8tHֺq)ʨvSLHQ;ۂd;n,b\EbQ) X]+zRs{9Hs^Y s6("%3W@C( l&%>>>>>>>>>>>>>>>>*f?洩+es2hz~trikbUםc؊n}>FY#.xX1V |Z1bz~b]??1KlrM޳yɚzvsyӟvb#+tnJyfPȂtC>NNyldGtNM^(2.X'!|(ճCz$8؛ZY FrG-+0C_1uswV MKBwf/@GxF1x2sJ$&ٍ X]8zvsyӟvbbV*l8=Z6x}.%1NyL\Y{W+rEUל^cb7szbߋ'Ű=f#~?c2t a1ζ sw.)܊ ^Ő#Z^Kå?ٮme2~ *&L(F;b/u;K1Ks^"זAoJA- +kW-PrVb_ N^/3Ս)vN~f-wSZ^Gz#>brbd,Uѫ@1G9JJQǗ(w"?w(|(WL:~i#ޮϔ㨩밷̀h'[ݻd&,mX{GW~p.ഹA2{ݻqSLYw_g3mnnRŕӹwG;x;LCۊb߻J1LXjbw\u龒Jރ֘czUo WLOs'|({oCmd?SS<{ag%Wmtb G%|5/)ng KyUrj3-S,kJ[[J l۔bv>>{21{|)k [2;zP"C;|y϶6vbY7#3<-o_;xyT >T,S[tkӶ-KCw{?<ofgy Фbd>k|!iEV5qڞ5fvl'Ϋ| =Wwr|ZQmݰdxVA{$U4["aWmJ;iE.AuE:`.SGM9fŜC3Y߭pVKqPw*ԃu9cz*Ae;Ǥs bu_3 3Ogng3?*$bsCkオY;t+{j*n CrOMJra->0~ձx{& =@>>gi[O[+كk)<66 {RצڡHKevno"x Ώׄ˞/Sب`g9p79V<y1MN,Փ悌а{ZbʪּL1J1|7Ң$vOocȳ zۭCrۻ[9"_T̀-,ccРbxqoKVG1iaQɬpK1wJ]4.)6U]:URoo&y\(|2 A2´cx+ ;[b(bAvTn'|馵sԜ0;1 a?f WzP7/˗iX= ^ tnts3j6[n&y{³.-rubĶL>Sۏ3W]i3˽Wݴyο˽nGlr봞*bW[fGzg|vUL|;|Zt o1+F^FI *}ȗVZX{G%dׯVu[W՗J駭mVâbrOtVZV{K;*BAX=3!oYK+7s]߻Ni^tUvz>fK"%>c|uMyfg^,)!)Z5DΙ{r>mOǽk1<߻>Sf[Zλ=vtlrZ*FoF" itˋMfKub##nҖiPlD[fFpZmbŐ1W|ynU{ocަy2~)bQi}P̀oVauyP =S1e۝]C,o)fis/.dưrI13< S0Ƽ-s\/'' ceUw͝w[㭌rzmϷO@1|@17*̎Ϙr-޻VǥZ6浱N>ٴcyu:Ȓx;]Ooc`*fWo Ǩ- a؝oY/wGob޾;T62twm{w[܉LcmǼRP M*8.^{iꢒ,//{׉!ah{ݻ>'&lBΖa[Z3 sYޣ@>>]壵N2q|SWm6?i-i5+ xk #ӫe%޲_1cV:gO{ױG%~45;܆~ԳkJJ%tT嗷9=;$ϖl㦢kA1|7ior<ȇ"r/R{e}i8:g~]IkJ)bb7 H?oK7ˊuCŐP =I1_QW?taqtb\wZ*m8*Iluﺪz Դp!1H[ W9F0{׹Ń<[LAPGݻ&6u޵vXf!~~@1|@1|@1|@1|@1|@1|@1|@1|@1|@1|@1|@1|@1|@1|@1|@1c$h?ɴa+ݣ7xY!m`}L &j}z0azO>}ܠ2Mşf=Z1}iQmdutbzIWLFqN> JzX#Kd>dnKQt~P8#hYgb([XZZkyf*+(H:-#Q C^qbjbYYҙR-dUl-i퍌Q蚊my0\f(2TMg/Hw|)eYF/V RZ;xՔM< rd*!<+3s/ӹyT4]QIל.ٝB~ T[pP a*6^OΤu>r*V<_{e/+ZٱK(BΖt.xRyuѻkWp@1OEH>{*>`wuҚ|H"K5]vH%1=-Fʟ |=uŤW1Q[]1wSݏ1ӝ %>xĭ^dIENDB`iptraf-3.0.0/Documentation/Makefile0100644000076400000000000000051010274140230016106 0ustar rikerroot# # Makefile for Documentation # html: manual.sgml docbook2html manual.sgml pspdf: manual.sgml docbook2ps manual.sgml ps2pdf manual.ps manual.sgml: cat manual.template | sed -e s/@@version@@/`cat version`/ \ -e s/@@major@@/`awk -F '.' -f version.awk < version`/ \ > manual.sgml clean: rm -f *~ *.html manual.sgml iptraf-3.0.0/Documentation/iptraf-tcpudp.png0100644000076400000000000002226607470161111017757 0ustar rikerrootPNG  IHDR2btgAMA aPLTE4aYYYAAA000Yߪ}}}}}}}}}}}}}}}}}aaa}}}}}<Y]00}Ӛ000}}}}<<}AAAMMMϛdbKGDH pHYs  ~tIME8' IDATx]a* ퟻYa/w^ '! IP;VkBc㱰0‚2 J eұO2O:R"}g@eGEGe^|9׹҅I Q FOB;ik{e>i eV`ZxBKE'ւ2 J,,(aLj۠Lx<8tc+()VKPiUM-)G @Y3?c+JVZZTtmk.8K__jВN̑flI ?.}kZZUڥhA)CBQsLixU:K?VQYKтxQH!M4]v& 7nS^iu-}m)AFW(sX(erSR&` $8.t~e*]CRzV)KgQ7CKt eSF*]GZgR&5u(([R>T^-{).2ei>20F y/d猘H-pf!~]8U-]׵J*;kJt`4%-z>2UzMMD\s@ӭZ5|߯}?ݜRM7^6` F re^rj[r@: , @ 8E0FcT2ٛ`ZIDz X\K7eẺ15>){la׫,@K_ڝ lTn0rRx8xe2i4DaP#eZ%!V@q0o&}<*ad &L! [كӝ8tpQڕ% )P* !Z` Li*Q7wBfe/ l$ZJڶk, Y8ZU%Ii -E- ,,BKlH\"KrMx=oz (6~-@Ѷ%4!5d6l)Լ  ^yﵱԴ[5~Mr+SFrwڒ,=qI)#m 5GR&_?L2|Io\6bLb2Kgs{ >> l|`R"G[xh$ͩ1P˙yS I}4,^2&(Mɴg/z,V r2_q/yMV(úH429ŖlFS8xC.)/C!90 L!D!(s5e"{) (u  nr(8lή  ete>nC^]e& oMʤ< |~J7NyL? m~t^Ja*dbQ2IN>o1oax>N(<^Bٿ᧏Mk%4&({%(Q.:l\x ef9=jt0C(TZ )0RuLE2Te9)n:$1?aUCwjIF(CtZ)#R,VrriorƐvuw&Sݩ #b 񧇗Rt-Zj%XYPBA'Y!R&ͥs/cWeJXhL+Mȉ]%feۻ,Y~2`^fFntjd gO.؞7L{ITwF[ +u+)h/eeI!Al.3_٩ip"M@ػqOMrO%II2jes*er뜊61څ;PG;?9d+)2qe^&DV%'L_7ANq e@5y}1 ǜ˔+ٱ̵鯝2E (Ml8)#mJhXɮ:ԱCZ!nhLT4'c̔!題-K?ip@#4C?$8m);=Zj f,k(2 Oh)Cj%y"Y4/-ј2ݶ.0 Bd_MS)s!8N$:Fj[p&R†nhgqj|3ʄ{=bEhMoQS0ʸ髧0! _hEo);pX8ޢ+t>N#_`xE-zd|]StoD&T2"''}pȹtq<ճFLI_e ܶߐ*@ÒDz;ʰ\f$e,k.gٝrn_̘dL-@oU2$8!eTXU;3SFVT(3:j*9(#dkFL<28檴^-՝"\Θj!׬Q2ZXE%YXxBKN5ga~Ȕ%ƿ Ŝ9yv 3]lj'J7^)=aXЛnntyQ1Gɔ-Nft!$贈*s!\ԨX)wHE!`2.Sd)2;u] Fr9mQB9\$j(+߈H"0\P&`5~ lSCOĉHzʿw G ֘yGqkߤTWQfw 2P ") H~))ML@2 GMe@jL?cO]I;d˄2J9(C#n\Lc-a;Ѓ5ʸo1gRf[̔ymLk2%k/ =JIYl7qO/⌙1Qf2[l yOv BwaF.7>c#l[@UK2Z\XE%YXxBKN>"e+],cK(e@iLcj FTj=%v*Ik"9:3Z`42 !#e`-=%C)4Źtq F`TARp"${m1/$>2>,oń\?`xVM㵻R[A4Sy eIUP|q1lH2A2)@)U6f+{H0ȁN/WPf{-upPL eb2,$@Ґ>sڼ*I#R8b/ ekdj9.#dGHvr43XX*y쀙/\g:S-pn\^PaQfA eRfyHJ}9PٓE5܌s*T˲m9W{M'~/m'0}yļq%%5"LГy%-)21H=.K^h]#0>Xt:3e\؂I7xR!1.c&S= 8ʋ~fC"8)WKs5B:G[P"e&Iqdx=&!\5w%; Bi`3og)0Bٴjl znKs)c$>nC0eK1PrVhmIMc Leيl.R2٘ʪ ޓͣb%b0fu/Ѓ2ׂL.{eh`E{0_eb̞mc?;e{#&{[|iETsz 2 J((2˛|G3l22e qM9Oܰ|O0bw:8ʖIV;H>2 J((2ˏ|<#UWrLtO [c))z5PfdDK<]LY+5Cޞ2GJA3VvѬ1u/KedبaB]>2ozlTd+]4Y+GJd.2eJ1Zl e$eɅ'ePPfa -ex4GLJ6=f׼Rj5BZ'E`@h2e<)ovmgR挕lXqbr-:Jnq.>st$DrhiFb$9[(#dU%u#`2S&Mrg[9ՖEqrZ\h20hkzIуl{*N}2]Ȕid?<+{޻4T(#Ad3 bQfA eRf!Rl[a}7FRd˨}1-pD̠A{D^qoe&{jQe2&cgSc@juk7q*/ j(#';7e"2cA^ǿCA1R&>'c\LK#zB2a-Q?D!dLȾe-N-A- ak2o67*p-^-<ca,,(Z,O)^ɞ)BRΰwm1Z|=\+`m hhʌ_~s[t/d ZA fpvy-Iؘ@[)Ջkq^fL͖)C)-XNkq\Q Cl2xP\2OiP9-7Sd7)%9+圤fK2IL1jҙ? db}ly%}w0bzq[k@jMbSyhykskq e. L 7@A'ePfZYTh0-]& #dʄOsw:et \I(.P&OS< >\&~K?vsO7ФP¢Lu ҩ8 ɡAyd|~Hܵ:q#ԤKϔ^\l_)U:̣򹍭e۾(FR7~72)~H(S-(sS{~ʘPR~WACs)؎&҆u%fli.XL}<~SĥԡOeKS ^씡 )72[{GE.vә=Kh-&}n|)R[:7gL AdIDATorۡFڰ2ݒ"Z:SB` vGRmմDJk<ȘNymI=eBv{z'6*yH{Z~h ~ގ22c(nCp\[5$j~˟)J2bJ360MObrKxTT3}?q1d 4*-:i1qJ3*TeQ5"SS2G+76Y2),NN#r7Afo#mѥ%콷RJ}Eee0k)C[Ԕ#+gأ)cp_A@ &L_?{ "{1}ЦLǯƜ>5S:t#=Qz ?x𬒞ϘgPm4)?ϫu?`rv0G~ae [Dg}&erH}7{F)1;=DXx9ytPRK(e"eW^ wzJ \ؤ L}Wd2boA %>ade@P$hۥ޿]J@ rINj2m4)9J2)2 (s`TsX(S =^Y'R^2ϦLiQHzHύPF,%258"e\ RdDq>G2%3蘇 cUl7(&ˊ$k,'Q^z/% :gEIENDB`iptraf-3.0.0/Documentation/version.awk0100644000076400000000000000002307233453374016657 0ustar rikerroot{print $1 "." $2} iptraf-3.0.0/Documentation/version0100644000076400000000000000000607602464273016077 0ustar rikerroot3.0.0 iptraf-3.0.0/Documentation/iptraf-tcpflt-dlg2.png0100644000076400000000000001511007523663270020604 0ustar rikerrootPNG  IHDR2`.obKGD pHYs  ~tIME$9IDATxm<PrE$[-L+E5xl%YQ3 1sE4cl\04 ×/? y\ۯ_?%j?HgÆ_n}~ äJ4[cANAoL~MUeT)~OIXK]jOsnؕV?fR2$S\y^u=͹Z7Y |9"ԥFcZzK?kU@&2"W{ox6#vtUq?ϔA<:sEL;߻|0sj+k_h.ؼOwyWB[bYkҲ>Q=Mn!{tS֒ZwO0|~3MBooDX a @%DX a @%DX a @%DX a @>@{o^!v聾kW)֐9[,Z[~ݖ察fJK5؅MN76և|/ɶirěFI菾`b/k*s8Z߶>̥0WU6 ^w=J9?~.k*mDYC\eҴ;qJAׯ9Mmڭ)9M|UՏ=u嫭=̖r<:oL;bUV8\VQ|ύ]\s_>Xx ?K=[ږH$ꄵ:,oo6hs"U:[SY'P$ XBܴGvLl:8G8al|1۶fc=;>)vBt>ʱ3V-Ǭw}UYj7ʤ qkb:j&^2VlO@kɻ^\XOXBWt\e"WM͍+Cцb>g0TO3U?-īh(uTdk5<|܎g Wr/ܗ?|ye-mO |hz~{[n͠־xރqMa*{}'戽֪>bMnʠB_>U_ |w <-@ K",@ K",@ K", }86^[Y:y%Y[*r#^{+hܶkr ?~Je;察S_2: y-mJ4_Ǟxܙx;7}AeR}.Y-YsڦOGa^uHzBif5Ms&IǤͻtÕWN)m-9X앁474:i>[z%;z,IMsc"sҊHeaii I(J͗Sv]L巄Sܓ$]NMpT0zr\k0NO,8nN+(YybW?:^ krW|Ptl})|& _>4 =m K0,}YkrC.| a3"NFUa7Ѫ!lt&IX a @%DX a @%DX a @%7i-E7-/ _ym9&Ճxӈ"-^M.㯪 uM` 0(ӣ#5.NO:^<^Q>S;$N?~Η1LLauX;Fs1 Ģ)Go<]"V18P> K84Ny.;3}v" v0q74׍O4Ȥ!ɼjO4<ZBxFBI-г% l:5mDX a @%DX a @%DX a @%7Qm:4l[v=5o][[J 9ߘ޲%19mc!iozl`ңim릹og.)z!9 Hnm:{@p;Lyxܕ]q$r۞ԏ \,|.y鑫sg&^\ n~H36,F.g K-]OSOi<:Nk3,&sKs~c'`G'xJ7 Kboi/awLCqJiMU.8kȶ>4y,qy}aeɎ+_zW}y)i?0mއn-ӌJ-N,<&N<`ۛFD }o {[ ,a @%DX a @%DX a @%DX 48o 8gv^b]XJt[΁tSӋiyEooV+.9hIvǾmOluoi,SZjݣ}磐Ɵ5!QqygoY{H w0i̟6ʏi~lٶunvG٬XZ:XPuԣxŽ08~PFbKXګ==v<ͤeȴ֞qmn[?pC yYm:{6hn uv9 ҆K_ֲx.in#2mY;6N;6}@ZA4W95.Ң,n,|?~P~ryM4X# ?=ONyؐ2m`j.7塳z/ȮM.nRROO{%5+씇>9r|Iaez"GT >+sZtn>d^_g r|MxA۾vO,|U+:g龕ĤmC/K<-|K",@ K",@ K",@ K",Ⱥ-}^G=ߋZŗ=7PQqK^'zqZPh/G 7Nio~ :ı.,^p%?=M LD?>_pa ^`R_{1I0赌xcx7Ɇ=nuGk)Hyl*;H4vKs#';i/<m4yGޓ3Щ؆慜~s4wCгp(9Ϲd[BuȪ9.~\Np);"byv7+Sƴ:bΗ*^xuk囟3/-mg/zw@;w =OsoT~k=|hm g7-O8ǁ3ven܈wiƼ-#&@!4;rӀjB6l7tJN˘|*kl))q郐uIdyqڳY9 H:^-ҹy~n0\0:cz~{{ݏ5t"a @%DX a @%ɾ\0 iX\ K",@ |!kx=ozK",@ K",@ K",@ K",@ K",@ K",@ K",@ Kc_ %'U= 5"9#? KVeisb<-?:tc6WX1$cK JraiX5x¦g7=Yyޝf bg6=6=bnuR{iMM|; j9-CcA$+ӂ57tfa(f+be\WUiƚ<1U/YYs mh/sn ᅹ_.mj 7̭s:^5da٨H`V~ui_l_X~!dZjH׶janϖzUiCӾ0sǕ]lpDyvK~nW(πiΝ7';jL?͹[vyi hf X|νX%οnۯmoX˰}Gy؅%hKʥ~N[<3t6Ϭ= \ӭ;`2ܥzJǝͣv|սǭ!DEm^s*{ohY0FAUK)m<{=mYjݲyK拉-5d-iV_57\>na4 Ͽ~^ w̹ټc7x;`ً/ No (ذtldOt~zO,)Ԫ4#ԥDTO, "`x46ٟܰ[w|;N Y=X8#xBaI&vFe(@b0?p(}8S9{/vD>>}14{qCnX6s*RZtuX#Ob;ү6c}>tk>n -do1=wOPong=3|a˒iՒ5a vg~%{sUcۢG Mzlɶ{)֍5-Ҫm(Ks,tU;]%w=PM9qrbc;B 'Ҭ͆%m"#8K",@ K",@ K",@ |~E#-wO16ׯV~Я_ 2=G-g7q*PyӅG_c|P):lpƔ׭o8ͺң3Ƙ^W4OԸʎcdAT}aүfX_wkNFŒ}0=Y'n+TQ Dz/!۶]ܼgGskyN~-v4WxN+U \nuX:iD҄w<ڔ)WIbIXml6:y;Ci/_~6] :CoA@ep9"IENDB`iptraf-3.0.0/Documentation/iptraf-tcpfltmenu.png0100644000076400000000000001312407470161111020632 0ustar rikerrootPNG  IHDR3b4?gAMA aPLTE4aYYYAAA000Yߪ}}}}}}}}}}}}}}}}}aaa}}}}}Y}}}}}AAA<]0008Q}ۚ00㺾Ϛ0<<AMMMVbKGDH pHYs  ~tIMEuGIDATxiv8F o&~T{0ht- d^83 sf2P)}I~ׇ?'/;!ͳY x6Mg*8xz|眪`:C8`'QgFښ/y<'Ix~1&8~g_g~pg8/px3 ^ g8/px3 ^ g8/px3 ^ g8/px3 ^ g8/px3 ^ g8/px3 ^ g8/px3 ^)&pr&pr&pr&pr&pr&pr&w,V~9],pf3\8s)f pR8sḀ3 p|3¿^z{_{F5\yz8ug|3H8nqg>2HL} dL/pf3O@ΰtyl 583 aj[g6Sr%Ǎ34X=û>6|3] ٌLul"32;ڞϤiвewb>s zקc#-qӱ$tyl%I1I>338g.y.k[ߤ$qPz\&!/uR.ҢK+vΐ\ P*gsgI̋9û άF;C3ޤU;&LvV1R?#v ܊)Kġ t3it4iD\z3סmgw3D}v <7Z@gK-oMikg猗k8p g)GcDCILr1)΁<ӣ9I8;#9}Uذv@31Bәt<LCz3zH3jOC_L 3S9Uի!W*wHO~0Owfy7}o/U35gI3zlpg6g6(pJLΰΤƳN1Y$43rN[r&Jy3zb!OY;^dPȢXim6Pga1;57!Kƈa7ZpppPSb.g'gJ02C9+q3L)qFo™#PڌFYcXy./o!?!s u)EC3q0}so/1d! KF]0gZ]BMk>Y<-Fr&%Yޅ9F^7aCax$yeΔngJ(3^gȦϜ13h[P35cgB3 n`&$ޫdbi=#3<Mp¦.gXMpppuM&#򽾯MR?-Xgo՛Vy3 ڙJDX|RYBM~f39^J55uY1<֙88ؙeНHZN*73΅3fje 'p&,̶LgKiӪa8l0qFg(錱%:ʥ;Öpm>(4zVE Zu+#"/gF.##"|L9#"|L9#"|L)ScaL@ v[3h{_0>퍰|iy"|L-GL@y"|L)* Z*L߂OFhp&<C y.V Z*_L .."\[N2Lݙ, 2gVgj8cPg3Dלcw3e˙h3h3h3h3has⌏oΔp4,g.ԎhadA>Xz:t2p#$zl$9^`8e*pNxw: ƵtDcD#_[03gy:e[Gc;9pv}} Gc;3=d~O!L7LݫGg~Y*p<ԣ{:O<:SX` g|3"3)pΨh4N3w/0Y3esy4)e,~FAN~ X`(itf~kУاUљ|<֠GO|3z[>U=(i8$i8aVwC<8 g(p8C3= PL{vAw\|yg g g g g gɵW/px3 ^ g8/px3 ^ g8/px3 ^ g8/px3 ^ g8/px3 ^ g8/px3b'G|%,!??HU1W!++m%hݔ46cs]>c3M1uLn2sEy8c^m;ah42$NӺvg= +$1gx֪:Rֹ A'#633V%()eGE*_Z.O/X卬RFEM1~MǗ=Gnxi4,r=agMKK&2א9#G^,A#PhTq;8_N(3_ŗU>: ByIqR9W*kfY k:ؙWp|Ό.e3gb9ŷgg狽ؙS옝L<1%J-]+:0Y.'Xܝ-u&/&ͣc]ˋ$.bCɱ#dXLUgJcSz=z3 ˙kknLi)J%_J)3t &~&n1FX.~<*jb-s4 ֍MڒI&7[EŜǦ]L;iCO{wZΌJ`cSҥ\pn1\8:pp>&[ -y/T:F}U32TcjS3LD! ԣe+\3s2KXO%+/"\gUOv9YB|4пטn b;I9ȝv$cfy /o>әPq&u7HRr&%hgQ)S?,g*HApf#5gUpfA43Dw33ƽydAY N.:#o!'xhVL^ i 3V;pʹ2$çM\oLܝM2t [CQ\kv*ED`oc=8?؅IENDB`iptraf-3.0.0/Documentation/iptraf-tcpudpsort.png0100644000076400000000000002365707470161111020674 0ustar rikerrootPNG  IHDR5b9xgAMA aPLTE4aYYYAAA000Yߪ}}}}}}}}}}}}}}}}}aaa}}}}}<Y]00}Ӛ000}}}}<<}AAAMMMϛdbKGDH pHYs  ~tIME ۣe IDATx˺,LzL;?K:UDge4r^,LMY5kR3eׇ?5eФf.BK #zX[!⏊꿃ggKAMbw5ytԬl\٩@ lVb5$ۚ^*]zIGӣ0eפfʮI͔]qC25qs!>sRh>K;W(SXj>$uM,H25rS_[BۑiR/RK]s!ԭ9ٟ&GȯWnR[)PrR^T]oRO}+J,˱Rw\UzXԠ`BǶ5C/EK=v^4c*FT.%ۚ?:?Uиx,]=eGVT*%(* m[VTV9t ,KpI_C+PԠjC[pА%Fe5R5eͱԀɧš%dh VCI{(w=3b" j`ۙ˿6 N RFbI3H,3$ 5^&2Sn!%/r5"5 #q5)[-*b255}m"|Жq*8vOK!HM4^kJ:ktAC^҆T1/2S#`~\Hv79{E^ ɧ԰r&cy(N |MWn!zK9t3`4,:894"Dc(LgԤfC5SSMuP3]xI>ӛ dKA[eGۧjmOVWK1?i}@.^\|<߱!#Rik{?F&|ucX..s>~,gm{YpXSRdX "L2myI8j"<#B~jbJ52v.g{MȔyi  uS#t79'l-zoK=ɮ=/n8AHp"Z3~%TA(b)F6pЈL"/d"%+y%4m#첆mümk-z܁*Eȋ祛0 TЂ=R0S#To^pdzj kqHoF.yrN0&"CfsECM_"]Q !}4b/# J]"RԶSR.lzB"mt&L}4FG*QSy(j.-k63 4懘HJiݗbo8z\,#o0f4G¥YB'{j) <ꦣ8陯yi-y&h1U8LSRS@ P7=Ԥ)yK 㐾{Kڐv P\Ԥυ;Waw^@xzpioQ Y3m,iTO,BxU,˩&5Sv٨<^%j x*D5jN]4Ậa PGb{~l +2"Dj)e]^ӏS*<@USљt!wdLK ^9!RpW4cBB/ U6)L ܐjO`Xc4r05{ ghPupcM{pu XrV0c^'-{ĝx>j_{$Ty( 4*zjKѮbM)hh{n55{("9P-*bllkrnmM8X J:.0Y;H{ @SfDew DMkC\}5B!njpe%Ȍְ:IztTp3?=@jaVN'5[C?'NG)z( 70|oOJKμ@ܣ}1]Ӥf.5SSuP3ǫD}~ sG?C,P[h E]y@~tj(.MPB`vvcp+ٲwm!Q1K ,Mơɾo2E 2^e5,r4\;b3$u55}򣨡]2Ì[8Q{^}M8jp 5X]r搚hW{z莠Fj5A{/5(/]8GѢ}͓aOCQkUSæ;ף-lġ 6}y Ex!6jըNhR3e'*ͬaCoIM*48t$(5xsYRԐ59 5A߉A?\|矫HM١0މ݌0`O J yqz59}ԀA3\47 CeS!FgbpCIM,+5LSx$5uMjZ &5OT0uPi¤DMm7&IGbb {OAVIMug,9ڴQJOZ YC f5x5|Ů^>΅^j2A f-$AEwfK=hăvp7%PV"Ԭ㇪8?Wy 51gR5v0x%vp\ho<(#O럯AC8,NY^/߁PS/ 5j8!LӤ0aQDI S5{D0iۜvTsvp`$GRC}Kp.=Nٱ;(lٛ4J *kZ~<5kѵ5Wz'5:r>nsNIq J\ |WzCɅ2)Q1hl>¤u(<On1T~Kɡt@g_Nk_Qj|CGRAkkaDB"`l]u85ARMWEZ+l {55f,P帇NNjvanLT2v uj{(4acyO3jRR0٨y¤_}0a*QS]ߚ&t$\#p RJkhsF+v'S' s. G5)H}Ԡ'b 87BM:]xڌǞ'Jʒx0~K/ CD&lvό_f1`fC  {)~,HVuj5԰7zlm Ԓ %݌9EKTȰ}:oȋSz*eUvh'5mkVMyeD ]}FQSxZ悶5ޟFe O76k^jWuieP5鰼{)5#Q=}_[=X,p,_EB8Y"@aR|^2uP&LjJ|,K:.hZIKcA>略ux3zZzFM;QQclkP=QiJGc Y>4^D34`,QH/C_xZTK>{ tHP05mIl[(?K7[k[to,7@X8X-Rikҟ8S|TK\Ehk?SXPO-*JCPx C]ٽ$x!v>jD7_1h,dG]C dԴ0&Zc/Bdgi|;9(Ljϻ0L=>mT 7<{~28cȧ#|7q9JԔKw|j_0sdh롪o&ywr8Licٚb\pweNH{ 5f>seb|^(npȣ`ȒSفRӴk>o|X{Y(.7<@PWP1e+55;}2_wWa>AwwQ#Sٮ 5RJ~v}j5܎%줦^ f;=ʗ}{83Y0=}Ѫ몶w,~&1 ^~ح+QY5yP8uq"j(L%S{o=|¤}뱀kvO%5*ӝyocq`lC?B~ Km5(`jxR3ZGK݈ ~.{> zjzWo_[T5ye-M GG@ d < {O(Cn8z|F<5Ԩ>oP۷f[J:dR~LzT|]>;Q{9ZMz`7HC%5|$߷vBMkŃ)=廩}`{omvY1Trnznc(<ʊ^K3̷T3MjZ n)L%S5R0cߦi;5ƳP_r9)Vm$|1k} ~5m ;WU~wЯwPS0jjWJRx255q?m=|Jw{EM Fz^^n,kA3,jFCZnjrC~+%ˍg=&)t(1܆/7LFk$50"B5d kOM[Ep6Vϲ:\e +Woߞ.L Pթ5ÆQ]#o%/?vjXm~* 7Q&C Ba׷1X3޾ʱAe-1izrG-^Pzt9 v?[{^2MwKaRô})@U{ [U|H{C< +iVÕ\LP\*ju65c|ޕXIF{m^DlƵ=5ҽy:}j 7tkJݻ{IpaR-7s@ζP9b/QC55qvMz(";uw5%jza?b fj& p>[RfS;.#]EM,|}:g}RExuHǏ{\4i)Ljϻ0L;$¤DM?fp;ҹw05Vkjkb m*a4(P_;y5֑wf&?0jn*Hun˩3Cm~ٽ^^nèYhf5i-$әwrc-'S]joAM LMk'Q~jk۩ЌưɌeXFqP9.>|JGyˍoOÜ  s7Ӥ0y3MwKwqyP!j߲y3F>oFSTO{ed:?gzS}W|us\J,EMSӳ[C S\A?֟tUx/6N,g|3<ۻJS˱B$h\/WbjRt)5>o%\٨yoN{tM|*'q>;$5kŮoQq1<>MA3Sbs?z<25a!O԰7xtKjQj,Hr,9N@;xN}j4獩iCP*X3ж|m'&fRC#FMX ]/5#}߯{w=l^<E J7FH,XyH8$/Bu 9'j3 GA5{ԘX:ܣ kRCe|족4ua i(Lj|Y'}m\ uө9}\au4w\'5y]ޕ-“뽼5{{(83:ļHmu7fnRSQ}ZzdhRu:oְCUyWh]a[3GY5wm lEuMIMKaR4}-I S{o=|¤U'@5WT彼5q72L#vv{UZkus/ R3{BVNR]zʁl׌_G2mj͙ -c}BɱU]+5Lgi 5裂?~(TyPۚMf0 ̣]<5J&r5k{\(7\WW%Jh7CC/~ 8|ކY)2kmI#tu^FE =I/QL{ʮj;4GSW?6m>o \Sp:y)ciQ8Y؎ w cy%GsLMO۸!}ٿbGvpnrKjApZ%+!/܃t@LU&d5Uw.?:f9ioNXEj:Oy85Sh$jQ㼯ѥyOq&5XuQ$hz VstOw{䃥e`/~E+nA4VԢ VZL&LͲ*[.EGO} 7=k)w;ATBJQR9LH,umEGNQmQ#d(hS ?]&RQ_ 00),J#OL(42R#f^X{Yzlb%nH}-KX b Inj.3A5N5UU<% mbjވ ;)Vl~wmY RzͨQtѴY4j15EIouf7by 6jhxEVB-+N*e3.kT>O]. ˦>2@Qs£],W2CUhqU&H uS.]NMH5fhk𦇚H^) E,iDygԄEڳR~@ՑP/55&-#)$)j+V&񏤦ЁC5hlv͂‰),I|!5_d G{n H.%}*@ X5^, 82GƧ,0=pr*@ U Ö$2(Ի!|x*%h)iAq9*Pdc{{t[vۧ&tojt,#eOJLBMjO9e{ %S( P_Q~׃l&u!ƛH6!Ւ &d$+9ppS>uEr,Pj=,ǂoJԔIt_G!IENDB`iptraf-3.0.0/Documentation/iptraf-timermenu.png0100644000076400000000000001667007603007364020476 0ustar rikerrootPNG  IHDRLgAMA aiPLTEÂYYY000ϚeÚeee0eeϚee ammmeMMMA0U󲲲UWXbKGDH pHYs  ~tIME  MIDATx흋*F1vEyW: " FFE^ C`4X?>A yx-1၂&AЈC\3G <`&h wm^"IՂr<\TA4 @A0ĭis_r4 t`0P  @A0 ?`0P  @A0(`  `0P  @A0(` .`M  ?-5$<G~ (ǭ >(8 *6Nޘlb~.$蹥@aH"nHԵoq ST6h*(OobWfH<< 6s0OL &R򵥽[(؍کPx\MBiv$솽SH<$9\ v#QS_G34'KСX^ 4ǿ@nL =(؍)tPs(8PP v \UG덝xIa/W1 _\~ȡr->rU2] w1y00eCؐ)~M"tth!_BK<03 tΨ(؁ҜN"sDشIkȔL+P_:C%BEbKaK|R!S뙐d-*קK65L|0`ַ':B] xM`K&Bhԁĩŧᢂ$6 H&ֺb (Wġ"2!@s~A\7g=슘nǒoI#@7.~PPf=FVp`VQL@`7 FhMY'y_j$A3o{ wA$q_ߣ৓.w+\Z[1$= (RŌ!ce*UG [K t?FbTj@ LL]7tA碇H\GAӏ{|y?k!j$:mZ}*q/bq. &0}SwbWwqrwsx9aR12}pQEd aq D^{]I57FgSズ"`pcisY9//8?h݀6PP v @n@A( (hsUA`t)SIs(l!d>m_ݝ4QI=L3fY8ۊ}t?nVHeruazǔ Ohq߱6Z8C! 6j@x7(kV !Tθ\ ʐƯ}KC.ѻfx55}KF1`dr#r (P(Z6 9P~h[&~c/_PP𴂯y` ;KFZƼ؇(G t_ sRƯy-\}Ղ?z@n@A( (h@Ayj9K+,j'=)?`Xun;|x ead߫܆O~$[G:p&=,oy so ͐Y.3{[~A蟋OAƐmqmu|h{*4gt|6Ym;Mߧ NVWŶ_fqJւqJp]FS謋 ޴5䚙`7F+xO(ɁVP|{ ҐsB>3{[Q~.H ۼ\Б}ҾAo /QT>["eWNŏL0~/zE;+bR%6)q tkokD .Q s|- =e26PP v 4)SuRBoYnj̤fER2߳ӗ.v|S] :~+d>a_W)4ǭVxTq系`?e? TD(62岂սqc.ZtY݇[WWD,_*@_l4*74WhP2WNsuεOCHXhIձ|D.k+9Q:TVUtϒGxu*taD;4pD.Z@H3(&6T@.tS=ѥt[GѢhov:doTЦ8mNC+Ty.`yӇ8>' ʸ5 V /G^A9ߦ`erCN8W`M12`ȡʗYDq9G'+N/Sr ede*q_a l`7 ݀6P  @A0(`  UwR&.8&'ffx@=Ppyf\gx@=Ppyf\㱪?;O/=dAeq_W ;U`|D4|>Jgw^a_ǿ?:jTw/Cu3q<$k"G3v`!P*`|?Op/o,T!_gY50ՠ~?1_M$gx9B@^6k \N$o+j <`q?ׂ R Wn/g(hSБ$lSSP=p*(x 6;Ra+L2o)G~1wQ_яtio96əVxkZxEEqT7xC]?ӽ@Gp_PpYC\=d- (kN YA>^B ~.] !e۸WK(سl> C _p6 n?۱9]7eukW-s1?^".fB}3_p&?__ AE bsBf\gx>$?܇0$`d2έW/Lu7C쯻S&#? 酡&__X7'_0eɪmw ."IR 6]qniD U$dB^jx5'w|ʛ.t ?WWh|-$Gbf& cEr%扂̇ոW-4EK`#ΰۿaǝ1:k6TwBt/R0տN+fobOznTՠZ7G*{|V*ӓRA,yeoB2FNrd/#] m;qztƟAg5/8Nd,J 6]u9B;I$+ DMaZA2Yy9<k;DvRF~Οl_MIwL$$4 L#ht{|:^^URp_b;bXT9% qn8"8-]~|A=@V@:..VG`wf/_of\gx4ic9RWϽxY?2W; +U\W?XbOrVP[>Ԇyg,'\`J*X _;KHAs ]Od`lāO\˱ IJVXVC>7| h*v/>y")^E{>_şhN U+S汉U`[],lo3KϢ {q1Z9GɗXA6M>)Ӆ$+Ab;(OWz<]V=_~6$N  IbMt[.!䆊U?OO,@w)hx]A@ZA?[H_R<^U+ؼ?,k$E ٿK8*5炇Uq27g<,ZA~6` NyH#mB=W yԉTo|ex巷H?/X%Y Uw%sCTcgC<{gDSm*)< .3{<(< .3{<ZGw8#Q^<"Ppe(2\G #W+x@yD<(+HXp?2$?Ygm2҂>nb,=1C>_P.sO+tWUЬ(}#Lp, 2'O8Rpsd1qO~e7(؃8t}!7ɂdf? D-fWN;6vt(өRY g$tUn(8s7RA>YM*S~sOA끂㨽9To  (Dޔ,ɉ\JUWOg 8O[4<2=O׬d磟gޚfW<}(7?(؝(؝(؝(؝(؝כ7e{$^pO&?Li9+H)58pQ:#  kQ݃cN(OgAm$ opS-CE\M|L#ZO leD((s XGڄPA*hye*I*iB y ;50&T0^7)X*ԁ2&ޚ~S4OJ=pӄIyӄ TbP{0*ӄU P%E< ((Xl   V[+-@@ >Yul   V[+-@@ `K`P%P((Xl   VP`|I wMsiz+(O^R/,#*v"_-_g?C&jrAɘ#?'I3P`.P8g@o\͍ :j&N]@ P37ek$.B9qk:p.g=q?$>ܼz .ȠM V0@+j`#ju+@O@ `K`P%P((Xl   V[+-u@ ؋ 6g^|4P9⣁ l΀h`sG3`/>(؜{ (`  `0P  @A0(`  `0P  @A0(`  `0P  @A0(`  `0P  Spbw`?oܔ?{יլ0(S=7[|K--U|rJZQpf]P7.GNL>K&f)(`~W0%ȭUSKSW)؍ w)H[v 2ךrBg˳$^cCW̷yfU \\Ϗ,/_oj!|tF|tk'bKHvU;|EN#qI,0:&lZ/]ɇ*QJn/1gN?#qg7$3w@nqE,Db!bz LO+hPP)cWGLyI^햋Q#:n*tGF\UT9/"oʰo@(Kư"tm4jߌQμ۝ {z1R0gT_q9b^ ;vԟb}|Q (ؾ"/*??_LJ܊ t}@G `z,zʀSp+w`y)jl2{T K[Bƀ(V[LEL X)nc9 ]l})u|*^db 6t(G@Lx}3S#ӭ{jARiD=['trzȦ)g Q鐬9.(XAkiG/:@/L L)hׂZARmrXV*H=iJMT,lPA _dtzZƑb׶SP@AՁ@A e?yԹ8J;:Vrle%炛>m#JRL&K/Y>`{P]iqz̮Tm"V^xb+X tbp'P PI& ?P0p0kIENDB`iptraf-3.0.0/Documentation/stylesheet-images/0040755000076400000000000000000007470161135020124 5ustar rikerrootiptraf-3.0.0/Documentation/stylesheet-images/next.gif0100644000076400000000000000170407470161135021570 0ustar rikerrootGIF87a#!!))11BBJJRRcckkƌΔΥ֭޵,#+H*\ȰÂL(!ć %pQ "8T@(>>???@@@AAABBBCCCDDDEEEFFFGGGHHHIIIJJJKKKLLLMMMNNNOOOPPPQQQRRRSSSTTTUUUVVVWWWXXXYYYZZZ[[[\\\]]]^^^___```aaabbbcccdddeeefffggghhhiiijjjkkklllmmmnnnooopppqqqrrrssstttuuuvvvwwwxxxyyyzzz{{{|||}}}~~~, HA*ثR:[1F{1J&R<(Zʓ[Hi&L5 :+ub)LS`QzRAJ5kr͚3F Ftn9 <Ҙ9Mu lFQE=5k-5Szҿw=QbsT¸$eJ{Jq\ǫ=@W˚Z!l3ƦR<-%3!c[B*'{ƚxyǨ^Sj lĊQ9o;6$H;iptraf-3.0.0/Documentation/stylesheet-images/prev.gif0100644000076400000000000000166007470161135021567 0ustar rikerrootGIF87a#!!))11BBJJRRkkssƌΔΥ֭,#)H*\ȰCH|bP(@":(P`D@ 4  Ӟ>A,J$ (u U0"A zh@#XA@ H@W߿; ;iptraf-3.0.0/Documentation/stylesheet-images/tip.gif0100644000076400000000000000200507470161135021401 0ustar rikerrootGIF87a  !!!"""###$$$%%%&&&'''((()))***+++,,,---...///000111222333444555666777888999:::;;;<<<===>>>???@@@AAABBBCCCDDDEEEFFFGGGHHHIIIJJJKKKLLLMMMNNNOOOPPPQQQRRRSSSTTTUUUVVVWWWXXXYYYZZZ[[[\\\]]]^^^___```aaabbbcccdddeeefffggghhhiiijjjkkklllmmmnnnooopppqqqrrrssstttuuuvvvwwwxxxyyyzzz{{{|||}}}~~~, HA*xX)J"Btvoa{&!%J,2M3QUQsj)TK!s W&tV{{BYTI7yFЛх*^Uh k`֔x˞ )Hv[?]m&V'^BxpBÀ#DẂV2 g-Oz3& kQ«k='ۘɔ=x"m|_@;iptraf-3.0.0/Documentation/stylesheet-images/up.gif0100644000076400000000000000163207470161135021236 0ustar rikerrootGIF87a#!!))11BBcckkƌΔ޵,##H*\p Dh` @ D(d ,(`KF@Pq̩PB "0PTrL jNjjMsB|4˶m€;iptraf-3.0.0/Documentation/stylesheet-images/.eps0100644000076400000000000000000007470161135020677 0ustar rikerrootiptraf-3.0.0/Documentation/manual.template0100644000076400000000000052157110274135173017511 0ustar rikerroot IPTraf User's Manual Version @@version@@ 1997 2003 Gerard Paul Java This manual is released under the terms of the GNU Free Documentation License of March, 2000 as published by the Free Software Foundation, reproduced in this manual as Appendix B. IPTraf is open-source software released under the terms of the GNU General Public License version 2 or any later version as published by the Free Software Foundation, reproduced in the LICENSE file in the distribution's top-level directory. The accomanying software and the information contained in this document are provided "AS IS" without warranty of any kind, express or implied, including, without limitation, the implied warranties of mercantability or fitness for any particular purpose. In no event shall the author be liable for any indirect, special, consequential, or incidental damages arising from the use of this manual or the accompanying software even if the author has been advised of the possibility of such damages. Linux is a registered trademark of Linus Torvalds. Pentium is a registered trademark of Intel Corporation. All other trademarks are property of their respective owners. Some structure declarations were based on code copyrighted by the Regents of the University of California. Token Ring parsing code based on the Token Ring packet construction code in the Linux 2.2 kernel. About This Document This document contains the instructions on how to use the IPTraf network monitoring software version @@major@@. This manual details the different statistical facilities, the user interface, and the important features of the software. For Additional Information See the included README file for summarized and late-breaking information. Also read the RELEASE-NOTES file for important new information about this new version. The CHANGES file contains a record of the changes made to the software since 1.0.0. README.rvnamed contains information on the rvnamed reverse resolution program. See the other README files for support and development information. Document Conventions The following symbols and typefaces are used throughout this manual: [ ] items in brackets are optional. Brackets also denote items that may or may not be displayed onscreen depending on settings or conditions. { } curly braces enclose items you choose from | the vertical bar separates choices in curly braces normal monospace normal monospace text in syntax specifications should be typed in exactly as presented. Because UNIX and variants are case-sensitive, case must be preserved. Monospace is also used in presenting items that appear on the screen. monospace italics italics in syntax specifications indicate items that are to be replaced with an actual item (e.g. interface should be replaced with an actual interface name, like eth0). Additional information appears distinctively set apart from the main text. This information includes Notes, Tips, or Technical Notes. Notes are additional pieces of information that may be useful or may clarify the preceeding paragraphs of the manual. Tips provide shortcuts, clarify tasks that may not be immediately obvious, or provide references to additional sources of information. Technical notes are explanations of a more technical nature and may be of more use to programmers and advanced users. Getting Started About IPTraf IPTraf is a network monitoring utility and traffic analyzer for IP networks. It intercepts packets and returns data about captured the network traffic in various statistical facilities. IPTraf comes with these major features: An IP traffic monitor that shows TCP connection information (hosts, packet/byte counts, flags, window sizes), and color-coded information about other IP packets Statistics (counts and load rates) for network interfaces in general and detailed views Statistics per TCP/UDP port Statistical breakdown according to packet sizes A LAN host monitor that returns counts and loads per detected MAC address A powerful filtering system for users to view only interesting traffic Logging An asynchronous DNS resolver for the IP traffic monitor A text-based, full-color, menu-driven user interface suitable for use on all Linux systems with terminals, especially Linux consoles and color xterms Easy configuration Fully software-based. No additional hardware required Basic knowledge of the important TCP/IP protocols (IP, TCP, UDP, ICMP, etc.) is necessary for you to best understand the information generated by the program. Installation IPTraf is most readily available on the Internet, but some may receive it on a diskette. Here are the instructions for both types of distributions. System Requirements IPTraf requires: Hardware Requirements 16 megabytes of physical RAM (more recommended, at least 64 MB for very busy networks) 2 megabytes of free disk space for installation (more will be needed if you log high amounts of traffic over time) Pentium-class processor or higher (Pentium-II 200 MHz or higher recommended) or equivalent. One or more of the supported network interfaces. Operating System Requirements Linux kernel 2.2.0 or higher GNU C Library 2.1 or later ncurses 4.2 or later with the complete terminfo database in /usr/share/terminfo. Support for linux, vt100, xterm, xterm-color recommended. Compilation Requirements The following components are required when compiling IPTraf from the source code. gcc 2.7.2.3 or later GNU C (glibc) development library 2.1 or later ncurses development libraries 4.2 or later Availability IPTraf can be downloaded from the Internet from the official FTP site at ftp://iptraf.seul.org/pub/iptraf/ . The software is available in source form in compressed .tar.gz files named iptraf-x.y.z.tar.gz where x.y.z is the version number. Precompiled ready-to-run software is available in the iptraf-x.y.z.machinetype.bin.tar.gz files. (machinetype indicates what platform the precompiled binaries run on. The official distribution will only be for the Intel x86 architecture indicated as i386.) Installing Downloaded Packages You will need to have GNU tar and GNU zip installed. All modern Linux installations already have these utilities ready. Decompress the .tar.gz file by entering tar zxvf iptraf-x.y.z.tar.gz for the source code or tar zxvf iptraf-x.y.z.i386.bin.tar.gz for the precompiled x86 programs. If your tar doesn't support the z option, you can separately decompress the .tar.gz file then extract the resulting .tar archive. gunzip iptraf-x.y.z.tar.gz tar xvf iptraf-x.y.z.tar This will decompress the sources into a directory called iptraf-x.y.z (source code) or iptraf-x.y.z.bin (precompiled). (x.y.z here should be the IPTraf version number you're installing, like @@version@@). Change to the created top level directory. To compile and install the software, run the Setup program by entering ./Setup while you are logged in as root. The Setup script will recognize the source distribution and compile the software before installing. It will immediately install a precompiled distribution. The resulting binaries will be placed in the /usr/local/bin directory. All needed directories will also be created. After installation, you will be asked if you want to read the RELEASE-NOTES file. It is recommended that you do so at that point, since the RELEASE-NOTES file contains important information about the new version. Installing a Floppy Distribution If you received IPTraf on a diskette, the sources are already decompressed. The diskette is in Second Extended filesystem format. Perform the following steps to install the software. Insert the floppy in the drive. Mount the floppy on an empty directory. For example, to mount the floppy in the first floppy drive under a directory called /mnt, enter mount -t ext2 /dev/fd0 /mnt This assumes your floppy is in /dev/fd0. You can use any empty directory in place of /mnt. With most Linux installations, this will work fine. After mounting, change to the /mnt (or whatever) directory. Enter ./Setup while logged in as root. Setup will determine whether the diskette contains a source code distribution or ready-to-run precompiled software. This will copy the binaries to /usr/local/bin, and create the necessary working directories. Unmount the diskette by typing umount /mnt (That's umount, not unmount.) You can then eject the diskette. Store it in a safe place. You will also be asked if you want to view the RELEASE-NOTES file. It is recommended that you do so at that point. In both cases (downloaded and floppy), the installation will store the program in /usr/local/bin with the binaries owned by user root, readable, writable, and executable by the owner, no permissions for the group, no permissions for all others. (700 octal, or -rwx------). Note You must be root to do the installation. The old style of installation (cd src;make install) is still supported. Be sure /usr/local/bin is included in your environment's PATH variable. You can edit the appropriate command in your login customization file (.profile for the Bourne-type shells, .cshrc for the C shell and its relatives). Upgrading from Earlier Versions IPTraf 3.0 is a major revision from IPTraf 2.7. The filter subsystem has been completely redesigned and as such, is incompatible with previous filter formats. Therefore old IPTraf filters can no longer be used. The installation procedure for IPTraf 3.0 will rename the filter list files but not delete them. If you install a distribution package (e.g. RPM, dpkg), old filters may still appear in the filter selection list but the new IPTraf version will be unable to load them. Starting and Stopping IPTraf After installation, you can start the program by simply entering iptraf at the shell prompt. You will see a copyright notice, with an instruction to press any key to get started. Just press any character key, and you will be immediately taken to the main menu. All major functions of the program are found there. Entering the IPTraf command without any command-line parameters brings up the program's main menu. From there, you can select the facilities you want. IPTraf determines and makes use of the maximum number of lines and columns on the terminal. Note IPTraf does not have a SIGWINCH handler; it does not adjust itself when an xterm or some other X terminal is resized. Technical note IPTraf needs to refer to the terminfo database in /usr/share/terminfo. If the supplied executable program fails with Error opening terminal, your terminfo database may be located somewhere else. You can control the terminfo search path by using the TERMINFO environment variable. For example, if you're using the sh or bash shell, and your terminfo database is in /usr/lib/terminfo (typical for Slackware distributions), you can use the commands: TERMINFO=/usr/lib/terminfo export TERMINFO You can place these commands in your ~/.profile or the systemwide /etc/profile startup files. You can also create a symbolic link named /usr/share/terminfo to let it point to your existing terminfo (assuming again your terminfo is in /usr/lib/terminfo): ln -s /usr/lib/terminfo /usr/share/terminfo Or you can recompile your program to use your existing ncurses library installation. If you do this, make sure you have ncurses 4.2 or later. Command-line Options IPTraf has a few optional command-line parameters. As with most UNIX commands, IPTraf command-line parameters are case-sensitive (-l is NOT the same as -L). The following command-line parameters can be supplied to the iptraf command: -i iface causes the IP traffic monitor to start immediately on the specified interface. If -i all is specified, all interfaces are monitored. -g starts the general interface statistics -d iface shows detailed statistics for the specified interface -s iface starts the TCP/UDP traffic monitor for the specified interface -z iface starts the packet size breakdown for the specified interface -l iface starts the LAN station monitor on the specified interface. If -l all is specified, all LAN interfaces are monitored. -t timeout The -t parameter, when used with one of the other parameters that specify a facility to start, tells IPTraf to run the indicated facility for only timeout minutes, after which the facility exits. The -t parameter is ignored in menu mode. If this parameter is not specified, the facility runs until the exit keystroke is pressed. -B Redirects all terminal output to the "bit bucket" /dev/null, closes standard input, and places the program in the background. This parameter can be used only with one of the -i, -g, -d, -s, -z, or -l parameters. See Background Operation in Chapter 9. -B is ignored in menu mode. -L filename Allows you to specify an alternate log file name when the any facility is directly started from the command line, whether in foreground or background mode. If specified in foreground mode, the log filename prompt is bypassed, even when logging is turned on in the Configure... menu. If this parameter is omitted in background mode, the default log filename is used. This parameter always turns on logging. If an absolute path is not specified, the log file will be created in the default log file directory -I interval Sets the logging interval (in minutes) when the -L parameter is used. This overrides the Log interval... setting in the Configure... menu. If omitted, the configured value is used. This parameter is ignored when the -L parameter is omitted and logging is disabled. The value specified here will affect all facilities except for the IP traffic monitor. -q Previously used to suppress the warning screen when IPTraf is run on kernels with IP masquerading. Since the masquerading code now processes packets in a way better suited to raw capture, this parameter is no longer needed and is retained only for compatibility. -f Forces IPTraf to clear all lock files and reset all instance counters to zero before running any facilities. IPTraf will then think it's the first instance of itself. The -f parameter overrides the existing locks and counters imposed by the IPTraf process and by the various facilities, causing this instance to think it is the first and that there are no other facilities running. Use this parameter with great caution. A common use for this parameter is to recover from abrupt or abnormal terminations which may leave stale locks and counters still lying around. The -f parameter may be used together with the others. iptraf -h displays a short help screen While the command-line options are case-sensitive, interactive keystroke at the IPTraf full-screen interface are not. Using the Menus Menu items with a trailing ellipsis (...) either pop up a submenu with further items, or require additional information before it can complete the task and return to the menu. Menu items without an ellipsis execute immediately. Use the Up and Down arrow keys on your keyboard to move the selection bar. Press Enter to execute the selected item. Alternatively, you can also directly press the highlighted letter of the item you want. This will immediately execute the option.
The IPTraf Main Menu
Exiting IPTraf You can exit IPTraf with the Exit command in the main menu. When started with one of the command-line options to directly start a statistical facility, pressing X or Q will exit the facility directly, without any confirmation. The -t command-line parameter will automatically exit the facility after the specified length of time without any confirmation as well. Daemon facilities started with the -B parameter will immediately terminate after being sent a USR2 signal. See background operation in chapter 9 for more information. Preparing to Use IPTraf This chapter provides information applicable to all of IPTraf's statistical monitors. Number Display Notations IPTraf initially returns exact counts of bytes and packets. However, as they grow larger, IPTraf begins displaying them in increasingly higher denominations. A number standing alone with no suffix represents an exact count. A number with a K following is a kilo (thousand) figure. An M, G, and T suffix represents mega (million), giga (billion), and tera (trillion) respectively. The following table shows examples. Numeric Display Notations 1024067exactly 1024067 1024Kapproximately 1024000 1024Mapproximately 1024000000 1024Gapproximately 1024000000000 1024Tapproximately 1024000000000000
These notations apply to both packet and byte counts. Instances and Logging Since version 2.4, IPTraf allows multiple instances of the facilities at the same time in different processes (for example, you can now run two or more IP Traffic Monitors at the same time). However only one can listen on a specific interface or all interfaces at once. The only exception is the general interface statistics, which is still restricted to only one instance at a time. Because of this relaxation, each instance now generates log files with unique names for instances, depending on either their instance or the interface they're listening on. If the Logging option is turned on (see the Configuration chapter), IPTraf will prompt you for a log file name while presenting a default. You may accept this default or change it. Press Enter to accept, or Ctrl+X to cancel. Canceling will turn logging off for that particular session. If you don't specify an absolute path, the log file will be placed in /var/log/iptraf.
The logfile prompt dialog
See the Logging section in the Configuration chapter for detailed information on logging. See also the documentation on each statistical facility for the default log file names. The default log file names will also be used if the -B parameter is used to run IPTraf in the background. You can override the defaults with the -L parameter. See Background Operation in Chapter 9. Screen Update Delays Older versions of IPTraf updated the screen as soon as a packet was received. However, screen update is one of the slowest operations the program performs. Since version 1.3, a configuration option has been available to control screen update speed. See the Screen update interval... configuration option under the Configuration chapter of this manual. Supported Network Interfaces IPTraf currently supports the following network interface types and names. lo The loopback interface. Every machine has one, and has an IP address of 127.0.0.1. lo is also indicated if data is detected on the dummyn interface(s). ethn An Ethernet interface. n starts from 0. Therefore, eth0 refers to the first Ethernet interface, eth1 to the second, and so on. Most machines only have one. fddin An FDDI interface. n starts from 0. trn A Token Ring interface, where n starts from 0. pppn A PPP interface. n starts from 0. slin A SLIP interface. n starts from 0. ipppn A synchronous PPP interface using ISDN. n starts from 0. isdnn ISDN interfaces can be given arbitrary names, but for them to work with IPTraf, they must be named isdnn. IPTraf supports synchronous PPP (the ipppn interfaces above), raw IP, and Cisco-HDLC encapsulation. plipn PLIP interfaces. These are point-to-point IP connections using the PC parallel port. ipsecn This refers to Free s/WAN (and possibly other) logical VPN interfaces. sbnin SBNI long-range modem interfaces dvbn, sm200, sm300 DVB satellite-receive interfaces wlann, wvlann Wireless LAN interfaces tunn general logical tunnel interfaces brgn general logical bridge interfaces hdlcn Frame Relay base (FRAD) interfaces (non-PVC) pvcn Frame Relay Permanent Virtual Circuit interfaces Your system's network interfaces must be named according to the schemes specified above. The IP Traffic Monitor Executing the first menu item or specifying -i to the iptraf command takes you to the IP traffic monitor. The traffic monitor is a real-time monitoring system that intercepts all packets on all detected network interfaces, decodes the IP information on all IP packets and displays the appropriate information, most notably the source and destination addresses. It also determines the encapsulated protocol within the IP packet, and displays some important information about that as well. There are two windows in the traffic monitor, both of which can be scrolled with the Up and Down cursor keys. Just press W to move the Active indicator to the window you want to control.
The IP traffic monitor
The Upper Window The upper window of the traffic monitor displays the currently detected TCP connections. Information about TCP packets are displayed here. The window contains these pieces of information: Source address and port Packet count Byte count Source MAC address Packet Size Window Size TCP flag statuses Interface Note Previous versions of IPTraf showed both the source and destination addresses on each line. IPTraf 2 and higher show only the source host:port combination to save on screen real estate. TCP connection endpoints are still indicated with the green brackets (on color terminals) along the left edge of the screen. The Up and Down cursor keys move an indicator bar between entries in the TCP monitor, scrolling the window if necessary. The PgUp and PgDn keys display the previous and next screenfuls of entries respectively. The IP traffic monitor computes the data flow rate of the currently highlighted TCP flow and displays it on the lower-right corner of the screen. The flow rate is in kilobits or kilobytes per second depending on the Activity mode switch in the Configure... menu. Because this monitoring system relies solely on packet information, it does not determine which endpoint initiated the connection. In other words, it does not know which endpoints are the client and server. This is necessary because it can operate in promiscuous mode, and as such cannot determine the socket statuses for other machines on the LAN. However, a little knowledge of the well-known TCP port numbers can give a good idea about which address is that of the server. The system therefore displays two entries for each connection, one for each direction of the TCP connection. To make it easier to determine the direction pairs of each connection, a bracket is used to "join" both together. This bracket appears at the leftmost part of each entry. Just because a host entry appears at the upper end of a connection bracket doesn't mean it was the initiator of the connection. Each entry in the window contains these fields: Source address and port The source address and port indicator is in address:port format. This indicates the source machine and TCP port on that machine from which this data is coming. The destination is the host:port at the other end of the bracket. Packet count The number of packets received for this direction of the TCP connection Byte count The number of bytes received for this direction of the TCP connection. These bytes include total IP and TCP header information, in addition to the actual data. Data link header (e.g. Ethernet and FDDI) data are not included. Source MAC address The address of the host on your local LAN that delivered this packet. This can be viewed by pressing M once if Source MAC addrs in traffic monitor is enabled in the Configure... menu. Packet Size The size of the most recently received packet. This item is visible if you press M for more TCP information. This is the size of the IP datagram only, not including the data link header. Window Size The advertised window size of the most recently received packet. This item is visible if you press M for more TCP information. Flag statuses The flags of the most recently received packet. S SYN. A synchronization is taking place in preparation for connection establishment. If only an S is present (S---) the source is trying to initiate a connection. If an A is also present (S-A-), this is an acknowledgment of a previous connection request, and is responding. A ACK. This is an acknowledgment of a previously received packet P PSH. A request to push all data to the top of the receiving queue U URG. This packet contains urgent data RESET RST. The source machine indicated in this direction reset the entire connection. The direction entries for reset connections become available for new connections. DONE The connection is done sending data in this direction, and has sent a FIN (finished) packet, but has not yet been acknowledged by the other host. CLOSED The FIN has been acknowledged by the other host. When both directions of a connection are marked CLOSED, the entries they occupy become available for new connection entries. - The flag is not set Some other pieces of information can be viewed as well. The M key displays more TCP information. Pressing M once displays the MAC addresses of the LAN hosts that delivered the packets (if the Source MAC addrs in traffic monitor option is enabled in the Configure... menu). N/A is displayed if no packets have been received from the source yet, or if the interface doesn't support MAC addresses (such as PPP interfaces). If the Source MAC addrs in traffic monitor option is not enabled, pressing M simply toggles between the counts and the packet and window sizes. By default, only IP addresses are displayed, but if you have access to a name server or host table, you may enable reverse lookup for the IP addresses. Just enable reverse lookup in the Configure... menu. The rvnamed Process The IP traffic monitor starts a daemon called rvnamed to help speed up reverse lookups without sacrificing too much keyboard control and accuracy of the counts. While reverse lookup is being conducted in the background, IP addresses will be used until the resolution is complete. If for some reason rvnamed cannot start (probably due to improper installation or lack of memory), and you are on the Internet, and you enable reverse lookup, your keyboard control can become very slow. This is because the standard lookup functions do not return until they have completed their tasks, and it can take several seconds for a name resolution in the foreground to complete. rvnamed will spawn up to 200 children to process reverse DNS queries. Tip If you notice unusual SYN activity (too many initial (S---) but frozen SYN entries, or rapidly increasing initial SYN packets for a single connection), you may be under a SYN flooding attack or TCP port scan. Apply appropriate measures, or the targeted machines may begin denying network services. Entries not updated within a user-configurable amount of time may get replaced with new connections. The default time is 15 minutes. This is regardless of whether the connection is closed or not. (Some unclosed connections may be due to extremely slow links or crashes at either end of the connection.) This figure can be changed at the Configure... menu. Some early entries may have a > symbol in front of its packet count. This means the connection was already established when the monitor started. In other words, the figures indicated do not reflect the counts since the start of the TCP connection, but rather, since the start of the traffic monitor. Eventually, these > entries will close (or time out) and disappear. TCP entries without the > were initiated after the traffic monitor started, and the counts indicate the totals of the connection itself. Just consider entries with > partial. Some > entries may go idle if the traffic monitor was started when these connections were already half-closed (FIN sent by one host, but data still being sent by the other). This is because the traffic monitor cannot determine if a connection was already half-closed when it started. These entries will eventually time out. (To minimize these entries, an entry is not added by the monitor until a packet with data or a SYN packet is received.) Direction entries also become available for reuse if an ICMP Destination Unreachable message is received for the connection. The lower part of the screen contains a summary line showing the IP, TCP, UDP, ICMP, and non-IP byte counts since the start of the monitor. The IP, TCP, UDP, and ICMP counts include only the IP datagram header and data, not the data-link headers. The non-IP count includes the data-link headers. Technical note: IP Forwarding and Masquerading Previous versions of IPTraf issued a warning if the kernel had IP masquerading enabled due to the way the kernel masqueraded and translated the IP addresses. The new kernels no longer do it as before and IPTraf now gives output properly on masquerading machines. The -q parameter is no longer required to suppress the warning screen. On forwarding (non-masquerading) machines packets and TCP connections simply appear twice, one each for the incoming and outgoing interfaces if all interafaces are being monitored. On masquerading machines, packets and connections from the internal network to the external network also appear twice, one for the internal and external interface. Packets coming from the internal network will be indicated as coming from the internal IP address that sourced them, and also as coming from the IP address of the external interface on your masquerading machine. In much the same way, packets coming in from the external network will look like they're destined for the external interface's IP address, and again as destined for the final host on the internal network. Closed/Idle/Timed Out Connections A TCP connection entry that closes, gets reset, or stays idle too long normally gets replaced with new connections. However, if there are too many of these, active connections may become interspersed among closed, reset, or idle entries. IPTraf can be set to automatically remove all closed, reset, and idle entries with the TCP closed/idle persistence... configuration option. You can also press the F key to immediately clear them at any time. Note The TCP timeout... option only tells IPTraf how long it should take before a connection should be considered idle and open to replacement by new connections. This does not determine how long it remains on-screen. The TCP closed/idle persistence... parameter flushes entries that have been idle for the number of minutes defined by the TCP timeout... option. Sorting TCP Entries The TCP connection entries can be sorted by pressing the S key, then by selecting a sort criterion. Pressing S will display a box showing the available sort criteria. Press P to sort by packet count, B to sort by byte count. Pressing any other key cancels the sort. The sort operation compares the larger values in each connection entry pair and sorts the counts in descending order. Over time, the entries will go out of order as counts proceed at varying rates. Sorting is not done automatically so as not to degrade performance and accuracy.
The IP traffic monitor sort criteria
Lower Window The lower window displays information about the other types of traffic on your network. The following protocols are detected internally: User Datagram Protocol (UDP) Internet Control Message Protocol (ICMP) Open Shortest-Path First (OSPF) Interior Gateway Routing Protocol (IGRP) Interior Gateway Protocol (IGP) Internet Group Management Protocol (IGMP) General Routing Encapsulation (GRE) Layer 2 Tunneling Protocol (L2TP) IPSec AH and ESP protocols (IPSec AH and IPSec ESP) Address Resolution Protocol (ARP) Reverse Address Resolution Protocol (RARP) Other IP protocols are looked up from the /etc/services file. If /etc/services doesn't contain information about that protocol, the protocol number is indicated. Non-IP packets are indicated as Non-IP in the lower window. Note The source and destination addresses for ARP and RARP entries are MAC addresses. Strictly speaking, ARP and RARP packets aren't IP packets, since they are not encapsulated in an IP datagram. They're just indicated because they are integral to proper IP operation on LANs. For all packets in the lower window, only the first IP fragment is indicated (since that contains the header of the IP-encapsulated protocol) but with no further information from the encapsulated protocol. UDP packets are also displayed in address:port format while ICMP entries also contain the ICMP message type. For easier location, each type of protocol is color-coded (only on color terminals such as the Linux console). UDPRed on White ICMPYellow on Blue OSPFBlack on Cyan IGRPBright white on Cyan IGPRed on Cyan IGMPBright green on Blue GREBlue on white ARPBright white on Red RARPBright white on Red Other IPYellow on red Non-IPYellow on Red The lower window can hold up to 512 entries. You can scroll the lower window by using the W key to move the Active indicator to it, and by using the Up and Down cursor keys. The lower window automatically scrolls every time a new entry is added, and either the first entry or last entry is visible. Upon reaching 512 entries, old entries are thrown out as new entries are added. Some entries may be too long to completely fit in a screen line. You can use the Left and Right cursor keys to vertically scroll the lower window when it is marked Active. If your terminal can be resized (e.g. xterm), you may do so before starting IPTraf. Entries for packets received on LAN interfaces also include the source MAC address of the LAN host which delivered it. This behavior is enabled by turning on the Source MAC addrs in traffic monitor toggle in the Configure... menu. Entry Details In general, the entries in the lower window indicate the protocol, the IP datagram size (full frame size for non-IP, including ARP and RARP), the source address, the destination address, and the network interface the packet was detected on. However, some protocols have a little more information. ICMP ICMP entries are displayed in this format: ICMP type [(subtype)] (size bytes) from source to destination [(src HWaddr srcMACaddress)] on interface where type could be any of the following: echo req, echo rply ICMP echo request and reply. Usually used by the ping program and other network monitoring and diagnostic program. dest unrch ICMP destination unreachable. Something failed to reach its target. The dest unreach type is supplemented with a further indicator of the problem. Destination unreachable messages for TCP traffic causes the corresponding TCP entry in the upper window to be made available for reuse by new connections. redirct ICMP redirect. Usually generated by a router to tell a host that a better gateway is available. src qnch The ICMP source quench is used to stop a host from transmitting. It's a flow control mechanism for IP. time excd Indicates a packet's time-to-live value expired before it got to its destination. Mostly happens if a destination is too far away. Also used by the traceroute program. router adv ICMP router advertisement router sol ICMP router solicitation timestmp req ICMP timestamp request timestmp rep ICMP timestamp reply info req ICMP information request info rep ICMP information reply addr mask req ICMP address mask request addr mask rep ICMP address mask reply param prob ICMP parameter problem bad/unknown An unrecognized ICMP packet was received, or the packet is corrupted. The destination unreachable message also includes information on the type of error encountered. Here are the destination unreachable codes: ntwk network unreachable host host unreachable proto protocol unreachable port port unreachable pkt fltrd packet filtered (normally by an access rule on a router or firewall) DF set the packet has to be fragmented somewhere, but its don't fragment (DF) bit is set. src rte fail source route failed src isltd source isolated (obsolete) net comm denied network communication denied host comm denied host communication denied net unrch for TOS network unreachable for specified IP type-of-service host unrch for TOS host unreachable for specified IP type-of-service prec violtn precedence violation prec cutoff precedence cutoff dest net unkn destination network unknown dest host unkn destination network unknown For more information on ICMP, see RFC 792. OSPF OSPF messages also include a little more information. The format of an OSPF message in the window is: OSPF type (a=area r=router) (sizebytes) from source to destination [(src HWaddr srcMACaddress)] on interface The type can be one of the following: hlo OSPF hello. Hello messages establish OSPF communications and keep routers informed of each other's presence. DB desc OSPF Database Description LSR OSPF Link State Request LSU OSPF Link State Update. Messages indicating the states of the OSPF network links LSA OSPF Link State Acknowledgment The entries in parentheses: a=area The area number of the OSPF message r=router The IP address of the router that generated the message. It is not necessarily the same as the source address of the encapsulating IP packet. Many times, the destination addresses for OSPF packets are class D multicast addresses in standard dotted decimal notation or (if reverse lookup is enabled), hosts under the MCAST.NET domain. Such multicast addresses are defined as follows: 224.0.0.5 (OSPF-ALL.MCAST.NET) OSPF all routers 224.0.0.6 (OSPF-DSIG.MCAST.NET) OSPF all designated routers See RFC 1247 for details on the OSPF protocol. Additional Information When started from the main menu and logging is enabled, the IP traffic monitor prompts you for a log file name. The default name is ip_traffic-n.log (where n is what instance of the traffic monitor this is (1, 2, 3, and so on). (e.g. if this is the first instance, the default file name will be ip_traffic-1.log.) When started with the -i parameter, the log filename can be specified with the -L parameter. See the Command-line Parameters section above for more information. On busy networks, the display may become cluttered with traffic you're not interested in. To control the traffic monitor's output, you can apply a filter. See Chapter 7, Filters for more information on IPTraf's filters. At any time, you can press X or Q to return to the main menu (or back to the shell if the monitor was started with iptraf -i). Network Interface Statistics There are two network interface statistics facilities: the general interface statistics, which displays a statistical summary of all attached interfaces, and the detailed interface statistics, which shows more statistical and load information about a single selected interface. General Interface Statistics The second menu option displays a list of attached network interfaces, and some general packet counts. Specifically, it displays counts of IP, non-IP, and bad IP packets (packets with IP checksum errors). It also includes an activity indicator, which shows the number of kilobits and packets the interface sees per second. All figures are for incoming and outgoing packets. (Again, considering promiscuous mode for LAN interfaces, which simply causes the machine to intercept all packets). This is useful for general monitoring of all attached interfaces. If byte counts and additional information are needed for a specific interface, the Detailed interface statistics option is also available. The activity indicators can be toggled between kbits/s and kbytes/s with the Activity mode configuration option. The general statistics window will dynamically add new entries as packets from newly-created interfaces (e.g. new PPP interfaces) are intercepted. Long lists can be scrolled with the Up, Down, PgUp, and PgDn keys. This monitor is affected by IPTraf's filters as described in Chapter 7. Copies of the statistics are written to the log file iface_stats_general.log at regular intervals if logging is enabled. See the Logging option int the Configuration chapter. This facility can be started directly from the command line with the -g option to the iptraf command. When started from the command line, the log filename and log interval can be specified with the -L and -I parameters respectively. See the Command-line Parameters section above for more information.
The general interface statistics screen
You can press X or Q to return to the main menu. Detailed Interface Statistics The third menu option displays packet statistics for any selected interface. It provides basically the same information as the General interface statistics option, with additional details. This facility provides the following information: Total packet and byte counts IP packet and byte counts TCP packet and byte counts UDP packet and byte count ICMP packet and byte counts Other IP-type packet and byte counts Non-IP packet and byte counts Checksum error count Interface activity Broadcast packet and byte counts All IP byte counts (IP, TCP, UDP, ICMP, other IP) include IP header data and payload. The data link header is not included. The full frame length (including data-link header) is included in the non-IP and Total byte count. All data-link headers are also included in the Total byte counts.
The detailed interface statistics screen
The upper portion of the screen contains the packet and byte counts for all IP and non-IP packets intercepted on the interface. The lower portion contains the total, incoming, and outgoing interface data rates. This facility also displays incoming and outgoing counts and data rates. The packet size breakdown in versions prior to 2.0.0 has been moved to its own facility under Statistical breakdowns.../By packet size as described in Chapter 5. An outgoing packet is one that exits your interface, regardless of whether it originated from your machine or came from another machine and was routed through yours. An incoming packet is one that enters your interface, either addressed to you directly, broadcast, multicast, or captured promiscuously. The rate indicators can be set to display kbits/s or kbytes/s with the Activity mode configuration option. Note Buffering and some other factors may affect the data rates, notably the outgoing rate, causing it to reflect a higher figure than the actual rate at which the interface is sending. The figures are logged at regular intervals if logging is enabled. The default log file name at the prompt is iface_stats_detailed-iface.log where iface is the selected interface for this session (for example, iface_stats_detailed-eth0.log). If you wish to start this facility directly from the command line, you can specify the -d parameter and an interface to monitor. For example, iptraf -d eth0 starts the statistics for eth0. The interface must be specified, or IPTraf will not start the facility. When started from the command line, the log filename and log interval can be specified with the -L and -I parameters respectively. See the Command-line Parameters section above for more information. Note In both the general and detailed statistics screens, as well as in the IP traffic monitor, the packet counts are for actual network packets (layer 2), not the logical IP packets (layer 3) that may be reconstructed after fragmentation. That means, if a packet was fragmented into four pieces, and these four fragments pass over your interface, the packet counts will indicate four separate packets. The figure for the IP checksum errors is a packet count only, because the corrupted IP header cannot be relied upon to give a correct IP packet length value. This facility's output is also affected by IPTraf's filters. See Chapter 7 for more information on filters. Pressing X or Q takes you back to the main menu (if this facility was started with the command-line option, X or Q drops you back to the shell). Statistical Breakdowns Statistical breakdowns contain two facilities that break down traffic counts by either packet size or TCP/UDP port. Packet Sizes The packet size breakdown facility used to be incorporated into the detailed interface statistics. It has since been moved to its own facility. It is entered by selecting Statistical Breakdowns/By packet size. The packet size breakdown takes the interface's Maximum Transmission Unit (MTU) size and divides it into 20 brackets, each bracket containing a range of sizes. As a packet is captured, its size is determined and the appropriate bracket is incremented. This facility provides an idea as to the packet sizes passing over your network, and can aid in network (re)design decisions.
The packet size statistical breakdown
If logging is enabled, copies of the statistics are written at regular intervals to a log file. The default log file name is packet_size-iface.log where iface is the selected interface for this session (for example, packet_size-eth0.log). IPTraf's filters do not affect this facility. The packet size breakdown can also be invoked straight from the command line by specifying the -z iface parameter. The interface parameter is required. For example, this command runs the facility on interface eth0. iptraf -z eth0 When started from the command line, the log filename and log interval can be specified with the -L and -I parameters respectively. See the Command-line Parameters section above for more information. To exit, press X or Ctrl+X. TCP and UDP Traffic Statistics IPTraf also includes a facility that generates statistics on TCP and UDP traffic. This facility displays counts of all TCP and UDP packets with source or destination ports numbered less than 1024. Ports 1 to 1023 are reserved for the TCP/IP application protocols (well-known ports).
The TCP/UDP service monitor
The statistics window indicates the protocol (TCP or UDP), the port number, the total packets and bytes counted for this particular protocol/port combination, the packets and bytes destined for that protocol and port, and the packets and bytes coming from that protocol and port. Byte counts include the IP header and payload only. The data link header is not included. The protocol/port indicators are color-coded for easier identification on color terminals. TCP indicators are in yellow, UDP in bright green. Some network applications or protocols may use port numbers higher than 1023. Examples of these include application proxy servers (HTTP proxy servers typically use values like 8000, 8080, 8888, and the like), and IRC (IRC servers commonly accept connections on ports 6660 to 6669). These ports are by default not included in the counts. If you do want to include a higher-numbered port in the statistics, you can add them yourself from the Configure.../Additional ports... menu item. See the section below. If logging is enabled, The statistics are also written to a log file (the default name is tcp_udp_services-iface.log, where iface is the selected interface (for example, tcp_udp_services-eth0.log). IPTraf computes the total, incoming, outgoing, and data rates of the protocol currently indicated by the facility's highlight bar. The data rates are indicated at the bottom of the screen. If logging is enabled, the average data rates since the start of the facility are placed in the log file. The Up and Down cursor keys move the highlight bar. Pressing X or Ctrl+X exits and returns to the main menu (or the shell if it was started from the command line). Sorting TCP/UDP Entries Pressing the S key brings up a window which allows you to select the field by which the entries will be sorted. You can press R to sort by port, P to sort by total packets, B to sort by total bytes, T to sort by incoming packets (packets to), O to sort by incoming bytes (bytes to), F to sort by outgoing packets (packets from) and M to sort by outgoing bytes (bytes from). Pressing any other key cancels the sort. Port numbers are sorted in ascending order (least first) but statistics are sorted in descending order (largest counts first). As with the IP traffic monitor, sorting is performed only with this sequence. Automatic sorting is not performed so as not to affect performance.
The TCP/UDP monitor's sort criteria
Additional Information IPTraf's filters affect the output of this facility. See Chapter 7, Filters for more information about filters. If you wish to start this facility from the command line, you can use the -s option followed by an interface to monitor. For example, iptraf -s eth0 brings up this module for traffic on eth0. The interface must be specified, or IPTraf will drop back to the shell. When started from the command line, the log filename and log interval can be specified with the -L and -I parameters respectively. See the Command-line Parameters section above for more information. LAN Station Statistics The LAN station monitor (Ethernet station monitor on versions prior to 1.3.0) discovers MAC addresses and displays statistics on the number of incoming, and outgoing packets. It also includes figures for incoming and outgoing kilobits per second for each discovered station. The entry above each line of statistics is the station's LAN type (Ethernet, PLIP, Token Ring, or FDDI) and the hardware MAC address. Each statistics line consists of the following information: Total packets incoming IP packets incoming Total bytes incoming Incoming rate Total packets outgoing IP packets outgoing Total bytes outgoing Outgoing rate The byte counts include the data link header. The activity indicators can be set to display kbits/s or kbytes/s with the Activity mode configuration option. This facility works only for Ethernet, PLIP, Token Ring, and FDDI frames. Loopback. ISDN, and SLIP/PPP networks are not monitored here.
The LAN station monitor
Copies of the statistics are written to a log file at regular intervals if logging is enabled. The default log file name is lan_statistics-n.log, where n is the instance number of this facility (for example, if this is the first instance, the generated default log file name is lan_statistics-1.log). Sorting the LAN Station Monitor Entries Press S to sort the entries. A box will pop up and display the keys you can press to select the field by which the entries will be sorted. Press P to sort by total incoming packets, I to sort by incoming IP packets, B to sort by total incoming bytes, K to sort by total outgoing packets, O to sort by outgoing IP packets, and Y to sort by total outgoing bytes. Pressing any other key cancels the sort.
The LAN station monitor's sort criteria When started from the command line, the log filename and log interval can be specified with the -L and -I parameters respectively. See the Command-line Parameters section above for more information. Additional Information The window can be scrolled with the Up and Down cursor keys. Press X or Q to return to the main menu (or the shell if this facility was started with the -l command-line option). The output of this facility is affected by any applied IPTraf filter. Filters Filters are used to control the information displayed by all facilities. You may want to view statistics only on particular traffic so you must restrict the information displayed. The filters also apply to logging activity. The IPTraf filter management system is accessible through the Filters... submenu.
The Filters submenu
IP Filters The Filters/IP... menu option allows you to define a set of rules that determine what IP traffic to pass to the monitors. Selecting this option pops up another menu with the tasks used to define and apply custom IP filters.
The IP filter menu
Defining a New Filter A freshly installed program will have no filters defined, so before anything else, you will have to define a filter. You can do this by selecting the Define new filter... option. Selecting this option displays a box asking you to enter a short description of the filter you are going to define. Just enter any text that clearly identifies the nature of the filter.
The IP filter name dialog
Press Enter when you're done with that box. As an alternative, you can also press Ctrl+X to cancel the operation. The Filter Rule Selection Screen After you enter the filter's description, you will be taken to a blank rule selection box. At this screen you manage the various rules you define for this filter. You can opt to insert, append, edit, or delete rules.
The filter rule selection screen. Selecting an entry displays that set for editing
Any rules defined will appear here. You will see the source and destination addresses, masks and ports (long addresses and masks may be truncated) and whether this rule includes or excludes matching packets. Between the source and destination parameters is an arrow that indicates whether the rule matches packets (single-headed) only exactly or whether it matches packets flowing in the opposite direction (double-headed). At this screen, press I to insert at the current position of the selection bar, A to append a rule to the end of the list, Enter to edit the highlighted rule and D to delete the selected rule. With an empty list, A or I can be used to add the first rule. To add the first rule, press A or I. You will then be presented with a dialog box that allows you to enter the rule's parameters. Entering Filter Rules You can enter addresses of individual hosts, networks, or a catch-all address. The nature of the address will be determined by the wildcard mask. You'll notice two sets of fields, marked Source and Destination. You fill these out with the information about your source and targets. Fill out the host name or IP address of the hosts or networks in the first field marked Host name/IP Address. Enter it in standard dotted-decimal notation. When done, press Tab to move to the Wildcard mask field. The wildcard mask is similar but not exactly identical to the standard IP subnet mask. The wildcard mask is used to determine which bits to ignore when processing the filter. In most cases, it will work very closely like a subnet mask. Place ones (1) under the bits you want the filter to recognize, and keep zeros (0) under the bits you want the filter to ignore. For example: To recognize the host 207.0.115.44 IP address207.0.115.44 Wildcard mask255.255.255.255 To recognize all hosts belonging to network 202.47.132.x IP address202.47.132.0 Wildcard mask255.255.255.0 To recognize all hosts with any address: IP address0.0.0.0 Wildcard mask0.0.0.0 The IP address/wildcard mask mechanism of the display filter doesn't recognize IP address class. It uses a simple bit- pattern matching algorithm. The wildcard mask also does not have to end on a byte boundary; you may mask right into a byte itself. For example, 255.255.255.224 masks 27 bits (255 is 11111111, 224 is 11100000 in binary). IPTraf also accepts host names in place of the IP addresses. IPTraf will resolve the host name when the filter is loaded. When the filter is interpreted, the wildcard mask will also be applied. This can be useful in cases where a single host name may resolve to several IP addresses. Tip See the Linux Network Administrator's Guide if you need more information on IP addresses and subnet masking. Tip IPTraf allows you to specify the wildcard mask in Classless Interdomain Routing (CIDR) format. This format allows you to specify the number of 1-bits that mask the address. CIDR notation is the form address/bits where the address is the IP address or host name and bits is the number of 1-bits in the mask. For example, if you want to mask 10.1.1.0 with 255.255.255.0, note that 255.255.255.0 has 24 1-bits, so instead of specifying 255.255.255.0 in the wildcard mask field, you can just enter 10.1.1.0/24 in the address field. IPTraf will translate the mask bits into an appropriate wildcard mask and fill in the mask field the next time you edit the filter rule. If you specify the mask in CIDR notation, leave the wildcard mask fields blank. If you fill them up, the wildcard mask fields will take precedence. The Port fields should contain a port number or range of any TCP or UDP service you may be interested in. If you want to match only a single port number, fill in the first field, while leaving the second blank or set to zero. Fill in the second field if you want to match a range of ports (e.g. 80 to 90). Leave the first field blank or set to zero to let the filter ignore the ports altogether. You will most likely be interested in target ports rather than source ports (which are usually unpredictable anyway, perhaps with the exception of FTP data). Non-TCP and non-UDP packets are not affected by these fields, and these are used only when filtering TCP or UDP packets. Fill out the second set of fields with the parameters of the opposite end of the connection. Tip Any address or mask fields left blank default to 0.0.0.0 while blank Port fields default to 0. This makes it easy to define filter rules if you're interested only in either the source or destination, but not the other. For example, you may be interested in traffic originating from network 61.9.88.0, in which case you just enter the source address, mask and port in the Source fields, while leaving the Destination fields blank. The next fields let you specify which IP-type protocols you want matched by this filter rule. Any packet whose protocol's corresponding field is marked with a Y is matched against the filter's defined IP addresses and ports, otherwise they don't pass through this filter rule. If you want to evaluate all IP packets just mark with Y the All IP field. For example, if you want to see only all TCP traffic, mark the TCP field with Y. The long field marked Additional protocols allows you to specify other protocols by their IANA number. (You can view the common IP protocol number in the /etc/protocols file). You can specify a list of protocol numbers or ranges separated by commas, Ranges have the beginning and ending protocol numbers separated with a hyphen. For example, to see the RSVP (46), IP mobile (55), and protocols (101 to 104), you use an entry that looks like this: 46, 55, 101-104 It's certainly possible to specify any of the protocols listed above in this field. Entering 1-255 is functionally identical to marking All IP with a Y. The next field is marked Include/Exclude. This field allows you to decide whether to include or filter out matching packets. Setting this field to I causes the filter to pass matching packets, while setting it to E causes the filter to drop them. This field is set to I by default. The last field in the dialog is labeled Match opposite. When set to Y, the filter will match packets flowing in the opposite direction. Previous versions of IPTraf used to match TCP packets flowing in either direction, so the source and destination address/mask/port combinations were actually interchangeable. Starting with IPTraf 3.0, when filters extended to more than just the IP traffic monitor, this behavior is no longer the default throughout IPTraf except in the IP traffic monitor's TCP window. Note For TCP packets, this field is used in all facilities except the IP traffic monitor. Because the IP traffic monitor must capture TCP packets in both directions to properly determine a closed connection, the filter automatically matches packets in the opposite direction, regardless of this field's setting. However iin all other facilities, automatic matching of the reverse packets is not performed unless you set this field to Y. Filters for UDP and other IP protocols do not automatically match packets in the opposite direction unless you set the field to Y, even in the IP traffic monitor. Press Enter to accept all parameters when done. The parameters will be accepted and you'll be taken back to the rule selection box. You can then add more rules by pressing A or you can insert new rules at any point by pressing I. Should you make a mistake, you can press Enter to edit the selected filter. You may enter as many sets of parameters as you wish. Press Ctrl+X when done. Note Because of the major changes in the filtering system since IPTraf 2.7, old filters will no longer work and will have to be redefined.
The IP filter parameters dialog
Examples To see all traffic to/from host 202.47.132.1 from/to 207.0.115.44, regardless of TCP port Host name/IP Address202.47.132.2207.0.115.44 Wildcard mask255.255.255.255255.255.255.255 Port00 ProtocolsTCP: Y Include/ExcludeI Match oppositeY To see all traffic from host 207.0.115.44 to all hosts on network 202.47.132.x Host name/IP Address207.0.115.44202.47.132.0 Wildcard mask255.255.255.255255.255.255.0 Port00 ProtocolsAll IP: Y Include/ExcludeI Match oppositeN To see all Web traffic (to and from port 80) regardless of source or destination Host name/IP Address0.0.0.00.0.0.0 Wildcard mask0.0.0.00.0.0.0 Port800 ProtocolsTCP: Y Include/ExcludeI Match oppositeY To see all IRC traffic from port 6666 to 6669 Host name/IP Address0.0.0.00.0.0.0 Wildcard mask0.0.0.00.0.0.0 Port06666 to 6669 ProtocolsTCP: Y Include/ExcludeI Match oppositeY To see all DNS traffic, (TCP and UDP, destination port 53) regardless of source or destination Host name/IP Address0.0.0.00.0.0.0 Wildcard mask0.0.0.00.0.0.0 Port053 ProtocolsTCP: Y UDP: Y Include/ExcludeI Match oppositeY To see all mail (SMTP) traffic to a single host (202.47.132.2) from anywhere Host name/IP Address0.0.0.0202.47.132.2 Wildcard mask0.0.0.0255.255.255.255 Port025 ProtocolsTCP: Y Include/ExcludeI Match oppositeN To see traffic from from/to host sunsite.unc.edu to/from cebu.mozcom.com Host name/IP Addresssunsite.unc.educebu.mozcom.com Wildcard mask255.255.255.255255.255.255.255 Port00 ProtocolsAll IP: Y Include/ExcludeI Match oppositeY To omit display of traffic to/from 140.66.5.x from/to anywhere Host name/IP Address140.66.5.00.0.0.0 Wildcard mask255.255.255.00.0.0.0 Port00 ProtocolsAll IP: Y Include/ExcludeE Match oppositeY You can enter as many parameters as you wish. All of them will be interpreted until the first match is found. Excluding Certain Sites Filters follow an implicit "no-match" policy, that is, only packets matching defined rules will be matched, others will be filtered out. This is similar to the access-list policy "whatever is not explicitly permitted is denied". If you want to show all traffic to/from everywhere, except certain places, you can specify the sites you wish to exclude, mark them with E in the Include/Exclude field, and define a general catch-all entry with source address 0.0.0.0, mask 0.0.0.0, port 0, and destination 0.0.0.0, mask 0.0.0.0, port 0, tagged with an I in the Include/Exclude field as the last entry. For example: To see all traffic except all SMTP (both directions), Web (both directions), and traffic (only) from 207.0.115.44 Host name/IP address0.0.0.00.0.0.0 Wildcard mask0.0.0.00.0.0.0 Port250 ProtocolsTCP: Y Include/ExcludeE Match oppositeY Host name/IP address0.0.0.0 0.0.0.0 Wildcard mask0.0.0.00.0.0.0 Port800 ProtocolsTCP: Y Include/ExcludeE Match oppositeY Host name/IP address207.0.115.440.0.0.0 Wildcard mask255.255.255.2550.0.0.0 Port00 ProtocolsAll IP: Y Include/ExcludeE Match oppositeN Host name/IP address0.0.0.00.0.0.0 Wildcard mask0.0.0.00.0.0.0 Port00 ProtocolsAll IP: Y Include/ExcludeI Match oppositeN Tip To filter out all TCP, define a filter with a single entry, with a source of 0.0.0.0 mask 0.0.0.0 port 0, and a destination of 0.0.0.0 mask 0.0.0.0 port 0, with the Include/Exclude field marked E (exclude). Then apply this filter. Applying a Filter The above steps only add the filter to a defined list. To actually apply the filter, you must select Apply filter... from the menu. You will be presented with a list of filters you already defined. Select the one you want to apply, and press Enter. The applied filter stays in effect over exits and restarts of the IPTraf program until it is detached. Editing a Defined Filter Select Edit filter... to modify an existing filter. Once you select this option, you will be presented with the list of defined filters. Select the filter you want to edit by moving the selection bar and press Enter. Edit the description if you wish. Pressing Ctrl+X at this point will abort the operation, and the filter will remain unmodified. Press Enter to accept any changes to the filter description. After pressing Enter, you will see the filter's rules. To edit an existing filter rule, move the selection bar to the desired entry and press Enter. A prefilled dialog box will appear. Edit its contents as desired. Press Enter to accept the changes or Ctrl+X to discard. You can add a new filter rule by pressing I to insert at the selection bar's current position. When you press I, you will be presented with a dialog box asking you to enter the new rule data. Pressing A results in a similar operation, except the rule will be appended as the last entry in the rule list. Pressing D deletes the currently pointed entry. Press X or Ctrl+X to end the edit and save the changes. Note If you're editing the currently applied filter, you will need to re-apply the filter for the changes to take effect. Note Be aware that the filter processes the rules in order. In other words, if a packet matches more than one rule, only the first matching rule is followed. Deleting a Defined Filter Select Delete filter... from the menu to remove a filter from the list. Just move the selection bar to the filter you want to delete, and press Enter. Detaching a Filter The Detach filter option deactivates the filter currently in use. Selecting this option causes all TCP traffic to be passed to the monitors. When you're done with the menu, just select the Exit menu option. ARP, RARP, and other Non-IP Packet Filters The Non-IP filter option toggles the display and logging of all non-IP packets, except ARP and RARP, which are toggled separately. Configuring IPTraf IPTraf can be easily configured with the Configure... item in the main menu. The configuration is stored in the /var/local/iptraf/iptraf.cfg file. If the file is not found, IPTraf uses the default settings. Any changes to the configuration immediately get stored in the configuration file.
The IPTraf configuration menu
Toggles Reverse DNS Lookups Activating reverse lookup causes IPTraf to find out the name of the hosts with the addresses in the IP packets. When this option is enabled, IPTraf's IP traffic monitor starts the rvnamed DNS lookup server to help resolve IP addresses in the background while allowing IPTraf to continue capturing packets. This option is off by default. TCP/UDP Service Names This option, when on, causes IPTraf to display the TCP/UDP service names (smtp, www, pop3, etc.) instead of their numeric ports (25, 80, 110, etc). The number-to-name mappings will depend on the systems services database file (usually /etc/services). Should there be no corresponding service name for the port number, the numeric form will still be displayed. This setting is off by default. Note Reverse lookup and service name lookup take some time and may impact performance and increase the chances of dropped packets. Performance and results are best (albeit more cryptic) with both these settings off. Force promiscuous If this option is enabled, your LAN interfaces will capture all packets on your LAN. Using this option enables you to see all TCP connections and packets passing your LAN segment, even if they're not from or for your machine. When this option is active in the statistics windows, the Activity indicators will show a good estimate of the load on your LAN segment. When this option is disabled, you'll only receive information about packets coming from and entering your machine. The setting of this option affects all LAN ( Ethernet, FDDI, some Token Ring) interfaces on your machine, if you have more than one. The interface's promiscuous flag is set only when a facility is started, and turned off when it exits. However, if promiscuous mode was already set when a facility was started, it remains set on exit. If multiple instances of IPTraf are started, the promiscuous setting is restored only upon exit of the last facility. Note Do not use other programs that change the interface's promiscuous flag at the same time you're using IPTraf. The programs can interfere with each other's expected operations. While IPTraf tries to obtain the initial setting of any promiscuous flags for restoration upon exit, other programs may not be as well-behaved, and they may turn off the promiscuous flags while IPTraf is still monitoring. Color Turn this on with color monitors. Turn it off with black-and- white monitors or non-color terminals (like xterms). Changes to this setting will take effect the next time the program is started. Color is on by default on consoles and color xterms, off on non-color terminals like xterms and VT100s. Logging When this option is active, IPTraf will log information to a disk file, which can be examined or analyzed later. Since IPTraf 2.4.0, IPTraf prompts you for the name of the file to which to write the logs. It will provide a default name, which you are free to accept or change. The IP traffic monitor and LAN station monitor will generate a log file name that is based on what instance they are (first, second, and so on). The general interface statistics' default log file name is constant, because it listens to all interfaces at once, and only one instance can run at one time. The other facilities generate a log file name based on the interface they're listening on. See the descriptions on the facilities above for the default log file names. Press Enter to accept the log file name, or Ctrl+X to cancel. Canceling will turn logging off for that session. The IP traffic monitor will write the following pieces of information to its log file: Start of the traffic monitor Receipt of the first TCP packet for a connection. If that packet is a SYN, (SYN) will be indicated in the log entry. (Of course, the traffic monitor may start in the middle of established connections. It will still count those packets. This also explains why some connection entries may become idle if the traffic monitor is started in the middle of a half-closed connection, and miss the first FIN. Such entries time out in a while.) Receipt of a FIN (with average flow rate) ACK of a FIN Timeouts of TCP entries (with average flow rate) Reset connections (with average flow rate) Everything that appears in the bottom window of the traffic monitor Stopping of the traffic monitor Each log entry includes the date and time the entry was written. Logging is also affected by the defined filters. Log files can grow very fast, so be prepared with plenty of free space and delete unneeded logs. Log write errors are not indicated. Copies of the interface statistics, TCP/UDP statistics, packet size statistics, and LAN host statistics are also written to the log files at regular intervals. See Log Interval... in this chapter. IPTraf closes and reopens the active log file when it receives a USR1 signal. This is useful in cases where a facility is run for long periods of time but the log files have to be cleared or moved. To clear or move an active log file, rename it first. IPTraf will continue to write to the file despite the new name. Then use the UNIX kill command to send the running IPTraf process a USR1 signal. IPTraf will then close the log file and open another with the original name. You can then safely remove or delete the renamed file. Do not delete an open log file. Doing so will only result in a file just as large but filled with null characters (ASCII code 0). Logging comes disabled by default. The USR1 signal is caught only if logging is enabled, it is ignored otherwise. A valid specification of -L on the command line with automatically enable logging for that particular session. The saved configuration setting is not affected. Activity mode Toggles activity indicators in the interface and LAN statistics facilities between kilobits per second (kbits/s) or kilobytes per second (kbytes/s). The default setting is kilobits per second. Source MAC addrs in traffic monitor When enabled, the IP traffic monitor retrieves the packets' source MAC addresses if they came in on an Ethernet, FDDI, or PLIP interface. The addresses appear in the lower window for non-TCP packets, while for TCP connections, they can be viewed by pressing M. No such information is displayed if the network interface doesn't use MAC addresses (such as PPP interfaces). This can be used to determine the actual source of the packets on your local LAN. The traffic monitor also logs the MAC addresses with this option enabled. The default setting is off. Timers The Timers... submenu allows you to IPTraf's interval and timeout functions.
The Timers configuration submenu
TCP Timeout This figure determines the amount of time (in minutes) a connection entry may remain idle before it becomes eligible for replacement by a new connection. The default is 15 minutes. You may want to reduce this on an isolated (not connected to the Internet) LAN or a LAN connected to the Internet with high-speed links. Just enter the new value and press Enter. You can press Ctrl+X to leave the current value unchanged. Log Interval This figure determines the number of minutes between logging of interface statistics, TCP/UDP figures, and LAN host statistics. The default is 60 minutes. This figure is meaningless if logging is disabled. This configuration item can be overridden with the -I when a facility is directly invoked from the command line (not accessed via the main menu), and remains effective for that particular session. The configured value is not affected. Screen Update Interval This value determines the rate in seconds at which the screen is updated. The default is 0, which means the screen is updated as fast as possible, giving close-to-realtime reflection of network activity. However, this high-speed update can cause incredible amounts of traffic if IPTraf is run on a remote terminal (e.g. a Telnet or Secure Shell session). You can set this to a higher value, such as 1 or 2 seconds to slow down the updates. This figure does not affect the rate of data capture. Only the screen refresh is affected. The figures are still updated as fast as possible, although the figure display will no longer be as close to realtime. The default setting is 0, which shouldn't be a problem on the console. Set it to a slightly higher value on remote terminals or slow links. The setting affects all monitoring facilities. Note Updating the screen is one of the slowest operations in a program. Older versions of IPTraf had a problem once network activity became very high. Because each packet caused a screen update, IPTraf began spending more time with the screen updates, causing a loss of packets once network activity reached a certain point. However, since many users like rapid counts on their screen, a compromise was incorporated. Even when the screen update interval is set to 0, there is still a 50ms delay between screen updates (except the LAN station monitor, which has a 100 ms delay). This is still visually fast, but provides more time to the packet capture routine. Higher delays may result in better accuracy of counts and activity. In any case, this setting only affects screen updates. Capture still proceeds as fast as possible. TCP closed/idle persistence This parameter determines the interval (in minutes) at which the IP Traffic Monitor clears from the TCP display window all closed, idle, and timed out entries. Enter 0 to keep such entries on the screen indefinitely, disappearing only when replaced by new connections. Note The TCP timeout... option only tells IPTraf how long it should take before a connection should be considered idle and open to replacement by new connections. This does not determine how long it remains onscreen. The TCP closed/idle persistence... parameter flushes entries that have been closed or reset, or idle for the number of minutes defined by the TCP timeout... option. Custom Information The remaining configuration items allow you to enter information which IPTraf uses for its displays and logs. Additional ports Select this item to enter a port number to be included in the TCP/UDP counts in the TCP/UDP service statistics main menu item described above. By default, port numbers above 1023 are not monitored. If you do have a higher-numbered port to monitor, enter it here. You will see two fields. If you have only one port to enter, just fill up the first field. To specify a range, fill both fields, the first port in the first field, the last port in the second field. You can select this option multiple times to add more values or ranges. Delete port/range Select this item to remove a higher-numbered port number or port range you entered earlier with the Additional ports... option. A window will come up containing the entered ports and ranges. Select the entry you want delete and press Enter. LAN Station Identifiers The LAN station statistics facility monitors stations based on their respective MAC addresses. The hexadecimal notation of these addresses make them even more difficult to remember than the dotted-decimal IP addresses, so these facilities were added to help you better determine which station is which. Selecting the Ethernet/PLIP host descriptions... or FDDI/Token Ring host descriptions... options brings up a submenu asking you to add, edit, or delete descriptions. To add a new description, select the Add description... option. A dialog box will appear, asking you for the MAC address and an appropriate description. Type in the address in hexadecimal notation with no punctuation of any kind. The dialog box is case-insensitive for the address; the alphabetical digits A to F will be stored in lowercase. Use the Tab key to move between fields and Enter to accept. Press Ctrl+X to discard this dialog and return to the main menu. The description may be anything: the IP address, a fully-qualified domain name, or a description of your liking as long as the field can hold. Enter as many descriptions as you need. Press Ctrl+X at a blank dialog after you have entered the last entry These descriptions will be displayed alongside the MAC addresses in the LAN station monitor, together with the type of frame (Ethernet, PLIP, or FDDI). An existing address or description may be edited by selecting the Edit description... option from the submenu. A panel will appear with a list of existing address descriptions. Select the one you wish to edit and press Enter. A dialog box identical to that when you add a description will appear with prefilled fields. Just backspace over and edit the fields. Press Enter to accept or Ctrl+X to cancel. Selecting the Delete description... submenu item brings up the selection panel. Select the description you want to delete and press Enter. You can also press Ctrl+X to cancel the operation. IPTraf 2.4 and later also recognizes the /etc/ethers file. Should a hardware address be present in the IPTraf definition files and in /etc/ethers, the IPTraf definition will be used. Note The description file for Ethernet and PLIP is ethernet.desc, while the FDDI and Token Ring mappings are stored in fddi.desc in the IPTraf working directory. These files are in colon-delimited text format. Database engines or custom scripts can be told to append data lines to those files. Each line follows this simple format: address:description For example 00201e457e:Cisco 3640 gateway Do not put colons, periods, or any invalid characters in the MAC address. Background Operation IPTraf's facilities can be placed in the background solely for logging. When running in the background, it doesn't display any output on the screen, and doesn't receive input from the keyboard, and drops you back to the shell. Before starting a statistical facility in the background, configure IPTraf in the usual way (set filters, add TCP/UDP ports, etc). Once that's done, exit all instances of IPTraf on the system, then invoke IPTraf from the command line with the parameter to start the facility you want, the timeout (-t) parameter if you wish, and the -B parameter to actually daemonize the program. For example, to run the IP traffic monitor in the background for all interfaces, issue the command iptraf -i all -B To run the detailed interface statistics on interface eth0 for 5 minutes in the background: iptraf -d eth0 -t 5 -B If the timeout parameter is not specified, the facility will run until the process receives a USR2 signal. To stop a facility in the background, do a ps x at the command line, and find the process id (pid) of the iptraf process you're looking for. Then send that process a USR2 signal with the kill command: kill -USR2 pid Since IPTraf cannot send error messages to the terminal, all messages are written to the file daemon.log in the IPTraf logging directory. The -B parameter automatically enables logging regardless of its configured setting. The parameter is ignored if not used with one of the parameters to start a facility from the command line. The log file can be specified with the -L command-line parameter. If this parameter is not specified, the default log file name for the facility will be used (see the descriptions of the facilities above for the default log name patterns). If you don't specify an path, the log file will be placed in /var/log/iptraf. The logging interval for all facilities (except the IP traffic monitor) can also be overriden with the -I command-line parameter. Messages IPTraf's messages are presented in two ways. In interactive mode, messages are displayed in a distictive message box. In daemon (background) mode, appropriate messages are written to the iptraf.log file in the IPTraf log directory (normally /var/log/iptraf. IPTraf Messages Unable to create config file IPTraf cannot create the configuration file. The most likely cause of this is that you didn't properly install the program, and the necessary directory /var/local/iptraf does not exist. Can also be generated if you have a disk problem or if you have too many files open. Unable to read config file The configuration record cannot be read. You most likely have a disk problem. Unable to write config file The configuration file cannot be written. You either have a disk problem, or (more likely), your disk is full. Enter an appropriate description for this filter Enter something to clearly describe the filter you are defining. Error loading filter list file IPTraf cannot access the list of defined TCP or UDP filters. Can also be an indicator of a bad disk. Error writing filter list file The filter list file cannot be written to. You may have trouble accessing your filters. Unable to read TCP/UDP/misc IP filter file IPTraf cannot read the filter data off the file. Could be caused by a bad disk. Error opening filter data file IPTraf cannot open the filter file. Could be caused by a shortage of file descriptors or a bad disk. Unable to write filter data IPTraf cannot add the newly defined filter to the filter list. This may be due to a bad disk. Cannot create filter data file IPTraf cannot create the filter record file. The defined filter is lost. Unable to save filter changes IPTraf cannot save the changes you made to the filter. You probably have a disk error. Unable to write filter state information The current state of the filters cannot be saved. IPTraf will be unable to correctly reload the filters the next time it's started. This can be caused by a bad disk or improper installation. Unable to save interface flags IPTraf was unable to save the flags of the network interfaces. This is probably due to a bad installation or full filesystem. Unable to retrieve saved interface flags IPTraf was unable to retrieve the save interface flags. Probably again due to a bad installation or full filesystem. protocol filter data file in use; try again later Filter state file in use; try again later Another IPTraf process is modifying the TCP, UDP or miscellaneous IP filter data or the filter state file and has locked the files or file. Try again once the other IPTraf process has terminated or completed its modifications and unlocked the files. Unable to resolve hostname The indicated host name in the filter cannot be resolved into an IP address. Check the local hosts database /etc/hosts or your machine's DNS configuration or DNS server. The filter parameters will not be used. Unable to open host description file IPTraf cannot open the file containing the descriptions for Ethernet or FDDI addresses. Could be due to a bad disk or a hit on the file descriptor limit. Unable to write host description IPTraf was unable to write the description record for this Ethernet or FDDI address. Could be due to a bad disk or corrupted filesystem. No descriptions You tried to edit or delete a description with no previous descriptions defined. Cannot open log file There is a problem opening the log file. There is most likely a problem with the disk, or there are too many open files. Unable to obtain interface list IPTraf was unable to retrieve the list of network interfaces from the /proc filesystem. This may be due to a badly configured kernel. IPTraf needs /proc filesystem support. No active interfaces. Check their status or the /proc filesystem. IPTraf found no active interfaces. Either all interfaces are down or the /proc/net/dev file was empty or unavailable. Activate at least one interface or check the /proc/net/dev file. Unable to obtain interface parameters for interface The system call to retrieve the interface's flags failed. Check your interface or kernel driver. Promisc change failed for interface The system call to change the promiscuous flag failed. Check your interface or its kernel driver. Unable to open raw socket for flag change IPTraf was unable to open the necessary socket for the promiscuous change operation. May be due to a shortage of file descriptors. Unable to open socket for MTU determination Returned by the facility for detailed interface statistics if the raw socket's opening sequence failed. The facility will abort. Unable to open raw socket IPTraf was unable to open the raw socket for packet capture. May be due to a shortage of file descriptors. Reminder IPTraf 2.x.x requires Linux kernel 2.2.x, with the Packet Socket option compiled in or installed as a module. IPTraf 2.x will return this error on a pre-2.2 kernel or on a 2.2 kernel without Packet Socket. Unable to obtain interface MTU The detailed statistics facility was unable to obtain the maximum transmission unit (MTU) for the selected interface. The facility will abort. Specified interface not supported The interface specified with the -i, -d, -s, -l, or -z command-line parameters is not supported by IPTraf. Specified interface not active The interface specified with the -i, -d, -s, -l, or -z command-line parameters is supported, but not currently activated. Fatal: memory allocation error May occur if you have too little memory to allocate for windows, the menu system, or dialog boxes. IPTraf tries to prevent further allocations if memory runs out during a monitor. However, this could also mean a bug if you're reasonably sure you're not out of memory. An instructional message on bug reporting follows this message. Technical note This is actually a response to the segmentation fault error (SIGSEGV). This program can be run only by the system administrator IPTraf normally does not allow anybody but uid 0 (root) to run it. This measure is included for safety reasons. See the section on recompiling the program below if you want to override this. This feature is built in, and not part of the configuration Your TERM variable is not set The TERM (terminal type) environment variable must be set to a valid terminal type so that the screen management routines can function properly. Set it to the appropriate terminal type. Linux consoles typically have their TERM variables set to linux. Received TERM signal Not related to the previous message. The TERM (terminate) signal is normally used to gracefully shut down a program. This message simply indicates that the TERM signal was caught and IPTraf is attempting to shut down as gracefully as possible. Invalid option or missing parameter, use iptraf -h for help The -i, -d, -s, -l, or -z options were specified but no interface was specified on the command line. These parameters require a valid interface name (or all for -i or -l). This message also appears if an unknown option is passed to the iptraf command. Warning: unable to tag this process IPTraf normally tags itself when it runs to prevent multiple instances of the statistical facilities from running. This message means the program was unable to create the necessary tag file. This may be due to a bad or improper installation. Try running the make install procedure or the Setup in the distribution's top-level directory. Warning: unable to tag facility IPTraf was unable to create the tag file for the facility you started. The facility will still run, but other instances of IPTraf that may be running simultaneously will allow the same facility to run. This may cause both instances of the facility to malfunction. This could be due to a bad disk or bad installation. facility already running/listening on interface The facility you tried to start is currently running on the indicated interface in another IPTraf process on the machine. This restriction is placed to prevent conflicts involving internal sockets or the log files. General interface statistics already active in another process Only one instance of the general interface statistics can run at a time. Duplicate port/range entry You entered a port number or range that was already added to the list of additional ports to be monitored by the TCP/UDP service monitor No custom ports There are no ports or port ranges earlier added. There's nothing to delete. Can't start rvnamed; lookups will block IPTraf cannot start the rvnamed daemon; probably due to a bad installation. IPTraf will fall back to blocking lookups. Can't spawn new process; lookups will block IPTraf cannot start a new process. This may be due to memory shortage. IPTraf will fall back to blocking lookups. Fork error, IPTraf cannot run in background IPTraf cannot start a new process, and can go into the background. This may be due to memory shortage. IPTraf aborts. No memory for new filter entry IPTraf was unable to allocate memory for a new filter entry. Most likely due to memory shortage. Memory Low This indicator appears if memory runs low due to a lot of entries in a facility. Should critical functions fail (window creation, internal allocation), the program could terminate with a segmentation violation. Note Any message or indicator about low memory means that your system does not have enough memory to handle the entries. It is almost certain that sooner or later, IPTraf or other applications will abort due to the failure of important system calls or library functions. Memory must be added right away. IPC Error This indicator appears if an error occurs receiving data from the rvnamed program (IPC stands for Interprocess Communication). This indication should not occur under normal circumstances. Report instances of this condition and the circumstances under which it happens. You may also include data from the rvnamed.log file. Error opening terminal: terminal The screen management routines cannot find the terminfo entry for your terminal. IPTraf expects the terminfo database located in /usr/share/terminfo. This error could occur when your terminfo database is located somewhere else. See the section on controlling the terminfo search path. This will end your IPTraf session In interactive mode IPTraf asks you to confirm your exit command. Press Enter to return to the shell or any other key to cancel your command and return to the main menu. rvnamed Messages As a daemon, rvnamed does not send messages to the screen. It writes its messages to the file rvnamed.log in the IPTraf log directory. Unable to open child communication socket rvnamed was unable to open the communication endpoint for data reception from the children it creates. This is highly unusual, and should it occur, report the circumstances. Unable to open client communication socket rvnamed was unable to open the communication endpoint for data exchange with the IPTraf program. This is highly unusual, and should it occur, report the circumstances. Error binding client communication socket Error binding child communication socket rvnamed was unable to assign a name to the indicated communication socket. This may be due to a bad, full, or corrupted filesystem. Fatal error: no memory for descriptor monitoring rvnamed ran out of memory. IPTraf will resort to blocking, and may freeze. Error on fork, returning IP address rvnamed had a problem spawning a copy of itself to resolve the IP address. rvnamed will simply return the IP address in its literal, dotted-decimal notation. IPTraf will still function normally. This may be due to lack of memory or a process limit hit. Maximum child process limit reached rvnamed has reached its maximum number of child processes. This is intended as a "brake" to prevent too many rvnamed children from hogging your computer's resources and possibly crashing it. Unless IPTraf is monitoring an extremely busy network without filters, this shouldn't happen, at least, not that often. If you notice this message, try applying filters or check your DNS server. Many times, this can happen when the DNS server goes down for whatever reason, and you have rvnamed children taking too long to resolve. GNU Free Documentation License Version 1.1, March 2000
Copyright (C) 2000 Free Software Foundation, Inc. 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA Everyone is permitted to copy and distribute verbatim copies of this license document, but changing it is not allowed.
PREAMBLE The purpose of this License is to make a manual, textbook, or other written document "free" in the sense of freedom: to assure everyone the effective freedom to copy and redistribute it, with or without modifying it, either commercially or noncommercially. Secondarily, this License preserves for the author and publisher a way to get credit for their work, while not being considered responsible for modifications made by others. This License is a kind of "copyleft", which means that derivative works of the document must themselves be free in the same sense. It complements the GNU General Public License, which is a copyleft license designed for free software. We have designed this License in order to use it for manuals for free software, because free software needs free documentation: a free program should come with manuals providing the same freedoms that the software does. But this License is not limited to software manuals; it can be used for any textual work, regardless of subject matter or whether it is published as a printed book. We recommend this License principally for works whose purpose is instruction or reference. APPLICABILITY AND DEFINITIONS This License applies to any manual or other work that contains a notice placed by the copyright holder saying it can be distributed under the terms of this License. The "Document", below, refers to any such manual or work. Any member of the public is a licensee, and is addressed as "you". A "Modified Version" of the Document means any work containing the Document or a portion of it, either copied verbatim, or with modifications and/or translated into another language. A "Secondary Section" is a named appendix or a front-matter section of the Document that deals exclusively with the relationship of the publishers or authors of the Document to the Document's overall subject (or to related matters) and contains nothing that could fall directly within that overall subject. (For example, if the Document is in part a textbook of mathematics, a Secondary Section may not explain any mathematics.) The relationship could be a matter of historical connection with the subject or with related matters, or of legal, commercial, philosophical, ethical or political position regarding them. The "Invariant Sections" are certain Secondary Sections whose titles are designated, as being those of Invariant Sections, in the notice that says that the Document is released under this License. The "Cover Texts" are certain short passages of text that are listed, as Front-Cover Texts or Back-Cover Texts, in the notice that says that the Document is released under this License. A "Transparent" copy of the Document means a machine-readable copy, represented in a format whose specification is available to the general public, whose contents can be viewed and edited directly and straightforwardly with generic text editors or (for images composed of pixels) generic paint programs or (for drawings) some widely available drawing editor, and that is suitable for input to text formatters or for automatic translation to a variety of formats suitable for input to text formatters. A copy made in an otherwise Transparent file format whose markup has been designed to thwart or discourage subsequent modification by readers is not Transparent. A copy that is not "Transparent" is called "Opaque". Examples of suitable formats for Transparent copies include plain ASCII without markup, Texinfo input format, LaTeX input format, SGML or XML using a publicly available DTD, and standard-conforming simple HTML designed for human modification. Opaque formats include PostScript, PDF, proprietary formats that can be read and edited only by proprietary word processors, SGML or XML for which the DTD and/or processing tools are not generally available, and the machine-generated HTML produced by some word processors for output purposes only. The "Title Page" means, for a printed book, the title page itself, plus such following pages as are needed to hold, legibly, the material this License requires to appear in the title page. For works in formats which do not have any title page as such, "Title Page" means the text near the most prominent appearance of the work's title, preceding the beginning of the body of the text. VERBATIM COPYING You may copy and distribute the Document in any medium, either commercially or noncommercially, provided that this License, the copyright notices, and the license notice saying this License applies to the Document are reproduced in all copies, and that you add no other conditions whatsoever to those of this License. You may not use technical measures to obstruct or control the reading or further copying of the copies you make or distribute. However, you may accept compensation in exchange for copies. If you distribute a large enough number of copies you must also follow the conditions in section 3. You may also lend copies, under the same conditions stated above, and you may publicly display copies. COPYING IN QUANTITY If you publish printed copies of the Document numbering more than 100, and the Document's license notice requires Cover Texts, you must enclose the copies in covers that carry, clearly and legibly, all these Cover Texts: Front-Cover Texts on the front cover, and Back-Cover Texts on the back cover. Both covers must also clearly and legibly identify you as the publisher of these copies. The front cover must present the full title with all words of the title equally prominent and visible. You may add other material on the covers in addition. Copying with changes limited to the covers, as long as they preserve the title of the Document and satisfy these conditions, can be treated as verbatim copying in other respects. If the required texts for either cover are too voluminous to fit legibly, you should put the first ones listed (as many as fit reasonably) on the actual cover, and continue the rest onto adjacent pages. If you publish or distribute Opaque copies of the Document numbering more than 100, you must either include a machine-readable Transparent copy along with each Opaque copy, or state in or with each Opaque copy a publicly-accessible computer-network location containing a complete Transparent copy of the Document, free of added material, which the general network-using public has access to download anonymously at no charge using public-standard network protocols. If you use the latter option, you must take reasonably prudent steps, when you begin distribution of Opaque copies in quantity, to ensure that this Transparent copy will remain thus accessible at the stated location until at least one year after the last time you distribute an Opaque copy (directly or through your agents or retailers) of that edition to the public. It is requested, but not required, that you contact the authors of the Document well before redistributing any large number of copies, to give them a chance to provide you with an updated version of the Document. MODIFICATIONS You may copy and distribute a Modified Version of the Document under the conditions of sections 2 and 3 above, provided that you release the Modified Version under precisely this License, with the Modified Version filling the role of the Document, thus licensing distribution and modification of the Modified Version to whoever possesses a copy of it. In addition, you must do these things in the Modified Version: Use in the Title Page (and on the covers, if any) a title distinct from that of the Document, and from those of previous versions (which should, if there were any, be listed in the History section of the Document). You may use the same title as a previous version if the original publisher of that version gives permission. List on the Title Page, as authors, one or more persons or entities responsible for authorship of the modifications in the Modified Version, together with at least five of the principal authors of the Document (all of its principal authors, if it has less than five). State on the Title page the name of the publisher of the Modified Version, as the publisher. Preserve all the copyright notices of the Document. Add an appropriate copyright notice for your modifications adjacent to the other copyright notices. Include, immediately after the copyright notices, a license notice giving the public permission to use the Modified Version under the terms of this License, in the form shown in the Addendum below. Preserve in that license notice the full lists of Invariant Sections and required Cover Texts given in the Document's license notice. Include an unaltered copy of this License. Preserve the section entitled "History", and its title, and add to it an item stating at least the title, year, new authors, and publisher of the Modified Version as given on the Title Page. If there is no section entitled "History" in the Document, create one stating the title, year, authors, and publisher of the Document as given on its Title Page, then add an item describing the Modified Version as stated in the previous sentence. Preserve the network location, if any, given in the Document for public access to a Transparent copy of the Document, and likewise the network locations given in the Document for previous versions it was based on. These may be placed in the "History" section. You may omit a network location for a work that was published at least four years before the Document itself, or if the original publisher of the version it refers to gives permission. In any section entitled "Acknowledgements" or "Dedications", preserve the section's title, and preserve in the section all the substance and tone of each of the contributor acknowledgements and/or dedications given therein. Preserve all the Invariant Sections of the Document, unaltered in their text and in their titles. Section numbers or the equivalent are not considered part of the section titles. Delete any section entitled "Endorsements". Such a section may not be included in the Modified Version. Do not retitle any existing section as "Endorsements" or to conflict in title with any Invariant Section. If the Modified Version includes new front-matter sections or appendices that qualify as Secondary Sections and contain no material copied from the Document, you may at your option designate some or all of these sections as invariant. To do this, add their titles to the list of Invariant Sections in the Modified Version's license notice. These titles must be distinct from any other section titles. You may add a section entitled "Endorsements", provided it contains nothing but endorsements of your Modified Version by various parties--for example, statements of peer review or that the text has been approved by an organization as the authoritative definition of a standard. You may add a passage of up to five words as a Front-Cover Text, and a passage of up to 25 words as a Back-Cover Text, to the end of the list of Cover Texts in the Modified Version. Only one passage of Front-Cover Text and one of Back-Cover Text may be added by (or through arrangements made by) any one entity. If the Document already includes a cover text for the same cover, previously added by you or by arrangement made by the same entity you are acting on behalf of, you may not add another; but you may replace the old one, on explicit permission from the previous publisher that added the old one. The author(s) and publisher(s) of the Document do not by this License give permission to use their names for publicity for or to assert or imply endorsement of any Modified Version. COMBINING DOCUMENTS You may combine the Document with other documents released under this License, under the terms defined in section 4 above for modified versions, provided that you include in the combination all of the Invariant Sections of all of the original documents, unmodified, and list them all as Invariant Sections of your combined work in its license notice. The combined work need only contain one copy of this License, and multiple identical Invariant Sections may be replaced with a single copy. If there are multiple Invariant Sections with the same name but different contents, make the title of each such section unique by adding at the end of it, in parentheses, the name of the original author or publisher of that section if known, or else a unique number. Make the same adjustment to the section titles in the list of Invariant Sections in the license notice of the combined work. In the combination, you must combine any sections entitled "History" in the various original documents, forming one section entitled "History"; likewise combine any sections entitled "Acknowledgements", and any sections entitled "Dedications". You must delete all sections entitled "Endorsements." COLLECTIONS OF DOCUMENTS You may make a collection consisting of the Document and other documents released under this License, and replace the individual copies of this License in the various documents with a single copy that is included in the collection, provided that you follow the rules of this License for verbatim copying of each of the documents in all other respects. You may extract a single document from such a collection, and distribute it individually under this License, provided you insert a copy of this License into the extracted document, and follow this License in all other respects regarding verbatim copying of that document. AGGREGATION WITH INDEPENDENT WORKS A compilation of the Document or its derivatives with other separate and independent documents or works, in or on a volume of a storage or distribution medium, does not as a whole count as a Modified Version of the Document, provided no compilation copyright is claimed for the compilation. Such a compilation is called an "aggregate", and this License does not apply to the other self-contained works thus compiled with the Document, on account of their being thus compiled, if they are not themselves derivative works of the Document. If the Cover Text requirement of section 3 is applicable to these copies of the Document, then if the Document is less than one quarter of the entire aggregate, the Document's Cover Texts may be placed on covers that surround only the Document within the aggregate. Otherwise they must appear on covers around the whole aggregate. TRANSLATION Translation is considered a kind of modification, so you may distribute translations of the Document under the terms of section 4. Replacing Invariant Sections with translations requires special permission from their copyright holders, but you may include translations of some or all Invariant Sections in addition to the original versions of these Invariant Sections. You may include a translation of this License provided that you also include the original English version of this License. In case of a disagreement between the translation and the original English version of this License, the original English version will prevail. TERMINATION You may not copy, modify, sublicense, or distribute the Document except as expressly provided for under this License. Any other attempt to copy, modify, sublicense or distribute the Document is void, and will automatically terminate your rights under this License. However, parties who have received copies, or rights, from you under this License will not have their licenses terminated so long as such parties remain in full compliance. FUTURE REVISIONS OF THIS LICENSE The Free Software Foundation may publish new, revised versions of the GNU Free Documentation License from time to time. Such new versions will be similar in spirit to the present version, but may differ in detail to address new problems or concerns. See http://www.gnu.org/copyleft/. Each version of the License is given a distinguishing version number. If the Document specifies that a particular numbered version of this License "or any later version" applies to it, you have the option of following the terms and conditions either of that specified version or of any later version that has been published (not as a draft) by the Free Software Foundation. If the Document does not specify a version number of this License, you may choose any version ever published (not as a draft) by the Free Software Foundation. How to use this License for your documents To use this License in a document you have written, include a copy of the License in the document and put the following copyright and license notices just after the title page:
Copyright (c) YEAR YOUR NAME. Permission is granted to copy, distribute and/or modify this document under the terms of the GNU Free Documentation License, Version 1.1 or any later version published by the Free Software Foundation; with the Invariant Sections being LIST THEIR TITLES, with the Front-Cover Texts being LIST, and with the Back-Cover Texts being LIST. A copy of the license is included in the section entitled "GNU Free Documentation License".
If you have no Invariant Sections, write "with no Invariant Sections" instead of saying which ones are invariant. If you have no Front-Cover Texts, write "no Front-Cover Texts" instead of "Front-Cover Texts being LIST"; likewise for Back-Cover Texts. If your document contains nontrivial examples of program code, we recommend releasing these examples in parallel under your choice of free software license, such as the GNU General Public License, to permit their use in free software. iptraf-3.0.0/Documentation/.xvpics/0040755000076400000000000000000007603007365016064 5ustar rikerrootiptraf-3.0.0/Documentation/.xvpics/iptraf-tcpflt-dlg2.png0100644000076400000000000000774407523663270022214 0ustar rikerrootP7 332 #IMGINFO:562x352 RGB (6728 bytes) #END_OF_COMMENTS 80 50 255 %%%%%%%%%%%$$$$%%%%%&JJmnJn&&&%'&&&&%'&&&''&&&&''&&&'%&&&&'%&&&&%'&&&&%'&&&nJ&J&&&&''&&&'%&&&&'%&&&&%'&&&&%'&&&''&&&&''&&&'%&&&&֖וז֖֖וז֖֖וז֖֖וז֖֖וז֖֖וז֖֖וז֖666176666176667366.2376667566667566.21322.65766677666666536666536667722223726675622675662213.2261766673:6666653666653666772266776667566667566:25766265766277666666536666536667722V6V7U7226V6W5W66R6V6W5W66R66W5W6V6R:2W5W6V6V27U7V666--7.-22. -2 2673rO!֖orn֖66--12 2 77522.6667j׵֖vے566653666653666772266776667566667566:25766265766277666666536666536667722VVVWUW6RVVVWU7VVRVVVW5WVV2ZRWUW6VVVRVWU7VVVVRW5WVV66-7 .. 2. 667766275זwOnnonr֖5621 26-6 2666235666֖nsrq666653666653666772266776667566667566:25766265766277666666536666536667722vVVw576667566667566RZRwU666275666257666---76666936667365626657626657n76266776267566621175666675666657ֶ3366675666675o֖67726667722675666653666653666772266776667566667566:25766265766277666666536666176662756V62576662576663366667766675666675:26-12 226- 21-156Q76666536666536667722667766675666675626 21261.2222666W1666671266657666657666776:2677626766653666653666772266776667566667566:2576626576627766666653666653666772R6661766673666673:6675626675666675:26-- 2 - -166667766R21-2: 1 1 2. 6 .. 2 27)1-3776662776211176217766267W6252 262621:1162.627555226675666666653666653666772266776667566667566:2576626576627766666653666653666772266776667566667566:257662657662776666RmM. . 6-1661RRMmN. 2 6626MRN5n - 226667766675666675666656V22626662666RR6226666266626626667126667566665766665766653666653666772266776667566667566:25766265766277666rvwvwvvvzwrwruruvwv֖וז֖֖וז֖֖וז֖՗֖ӖinrnnnMjnnnosnronnnו֖וז֖nonrsr֓orosrnsnnrsJssnrsn֖֖֗՗֖וז֖Jnnnnomonnnnnnomonnnnnomonnnnnnomojrjrjsisjnnnnnomonnnnnomonnnnnnomonnnnnomkrjrj*+*.+N**jj*F&n*jMjnmO!/&/..KIJnJn)kI'%&&&&%'&&&&%'&&&''&&&&''&&&iptraf-3.0.0/Documentation/.xvpics/iptraf-othipfltdlg.png0100644000076400000000000000774407533152070022402 0ustar rikerrootP7 332 #IMGINFO:562x352 RGB (8148 bytes) #END_OF_COMMENTS 80 50 255 &%&%%&&&%&&&%%&&%%&&%%&&%%&&%%&&%%%&&J&JJ&&&&%'&&&''&&&&''&&&'%&&&&'%&&&&%'&&&&%'&&&''&&&&JJJJFN&KI'JF*J&KI'JJ&JF*K%KJ&JJ&KE+JF*J&JK%KJ&JF*K%KJ&JJ&JG)K&JJ&JK%KF*JF*J'IK&֖וז֖֖וז֖֖וז֖rvvqvvvwvvuvvvsrvuvvvurvuvrvuvrwvv262176226532663322.6336623562267126.25/22.61762277226666536666536667326.673666752:66756222172262576667766666653666653666772266776667566667566:25766265766277666666536666536667UWrZrVvVWuWvRvVVwUwVvRvVV7566RzRWuWvVvVrVWuWvVvVRwUwVv66-6. -16617666Orו752s֖26262 6217566267qns֖566Җ666653666653666772266776667566667566:25766265766277666666536666536667UwrzrVvvwuWvrvvVwuwvVrvvv576rzrWuwvvVvrvwUwvvvVrwuwvV66-6 2 - 6 -66576nrrms666֗762161122626667Qrrssn5726s666653666653666772266776667566667566:2576626576627766666653666653666772266776667566667566:2576626576627766666653666653666772266776667566667566:25766265766277666666536666536667722667W6667566266776R:756662677666W566662 212.626 22726672,v661)v6116v657 )w7-2 7z666626677266661766673666VW36667U72:6675W666756VR67566R:2576---6.-1 2 . 26:275662657662657662;766663766671666676266266226662662:7566662776662776663966667166665366666-1222.32.26665711v2:7566627566625766621766677666666536666536667722667W62667762667762:756662756662576666653666653666772266776667566667566:2576626576627766666653666653666772266776667566667566:25766265766277666666536666536667.2 .1-66 2 -.26 21-2616.51261- 7217666536666536667Sw&O3666536666536667SrqrFK֖֖ٓ666536666536667Wzrvvr{qwvrr./svvvvvwsvvvvwuwvvvvwuwrrvvwwvv666653666653666772266776667566667566:25766265766277666662356175566.2356666S66666536666356V626776627566627562 61 2252.:12677662u6666 121)62 VV:57666376666376666536626677266665766vW76666776176627576663766663766666653666653666772266776667566667566:25766265766277666662666751727Q26677666626653666622176666576667766667;2666RiV .22-56RQ2Nm11-2R2Q62n6 -16671266657666657666776:666536666536667722662576662176667766667766675:266752622.-3.22.-3.22//2.22//2.23-.2.23-.2.21/.2.21/.2.3 3..2֖֒sr՗mnrnrrrin֗nNornnn֖֖וҖnsmnnoonmorrosrrksjnJmnnnmornoNrOnnڒ֖וז֖֖וז֖&J*FOJ&JJ&JJ'I+FJ&NKE+J&JF*JG)KFJ*JF*JKE+JJJ&JK%KJ&JJ&K)GJJ&JJ*KJJ*FJ*GI+JF*FJ+E*+*N N.OImj*JjNI'&NmJqJ'&NIrIjNJ"JNJI+*jnNnJ/J/2*qKEJ/J J &S&mJJj&'%iptraf-3.0.0/Documentation/.xvpics/iptraf-filtermenu.png0100644000076400000000000000775007603006722022231 0ustar rikerrootP7 332 #IMGINFO:642x402 Indexed (4576 bytes) #END_OF_COMMENTS 80 50 255 %&$&%%%&%%%%&%%%%$&%%%&%%%%&%%%%&&%%%&%%%%&%%%%&$%%%&%%%%&%%%%&$&%%&%%%JJnmnn&&&&&'%&&&&&''&&&&&'%&&&&&&%'&&&&'%&&&&&&%'&&&&&'&''&&&&&'%&&&&&''&&&&&'%&&&&&&%'&&&&'%&&&&&&%'&&&&&''ےڒڒےڒڒےڒڒےڒڒےڒڒےڒڒےڒڒےےn++& &**& ')*& *& &*)' &**& ')O֖՗ےn''&&&&&'%&&&&&&%'&&&&')O֖՗ےn'n&nn&nJIJ&'%&&&&&+mےn''&&&&&'%&&&&&&%'&&&&')O֖՗ےn'mJmnn&nnmnI'*nJmJ&mnJ&-k֖ےn''%'I&&&&J&J&&'%'%'%'&&&&&& n֖ےn'/* *& ** +)** **&*)'*& *2 +)**** ** %+ *.nےn'/)+!!!!!! &&&''&&&&&%'&&&&&''& n֖ےn'..v&&#&mqJ*j!'"&".nےn'.W5&&'!&&&&&&#'&&&"&"'!&*nےn'/.rn"&!'"&"& &'mmjnnIKmn&#'"&"&"-kےn'/""&"&#%"&"*&&%'&&&&'%&&&&&&%'&*nےn++2J"&"%#&" &&ninnNrn&&&&%'.nےn'/""&"&#%"&"*&&%'&&&&'%&&&&&&%'&*nےn'/.n&n&&&%'&*"rnqnjnjMFrjm*"&"%#*nےn'/""&"&#%"&"*&&%'&&&&'%&&&&&&%'&*nےn++* ** &* +) *& **** )+** ** ') ** **** )+ &.nےn'/""&"&#%"&"*&&%'&&&&'%&&&&&&&''&&&nےn'/*nJmnrinJ&#%&&&"&"%#&"*nےn'/""&"&#%"&"*&&%'&&&&')O֖՗ےn+/& ** *& +) ***.** %+ ** *& +)O֖՗ےn''&&&&&'%&&&&&&%'&&&&')O֖՗ےn'mJJJ&"&#%"&"&"&!'"&"&#-kےn''&&&&&'%&&&&&&%'&&&&')O֖՗ےn+ +& ** **+) ** *& ** )+** ** '-Kڒїے'%K&J&JJ&J&K%K&J&J&J&J'I'JJ&J&J&K%ٓےڒڒےڒڒےڒڒےڒڒےڒڒےڒڒےڒڒےڒڒےڒڒ6226666675.66675762617175766626667576626666675726VVV671;2666666717666666627576- 2 -7-6 ))6-2 *2:6667726666716666621766667566666657./ /..... ./ /...../-......-+*2 2*+-......-/..../-......)S.+.R3SIirJrjmJ".+V+2nJrnN##&"&"&#%"&"&"'#&"&"&#%"&"&"iptraf-3.0.0/Documentation/.xvpics/iptraf-ipfltmenu.png0100644000076400000000000000775007603007046022062 0ustar rikerrootP7 332 #IMGINFO:643x403 Indexed (4736 bytes) #END_OF_COMMENTS 80 50 255 %%&$&%%%&$%%%&%%%%$&%%%&$&%%&%%%%&&%%%&$&%%&%%%%&$%%%&$&%%&%%%%&$&%%&$&&mKmnn&&&'%&&&&&''&&&&&'%&&&&&&%'&&&&'%&&&&&&%'&&&&'%&&&&&&''&&&&&'%&&&&&&%'&&&&'%&&&&&&%'&&&&'%&&&&&&%'&&&ڒۑڒڒۑڒڒۑڒڒۑڒڒۑڒڒۑڒڒۑڒڒoonnڒڒ* &* **)+ *& ** ') **** **)+ *&*ڒڒ&&&&&%'&&&&'%&&&&&&%'&&.֖ڒ&m'&mn&mJ&&jNFq*&"&"&#'"&&.ֶڒ&&&&&%'&&&&'%&&&&&&%'&&.֖ڒ&Jmnn&nnmnIJ'J'mnJ&"&/ٳڒ&&&&&''&&&&&&'%&&&&&&'%&Nڒ&.*** )+ &* **/) *& ** **)+ ** &* +) *& ** *.Kڒ&.""&!'"&"&+)/&!!!!%!%!!!&N֖ڒ&."/%"&"&"'#.Rplmq$mlml/&Nڒ&.""&!'"&"&+1[**Oڒ&./N&"&"&#% R/jmOn&nK%E"&"&"'#&".Nֶڒ&.""&!'"&"&+!I'&&&&&''&&&&&%'&&.&Nڒ& **Wq#&"&"&+mmJ.Sm"rjMF&"'!&"&"&"%O֖ڒ&.""&!'"&"&+!&"&"&"%#&"&"'!&"&".&Oڒ&.+Rn&n&&&&&& NNF*J&n&n&&&&&#'"&"&"%#&N֖ڒ&.""&!'"&"&+%'!&&&&&&''&&&&&'%&&.&Nڒ& ** **)+ ** &* +mInmJKIJ&&&&''&&&.*Nڒ&.""&!'"&"&+!&"&"&"%#&"&"'!&"&".FO՗ڒ&.JmGMjqN"'!&* *& *' +*** &* ') *& *& *&/ڒ&.""&!'"&"&+%J''%'&&&&'%&&&&&''&N֗ڒ& **** )+ &* **/mFJ*mnNJ"'#&"&"&!'"&".ڒڒ&&&&&%'&&&&/!"&"&"&!'"&"&#%"&"&*ڷזڒ&%&&&&&&-+ &* ** +% ** ** &* )+ *& ** J֖ڒ&&&&&%'&&&&'%&&&&&&%'&&*ڒ* *& ** )+** ** ') ** *& ** )+ &**ڒڒJnJnJJnKIoJnJJnJnKIoJJnJnJJnKIoJnJnڒڒۑڒڒۑڒڒۑڒڒۑڒڒۑڒڒۑڒڒۑڒڒۑڒڒۑڒ16-666176666262 :61:2666662776662657662667762:6657621 ..22) 6 21 76 62 2 -6. ) *2 7766266756266665366667126.**.+) ****** N+) ** .&/+* *& ** +% ** *& ** )' ** *& +) *& ** *& )+ *& ** N3.J7SRSIjJJn'mm&R3*S*InmnmJ"%#&"&"'!&"&"&"%#&"&"&#'"&"&iptraf-3.0.0/Documentation/.xvpics/iptraf-ipfltnamedlg.png0100644000076400000000000000775007603007112022517 0ustar rikerrootP7 332 #IMGINFO:640x402 Indexed (4400 bytes) #END_OF_COMMENTS 80 50 255 %%&$&%%%%%%%%&%%%&$&%%%&%%%%&%%%&$&%%%&%%%%&%%%%$&%%%&%%%%&%%%%&&%%%&%%&n%mJ&''&&&&&'%&&&&&&%'&&&&'%&&&&&&%'&&&&'%&&&&&&%'&&&&&&%'&&&&&''&&&&&%'&&&&&''&&&&&'%&&&&&''&&&&&'%&&&&&ڒڒڒڒڒڒڒڒڒڒڒڒڒڒ& &++**& &*+% &**& &* %+*& &&֖&&''&&&&&'%&&&&&&%'&&&*֖&n&IJI&iNjMi"&"&"%#&".Փ&&''&&&&&'%&&&&&&%'&&&*֖Jmnn'mnInJJ&nqFnmn%".&&&&&J%'%'&&&&&&&&JJ&&&&'%&.2222/12.2.23 3222.23-2.222213** **+) ** &* ** )+:26675626667726666712666665/&&&&'%&&&&&& %+:26675626667726666712666665/JIR+'"&"&"')*:26675626667726666712666665/&&&&&'%&&&&&.)۲1)*75 . -- 1 (131 26-1 667J&&&&''&&&&&')*ֶZRvVvVwUWvRvVVvVwUWrVvVVv2vWUsVvVV6665/&&&&'%&&&&&& %+RJJIoJnnnNjoqJnnN֗ї62;SM#'"&"&"%#&*.֖z֒J2665/&"&"'!&"&"&"!/:26675626667726666712666665w%&'%''&&&&&%'."ֶ:26675626667726666712666665/&&&&'%&&&&&& %+QRi2hN -(662MR2i1- - 7626675622J"&"&!'"&"&'):266756-6376666235666667766*"&#%"&"&"&!' &&666235626227722666712662261/&&&&'%&&&&&& ٷ֖vvvvvvruwvvv *2 /)***. .*)3 .*. *. /) "&"&"'#&"&"&+& *+ +* &* ** +% mJ*jnm%&&&&&''&&&&*&&''&&&&&'% "&"&"&!'"&"&#%"&"&"& ٓ&+i&&&&&%'.& && &+'*&**&)' && &*&+/֖&&''&&&&&'%&&&&&&%'&&&*nmnnnno* *++* ** &* +) **** ** %+ ** *&֖&&J&K%KJ&J&J&J&K%K&J&J&JJ&K%K&J&J&JڒڒڒڒڒڒڒڒڒڒڒڒڒڒڒڒڒڒڒڒڒڒڒJnnnnnomonnnnnnnnomonnnnnnnomonJJJJIonnnnnnnnomonnnnnnnomonnnnnnnnomKJJJN/.+VW.Nm'EJmJm'&2O.3Nnmnnn&'%&&&&&&%'&&&&'%&&&&&&%'&&&iptraf-3.0.0/Documentation/.xvpics/iptraf-ipfltlist.png0100644000076400000000000000774410273303441022067 0ustar rikerrootP7 332 #IMGINFO:645x406 RGB (4167 bytes) #END_OF_COMMENTS 80 50 255 $%$%$%$%$%%%$$%$%$%$%$%%%$$%$%$%$%$%%%$$%$%%%$%$%%%$$%$%%%%Jnnm&%'&&&&&''&&&&&%'&&&&&''&&&&&%'&&&&&''&&&&&'%&&&%JJ&&J''&&&&&%'&&&&&''&&&&&%'&&&&&''&&&&&'%&&&&&''&&&IڒڒڒړIڒڒڒړIڒڒڒړIڒڒڒړIڒڒڒړIڒڒڒړIڒڒڒړI%*# +* *2&*+% && &*&++& && &*')&&.**//&*& && ')*&*& && %+*&&&/!% &# '&*&"&#%"&"&"'#&"&"&#%"&*&&''&*""&#%"&"&"&!'"&"&'%% m%DqlEH$$ HLlHhq ll% !    !    !!   &% &#'"&"&"'!&"&"&#'"&"&"'!&"&"&#'"&"&"'!&"&"&"%#&"&"'!% &#'"&"&"'!&"&"&#'"&"&"'!&"&"&#'"&"&"'!&"&"&"%#&"&"'!% &#'"&"&"'!&"&"&#'"&"&"'!&"&"&#'"&"&"'!&"&"&"%#&"&"'!% &#'"&"&"'!&"&"&#'"&"&"'!&"&"&#'"&"&"'!&"&"&"%#&"&"'!% &#'"&"&"'!&"&"&#'"&"&"'!&"&"&#'"&"&"'!&"&"&"%#&"&"'!% &#'"&"&"'!&"&"&#'"&"&"'!&"&"&#'"&"&"'!&"&"&"%#&"&"'!% &#'"&"&"'!&"&"&#'"&"&"'!&"&"&#'"&"&"'!&"&"&"%#&"&"'!% &#'"&"&"'!&"&"&#'"&"&"'!&"&"&#'"&"&"'!&"&"&"%#&"&"'!% &#'"&"&"'!&"&"&#'"&"&"'!&"&"&#'"&"&"'!&"&"&"%#&"&"'!% &#'"&"&"'!&"&"&#'"&"&"'!&"&"&#'"&"&"'!&"&"&"%#&"&"'!% &#'"&"&"'!&"&"&#'"&"&"'!&"&"&#'"&"&"'!&"&"&"%#&"&"'!% &#'"&"&"'!&"&"&#'"&"&"'!&"&"&#'"&"&"'!&"&"&"%#&"&"'!% &#'"&"&"'!&"&"&#'"&"&"'!&"&"&#'"&"&"'!&"&"&"%#&"&"'!% &#'"&"&"'!&"&"&#'"&"&"'!&"&"&#'"&"&"'!&"&"&"%#&"&"'!% &#'"&"&"'!&"&"&#'"&"&"'!&"&"&#'"&"&"'!&"&"&"%#&"&"'!% &#'"&"&"'!&"&"&#'"&"&"'!&"&"&#'"&"&"'!&"&"&"%#&"&"'!% &#'"&"&"'!&"&"&#'"&"&"'!&"&"&#'"&"&"'!&"&"&"%#&"&"'!% &#'"&"&"'!&"&"&#'"&"&"'!&"&"&#'"&"&"'!&"&"&"%#&"&"'!% &#'"&"&"'!&"&"&#'"&"&"'!&"&"&#'"&"&"'!&"&"&"%#&"&"'!% &#'"&"&"'!&"&"&#'"&"&"'!&"&"&#'"&"&"'!&"&"&"%#&"&"'!% &#'"&"&"'!&"&"&#'"&"&"'!&"&"&#'"&"&"'!&"&"&"%#&"&"'!% &#'"&"&"'!&"&"&#'"&"&"'!&"&"&#'"&"&"'!&"&"&"%#&"&"'!% &#'"&"&"'!&"&"&#'"&"&"'!&"&"&#'"&"&"'!&"&"&"%#&"&"'!% &++&&""*#%"&"&"'#&"&"&#%"&"&"'#&"&"&#%"&"&"&!'"&"&#%%&' '.&".* '%&&&&&''&&&&&'%&&&&&''&&&&&'%&&&&&&%'&&&&'%IIڒڒڒړIڒڒڒړIڒڒڒړIڒڒڒړIڒڒڒړIڒڒڒړIڒڒڒړ%O&2"''&&&&J&/"J&"F&'mJ&F&j&JOi'&"&+!'"&F&J.+***'***%#I"&"&%W.+R/V/"n&'qn2"rKN".'&Km*3rrF*#6O..+mjNF+2O*3&.O."rInF"%#iptraf-3.0.0/Documentation/.xvpics/iptraf-ipfltdlg.png0100644000076400000000000000774410273303241021660 0ustar rikerrootP7 332 #IMGINFO:643x403 RGB (8864 bytes) #END_OF_COMMENTS 80 50 255 $%%%$%%%&%%%$%%%%$%%%&%%'mJnnm'&&&&&''&&&&&'%&&&&&''&&&&&'%&&&&&&%'&&&&'%&&&&&'%&&&&&&%'&&&&&''&&&&&%'&&&&&''&&&&&'%&&&&&''&&&&&'%& 7162626253626263 /2.2625362626776666./1222263726262756 /566622657666667 3222661766662776662631622627766626756 /56662265766666776666657:266673666663566662;766662756 /5666226576666675762V66667572Z26666675S66666635W6666662;Q76666662V756 /5;- - -576626SmnnjV266.Oonjr֖֖17 /5622726626756vV665wrV /56662265766666776666657:266673666663566662;766662756 /566622657666667U7V2V6VV6W5W2Z2VV6V6W5S6V666VS5W6V6V6VR;Q7V6V6VV2V7U6 /5- - -( )5766NnosN֖֒U62nnmonrnn67 /5166666622667w֖V66wו26 /56662265766666776666657:266673666663566662;766662756 /566622657666667Uw6r666w5wRZ666756666VVSUW6666VR[QW66662756 /5. 756666:2576vW5 :72:666772RjJڒW5 V6666275 /56626667526666wV666662:576667626֖2666673 /5666226576666627 6 2. 17 1 . 1 7-: 1,2) 2 -(226666736 /566622657666667766666572726726673:66667265766:26776 /56662265766666776666657:266673666663566662;766662756 /56662265766666776666657:266673666663566662;766662756 /52 - -.-6 .*666.-6.v576-1wq262 1w662 )26 *7v666 /5666226576666677666667u2:666VW536666VV57666VR;7666vR756 /5- )7 6. ) -76772666671666663366666756666665766:275 /566622657666667766666U226666736666665766662;766662657 /5 - * 17:- -17366 -6 v72: 2v26 ) 57- 2v66- 26z667 /5666226576666677666667U7:266VW56666VV57666VR17666VR776 /56662265766666776666657:266673666663566662;766662756 /566622657666667766666757:26667S666666576666;166662657 /566622657666667. - 6,w61 16 2w2277666665766666776:2 /5666226576666677666667U22666753V66663566662;766662756 /56662265766666776666657:266673666663566662;766662756 /56662265766666776666657:266673666663566662;766662756 /566622657666667% 2 -7 6 ) ) -6 - . . 7- .- 76 6 -(27-5 /566622657666667#6 /566622657666667#ז֖72 /566622657666667+vvvvvwuwvvvrvvwuwvrzrvvwuvrvvvvwurvvvvvvwq;2 /56662265766666776666657:266673666663566662;766662756 /575727666661-6666;166266637557652r57662:677662667 /52 ). 6. 6- 2 6576626 * 1( -16--1N662265766666776 /566622657666667w6666657:266666736666V6576666756666:2 /56662265766666776666657:266673666663566662;766662756 /5RR6262512RQ17666626R266R666766776666693666627766626 /5NmM666 *-62mMnQ22( 75RMRRM2. --673666661766662;766662 /566622657666667766666677666:275662667762666752:66677 /122.22.1/222223/22.2.132222.33.2.223122.22/3.222231.mړڒmړڒ%KIK*n*FJJKI+FJJJJJJ+i+JJJJF*JJJnGI+Jn&JJJNJj+IKFJJJ*JJKIGJNFNJJ+IKNJJJJKI'JJJJJ+R/*N3W.irF&'OInJ&rI*jq"rJJm'VnmnnJ&.O2+RMFJn*3*&/*.O.jmnN"&"'iptraf-3.0.0/Documentation/.xvpics/iptraf-timermenu.png0100644000076400000000000000775007603007365022070 0ustar rikerrootP7 332 #IMGINFO:642x403 Indexed (7608 bytes) #END_OF_COMMENTS 80 50 255 %%&$&%%%%%%%%&%%%&$&%%%&%%%%&%%%&$&%%%&%%%%&%%%%$&%%%&%%%%&%%%%&&%%%&%%&nInmJ&%'&&&&'%&&&&&&%'&&&&&''&&&&&%'&&&&&''&&&&&%'&&&&&&&%'&&&&&''&&&&&%'&&&&&''&&&&&'%&&&&&''&&&&&'%&&&&&ڒڒڒڒ* +) &* ** *& )+ ** &* +) *& ** **)+ &&". ./ '"***.%+ *& ** *++* **N&'%&&&&&&%'&&&&'%&&&&&&%'*""&"'#&"&".!'"&"&"'#&"*N&[KqnmJ"nNqjn"&#%"&"&"&!'*&Jnnmnn&&ّJJnnJnmJ'%&&&/R*+*N&+%'I'%'%'IKK%J&J&&&&%'&&&&'%*"&*&F*&FF&*F&*IG%&"&#'"&"*' 'Nֶ&nJIn'nqjqJ"qmn&#%"&"&"&%+Fqmnn&J&nF&"&#'"&"&/N+* n&'%&&&&&&%'&&&&'%&&&&&&%'*""&"'#&"&"&!'"&"&"'#&"*N&mnnnnmnnNF&m&&&&&%'&&&&&'IrNjMjmrJ"&"&!'"&"&"'2S.n&&&&&&'%'G&&&&&*"&&&*"&"'#&"&"&'%F&F&&*"*&&&&"&#'"&"&"'! &"*N+*mn'!&"&"&#'"&"&"'!&"&"&# '&m'MmF&'#&"&"&#%"&"&"'2S.*J&'%&&&&&&%'&&&&'%&&&&&&%'*""&"'#&"&"&!'"&"&"'#&"*N&/rIjJ&"&"'!&"&"&"%#&"&"&' #m'Nj%'&&&&&%'&&&&&'../&*N֖&Nj&"J&!'"&"&#%"&"&"&!'"&*"&jn"&"'#&"&"&#%"&"&&#+N֖J&n/.mNJ"&"'#&"&"&!'"&"& &nn&nnmnjmJ"&"'!&W.N/&.+**N&'%&&&J&&&&'%&&&&&''&&&&&')"&"&"J&&!'"&"&"'#&"&"&'Mז&nnn wq"nm'm&&mm&JnrinJ&&rqnqJ"'!&"&"&#O2+*&N֖&'%&&&&&&%'&&&&'%&&&&&&%'*""&"'#&"&"&!'"&"&"'#&"*N& +)** &* &* )' *& **+)** &* &* )' *****+ '* &* ** %+ *& *& *++***N&'%&&&&&&%'&&I$&&%%%%%%*"&"%#&"&"'!&&N&/n"&"&"%#lL$.llLh*%'&&&&O*/V/.W*&N&'%&&&&&&%'&&I$& &#'"&"&"'!&"*j*'% &&*&&*%' &&*OnIn&"qnn&NmE&&&&&'%&& "&"'#&"R7O2/N3J n&'%'&&&&&&'%&&&&&&#%"&&"&"&!'"&"&#%"& &&&&''&&&&&'%*n+Vnnn&I'nmJn&&NnmmnnnInJJnn&"&"%#*Jm)#&"&"O2+R/.J m&'%&&&&&&%'&&&&'%&&&&&&''&&&&&'%&&&& "&!'"&"&#%"&*Jڒ&WJmNJrnqnnq*"&mNnFmNJnJmJmnJnmnnJ&&"%'-InJJ"&#2N3*S.+)O֖&'%&&&&&&%'&&&&'%&&&&&&%'&&&&&''&&&*"!'"&"&"'#&"*N* ') ** *& ** )+** &* +) *& ** ** %+ ** *& *+ +*** **)+ ** &* *+ +& **N&'%&&&&&&%'&&&&'%&&&&&&%'&&&&&''&&&*j+IKJJJJFNFJKIKJ*j*&3mqqjrmJnJmNJ m&&'%&&&&&&%'&&&*J֖&/E+"mG'"&F"&"&!'"&"&#%"&"&"&!'"&"&#)/ֶ&/nIKmmI'InmJ* **** )+ &* ** +% ** **** )+ &.Jٓ&'%&&&&&&I'%&&&&&&%'&&&&&'%OjNjJNjNKiOjNJn֖* ') ** *& ** )+** ** +% ** **** )+Nז֒&n&&&&&&&&''&&J&&&&''&&&&&'%N֖&m'kIm*n"qi"&"&"'#&"&"&Mו&'%&&&&J&'%&&&&&&%'&&&&&'O֖* +) &* ** *& )+ ** &* +) *& ** **)+ Nז֒ڒڒڒڒڒڒڒڒ12626666767.:2666667762662. 266662756662666536669361-7 )7 2. 776*72 )26 -12)71 -,1 71- . )). .7666:.* +)+ **** *& )/%+* ** /)+** ***+ +*** **)+ **** *++* **** +)** ***+ N/.+VW2Nm'%&m'mJ&R/.O)omrnnmJ&'%&&&&&''&&&&&'%&&&&&''&&&&iptraf-3.0.0/Documentation/errors0100644000076400000000000000165607567301744015745 0ustar rikerrootjade:/scratch/iptraf-2.8.0/Documentation/manual.sgml:3068:91:E: end tag for "COMPUTEROUTPUT" omitted, but OMITTAG NO was specified jade:/scratch/iptraf-2.8.0/Documentation/manual.sgml:3068:47: start tag was here jade:/scratch/iptraf-2.8.0/Documentation/manual.sgml:3361:7:E: end tag for "PARA" omitted, but OMITTAG NO was specified jade:/scratch/iptraf-2.8.0/Documentation/manual.sgml:3358:0: start tag was here jade:/scratch/iptraf-2.8.0/Documentation/manual.sgml:3429:7:E: end tag for "PARA" omitted, but OMITTAG NO was specified jade:/scratch/iptraf-2.8.0/Documentation/manual.sgml:3425:0: start tag was here jade:/scratch/iptraf-2.8.0/Documentation/manual.sgml:3691:9:E: end tag for "PARA" omitted, but OMITTAG NO was specified jade:/scratch/iptraf-2.8.0/Documentation/manual.sgml:3688:0: start tag was here jade:/scratch/iptraf-2.8.0/Documentation/manual.sgml:2897:45:X: reference to non-existent ID "TCPFILTERS" make: *** [all] Error 8 iptraf-3.0.0/Documentation/iptraf-ipfltmenu.png0100644000076400000000000001120007603007046020451 0ustar rikerrootPNG  IHDRdgAMA aiPLTEÂYYY000Úeee0eeee ammmeMMMA0U󲲲UbKGDH pHYs  ~tIME FIDATx흁<@};d}Vm!MsU*nz,z 7B0/IS 3z8o!N;E=u0|zجVRa:.lx~XJuhpQ7܄9  hpAA!hpA!hpA!hpA!hpA!hpA!hpA!hpA!hpA!hpA!hpA!hpA!hpA!hpA!hpA!hpA!hA&)8xSp:D˧uO/!_>Ct|ʗ:1d`g-8A vFpЂ`g-8A vFpЂ`g-8~y|<>MN9I9<ďLjخQ/p3½: vFpЂ`g-8A vFpЂrիYvFqڜ>8.87}=z 4u޿PNoQ+/QRnW9h2Խ8YqYrk]ATqQd0yƲW:h:+$j꼯> lLrBAGA=YhvhiOq3rzPc]q8f[\?{NMmS7ƴII|$I;Ps ס9/)+vrŧvσ`g-8A vFpTlOlOlOlOlOlOlϋ8!bikq3[7NlzNlzNlzNlzNlzNlzNlzHt]Fq"Ա09tOJOۺ'/6v^ܷ5Tsp8UeF:oODÑ=4xP:<Ўɠyb ۸`ҋ]CCm8fcp9oϋ;x{E&JY\B]=]bvqGwSA1xqڟ8 ԱPXUegtqp|巏8Qt& OZr;V75/\y`7W'8c X:ࠎE : :n6q\ /2ov5Nwrq &X0~mfOs5吇_]] Ox.; /'3JČˆCkLL{7wӂ4biGd8AZ88b%Zߟ\^,2tTU Bz5'1割>n~&XЮwΐW?^,Xw+/4뭎țtb tb l&2r`aQoc^ߒG /#>N[cWVNe÷`‹Hvksw`‹Hr___: zOcA< Lx t8KEڹ},8b#l_>\HύyQ`‹Eܫtb tb tb tb tb lfK ySEº Zp0"S])o`'^XU}y Yt`‹EnRjsP  8-xȨϿs0818x|A &Xd`~񄽧OLg`‹EuZV;8ل$Jy||b哳`S8˼=/|BL4bq 8hF,p8hF,p\&pp`}/lqD!p0!A7jh8u9Fp0! TCtq*?oEz E|)4}kX>C`BP}`(ppbA8sLk329p0!owżXBå;;pE;;M&pppp88 DTb8:1o1 Lș쓷&v[r^{-F"-0n_b8\[rj-F 9}yQ`BNr?K;z 9OߟҎ^`BgiG/p0!8HQ{].K_܁8;p'LHࢼ qw*_${u|w^y{{\w^Aa-{'ZO\;^;#8hZp3;#1o8ؕ1D˧uO/!_>Ct| ^~)8xSA8 D B48 D B48 D B48 D B48 D B48 D B48 D B48 D B48 D B48 D B48 D B48 D B48 D B48 D B48 D B48 D B48 D B48 D B48 D B48 D@p/[~^5a/|޷;R=f:trЫհ({[[o`[~StpivwU8:D98>U3/OS>T0hHnRn owQ4~T5o8υ%q[=Wo,B iTwN55d R'IS^o;gRji|Eh'̼pv^,!4ՙ.8hZ.= @4 VCIENDB`iptraf-3.0.0/Documentation/iptraf-ipfltdlg.png0100644000076400000000000002124010273303241020251 0ustar rikerrootPNG  IHDR2 pHYs  ~tIME 1 IDATxP|Du.so頼<)L./Y0MS |W B2tǣ0?W麮~kx,/OږDrC 4Kktzk%w;:]d5=?|y>,@>ǐc&y88=6. ]UvUЁv16' ВH -Ftq߿Qz<sih4$@K"14=].S@KŅ=k4ޘDI)4gju8ǂcDbvfڹúw4^] @staEpp>Pk?0't>ۥ}b t9jͱtsv8λh7|vޞ4D>cۥP؎[<Slh85cֵy+J r{'>:mȂEJN!C0[c+l1%jq;48A@CvJ$bKts6nx`weTOE qJ6\`sOQkӘӧˑ~ּH gN@K"1$@K"1$@K"1$@K"1$@K"1$@K"1$@K"1$@K"1$@K"1$@Kjnh3{(m>1z'K˷obNl9xק80h?[9Tt'+S1}fkxؼn~fœm}O, &RtcIW>'dt2DlX˸wCZ ۳BN1ck>|+_~G'+^|]=}*ڱOx 1f?=ʎ}<|ad˙(=϶> ޖD&YJ'JC]Q^npY]_|y;!qn]K̮n}j?:=V1 vc+= m}83|iqx/urzi B暯{H\i1s4x'DݙwG`u Noѷ;!4\Khx3m~%8vm8&_qgr{gFb>vw;)7: "@K"1\܉@K"1$@K"1$@K"1$@K"1$@K"1$@K"1$@K"1$@KOLW pK=O -?]}K鷪;;|>ևgoBP.zޛlQ|.fg[C7X[oc'ǎ_-n|d&v}{ '^}ұ`qp2\8·Ks_L$S\>~7?r{g7Eb>vw;)כw"@K"1\y܉@K"1$@K"1$@K"1$@K"1$@K"1$@K"1$@K"1$@KOLWٻ}cޒcc |2u?qW}L_cs-uXz_7[,ZM{4FaI02cknczw=a=r-%O™iϟB$Fq/x1xOAXy^ߝ\~>H= 5h=IG5=x NkɰCғ#ixxc2Ԝ;\)gvڻO\Ӗ]C{t?ĉv|k1 l1o?Z9QEbnt>H -ВS32Z.Z')Ա_ݺobI,W#ERn_\uB[Y^>P;vܾk˾\GWiƭtb{=l<ݬ:vΛeُ㷂Ly/4͌C=h$cMܩ -{si卩?ck>8}Jby:g:C;YTy뫢հLji۫'ϡڅ;!:.Z496yLdv!_*KMwB"ܿs^Z>qۯ䫷2;O& l _6p׵pw{!dwb`ܝ y46|O;M|M&}'8]$:;`zŶ*?Ĥ Tc8ɰVuz{rhJi3OӪzq“TU+)nyQn.Ĵݿq~ܬ 4W/o8>'8)=?FࣈВH -y>1t,7='}bhNxP?86%64PŭﺡuN U <|\Af"gpX@:I;I6>Ht/FwV?<Nc2qn6j.W+}t9L''|o8Ҏ3bqtڱ^' E `-'`lHd~pbߞg Ž}=BIPu 9Sd|>8[3+ ľO)?ҏGnB<Rx1nw|o{b'Yy*b=w(}nW2[99sO^W;~kk;|bhq)gv=?R*Y+$!z8Vyc;e#<OX'.{]/򷻮]F`O?V$ƥNs^k7hcy)g'`%s;5|*2?/7N5w-W^~_ >gZL&M+5iuUZ=*}۽F_=~J/]~B[C _'F,rgѰ86YP` |GiKO+oQn}>~ω[yyO^̯_5}B1Wo'r]eRn{^S'vN|ђ=GtlM+Q[ (Eŵ3]p\UlNKO{[znIoXޫTT,zSBct"W1I||>j<.9O f *{ls-ot /rMD[v^/Aܿ/}Z==彇}bhI=Y2^>kX^=KNӦ^vcYZ'>15 g9}uu穟v{ l's["lBCFi~@mETammfkl{&nJ$ZGZorU_V;I׾a8*rS.mw`lt:&-` ѪMlښ.tHO=+].M$_rM:W7]tblw u.q7W%6Sgޭu%JɫWN7: Lmwhu<J\ɏJ˻~VsrC1וwqyOe206F?Ng17x'Ϯ.A>zR7;a'̗w?q?Y\r"KmK~bU1Y?Dw3˕Uv~TǤ8kpg<CO=N 5 W7wE߃v'>_%CjrJm**"1<Ë_&&r:2: -ВH -ВH -ВH -ВH -ВH -ВH -ВH -y>1DC\NOO -ВH -ВH -ВH -ВH -ВH -ВH -ВH -y>1uDO܊v}cx~oO'? ~|luI$a|1>L~y_̤6VK,?i0>qtno-z(=I}5ӫ6b;93cf>6i9~ydqmkYV ^/ Gbl8M3Hiy+9V~x8'm8'WrO|p.M濖z G_K83~߇K'v<|R֕7%ZQC.pfbZ}H:q`$_K~=#jv!~(U 6 V;n'NGasrz匫TL-sS[.ݏz`.lWY$\ӭ9,iaymwZmxcy~=O?ޒ7%!1M48=dy:jq:ߑ e1?SZc2]GrI*$uv;7#bg]OI'm{;50]9{gFbii"A;q#ipgdL88~HL s`tZ%Z%Z%Z%Z%Z%Z%Z%Zcˇ_dZ\9ήhS̤b1.n_g]4I-[~kV{6-t\e8ߟnJ?;8am< |VDٲCs\WvP {`sfh~zOx>kf=>Qb`'F'[p.t3Jbи:Yg:GI҇s {x5YN¸P9S<ߘty"9r-q `?[B^k`P':]9:QIM/9bxcVp].wd/(]IGDR||1S-e~M}o{ySߏ3Ŋǭ~"wVK0 S c%H&H=n ԏNUºtmb ֚i(E7[5qyѭ\&jǺ|$nxsҰ__^K~Jh23ٸ?4j?[IC,9 :)<7%HJLO ~$I[;{$fluAӓ5b2w:|1^ػ5X?<˻g+̝c 8{i4k]~O JZ%Z%Z%Zs}`HpВH -ВH -ВH -?'+b8>1$@K"1$@K"1$@K"1$@K"1$@K"1$@K"1$@K"1φO -Wup"?DƵYuM*-WFҗ9ZZ9.׊q&-h&QZ?'? v*+7>wi$WUB>ާfp-?<:3fz"F32; M.&_uoMOowh0y'nz,ox{yqlt#i̭Is0?맴_]} 7&yornIH+hϴwsUσ)83*Ξݠa/2|JK֙?6yl+{[a,Ɩ'^[Pb\H|=,n%SQ~j/3G98;^Kגp3IDATX'Dw(}Oi=lXyf^U곉}E 2g>vm%]EaCf_sݶG{\0Pg~Jw?k-vknV3a0i?[)vs\Dϗ,2N.v9s o%6[?q)Gp+)W'ҹwyKC~_TF_T;{9ӓ5y{K5Dsz_Euo~;^9G"qQ贛)`\'2ċW>A4?IENDB`iptraf-3.0.0/Documentation/iptraf-ipfltlist.png0100644000076400000000000001010710273303441020460 0ustar rikerrootPNG  IHDRn+ pHYs  ~tIME_ IDATx=r8PzʋlauܡB/H'i-6ʙ"OΩjA 9f_*1=/맧G[ߺ@_ۚJf5\Y8b);չ_z4&^>=>].T 6?KF}1<ݿR 7qeRӮZ1Zw@<<>ZU~ت|Rsjy.[\Zlϻ/aW]^}`jؾ٥)l{4/KK|XS0>q?fd:RB/c{:/'IdzNv:f']kv."f}X=,+- Fϳ5;wY-lLGuaj+75n1ܬ's[\d6䮺Y4\*t+˼f?IT3"|-LKgVD{W/ſ|{D?{/m0?^v\ߦ~#ܭ l^}yNgmFj[K&y-֫' e~|<9 'oV0Oߪ}%KU~jTx=_(9u;5C⡲x8sFcZyoMéKaZIXjX`ߺByJL\mUkӸۥdk{Rp*\>= φy}wTܠMgh[U͂&[O"[_#KgZVnM%&_z /t4϶|:6x a+=}?<{iد_gjʗ+vHt[ Oo}(lveֱ)_{4<.Ȇef7̶E_ν?l~n5tj06Mxw F>Up\P #C5k/|֮W*_XB,?eÇSiD aeXO}T:t^yA t~Z|R?~<|P^!g12y y*{z O@<JΦ&_ThgWO))*֭W'[Xa[4=f׳;->jemt}|Fraa82JV^hRyXx}\y3 5BmmvSy @< [4p+ &puuy|SZZqoxXtt׮~xMMW' =Wn<6ҢtG o{VRlhZok/7FU+SPhq8 MǷ|-|?ôvMV]Gkvsp{~g?69|_fT~m޶:_v[L+Lz;wf]\_ [XgӵrB췢y [j'W@xl~jR;o?SzaN6Yb޷|Nҝڦ}d?L.<_=*YvvL[a֬/n \zaky}2=A-}9,?6?>kxux1PoUqFw;`ɪwL]fJ+c=v]w?3 k{-$RIENDB`iptraf-3.0.0/Documentation/iptraf-ipfltnamedlg.png0100644000076400000000000001046007603007112021115 0ustar rikerrootPNG  IHDRDgAMA alPLTEÂYYY000Úeee0eeee ammmeMMMA0U󲲲UQbKGDH pHYs  ~tIME *y*,:IDATx݋8a/cTMD }jmSۈB@:0k9X |,] o _en*X р ƥuCn"p^ vGfB*Btd'! E"@H ?B!E"@H R)B!E"@H R)B!E"@H R)B!E"@H R)B!E"@H R)B!E"@H R)B!E"@H R)B!E"@H R营..ۥޅz"PoBxRB] ]KKa`;{!Zؒ#@[rh`K-lE-9%G"ZؒK lol8`K.A &Sn/Kt!\]\" un|v#tM3}>O f74Gzaz] (`>9Mؒ[ft~> PL-]oA-9%IAwux_6&MA'!pe~kŸh[!oYؒ#@[rh`K-lE-9%2~n-hJ_! 7\٧6X\ 'lcCrv;Wg Ep=ŧ7:g>8-'X}e x| .횂̨It񪚉Avxee`3@3} ;]2~rer܅[??Q{nmwf52cvzt`K;W%2Lp̖^OsH3j1`~$q'{A $_U1\H3m~.9j-/,8O4_LγsJyؒ#@[rh`K-Vݨ`6xV: :fCgkY`6xV: :fS5@}qUsg Ps~Tdؕ""k!k!k!k!k!k!k!k!kS('Y~s&  :/ËvGd.=y vyiE G,1$@av!A%<ֲ?y x$$#tCAW`-X`-X`-X`-X`-X›`&_\_fQG"m9}>37gSxv` 7 po|6ġnŰ3|?"/ɞ,^ӏr 1ssK<>w+vrL!>b`rEMV'83O04 ^cu}.I.m^GL͚.6^ 0ހfe~!i^і>`Fm.13?y;G|+H(\hG%`c `0]f4@Vqt|oW~p^ 0sc&>L?LNon#lhyg>L'a_ VÜX ?x;;,{ Xk*|t>6W.u%rgge|4@]+?wZѿBQNyy#2+quptAu5-Sx[.nMkWÍA7\[`(ozƛ\4nG!^Wqչw=>xέaڽ#L` 0> p /<`Ќ87kv{EW >\ e%@3[`côCiXoa6r ?ʵ||\3V7dS<ݟp^^8ʵ5_^>: 4GCpx/"%|t>X X X X Xxj{1ө9No>"1x.#'ZlӲGL* pO:` O` O` O` O` O` o; 炞7]|V'%9,t0-/YNӳ}o_+\\?w|w9"ߗ`F(H_.>i,7CH>|8@!8nqoo+pj gt?2\V|i.vqeepgFG`|$˗x5=wӥF Ek<mW9=l< i`$d9@OE._hücg!r2W!,Ow ??Y k+ %%BO[$oan[q/!"6{#{A%<rkF'D%<B%<B%<B%<B%<B%y]W ] @T _- %2k _- %2`+.`jk/"#@칓8B#lND=w3ny_ӟҠ3 < /'6ѦmDӟjy߫X1::^xG^Ӑ"mE#py#s `0^;uQ F_eELd_Fςtq$[N ;φ?zB=w h{<, y6Y֣lG+s /Dޗ-6![z8K$@{sx ?{. pA~pS(_ %ʛ.nuTޜ7 pPGy~uTޜmUޜTޜTޜTޜxxlE-9%G"Zؒm!v{RoBxRB] ]K! v)Dw..ۥޅz^B!E"@H R)B!E"@H R)B!E"@H R)B!E"@H R)B!E"@H R)B!E"@H R)B!E"@H R)B!E"@H R)B!E"@H R)B!E"@H R)B!E"@H R)B!E"@H RtRs%S׍_>-Mkfg{Vw>Ŕ&dկ\~_v(a JVx/* 38Z _lypawl"*9 7~^Z`xn0Âz} C%+2Fc< ;u* C /%8F6{i7 w4QcI{4`gk,7 ]W-huf]_ 0g\0&n= e%@aT!/a9pO>⇶Qr g[;4J~igH.Yha{Ugfpp{vOEgz8zv a'> v!ς/V^ w a ?4ǏzIENDB`iptraf-3.0.0/Documentation/manual.sgml0100644000000000000000000052154710274140154016464 0ustar rootroot IPTraf User's Manual Version 3.0.0 1997 2003 Gerard Paul Java This manual is released under the terms of the GNU Free Documentation License of March, 2000 as published by the Free Software Foundation, reproduced in this manual as Appendix B. IPTraf is open-source software released under the terms of the GNU General Public License version 2 or any later version as published by the Free Software Foundation, reproduced in the LICENSE file in the distribution's top-level directory. The accomanying software and the information contained in this document are provided "AS IS" without warranty of any kind, express or implied, including, without limitation, the implied warranties of mercantability or fitness for any particular purpose. In no event shall the author be liable for any indirect, special, consequential, or incidental damages arising from the use of this manual or the accompanying software even if the author has been advised of the possibility of such damages. Linux is a registered trademark of Linus Torvalds. Pentium is a registered trademark of Intel Corporation. All other trademarks are property of their respective owners. Some structure declarations were based on code copyrighted by the Regents of the University of California. Token Ring parsing code based on the Token Ring packet construction code in the Linux 2.2 kernel. About This Document This document contains the instructions on how to use the IPTraf network monitoring software version 3.0. This manual details the different statistical facilities, the user interface, and the important features of the software. For Additional Information See the included README file for summarized and late-breaking information. Also read the RELEASE-NOTES file for important new information about this new version. The CHANGES file contains a record of the changes made to the software since 1.0.0. README.rvnamed contains information on the rvnamed reverse resolution program. See the other README files for support and development information. Document Conventions The following symbols and typefaces are used throughout this manual: [ ] items in brackets are optional. Brackets also denote items that may or may not be displayed onscreen depending on settings or conditions. { } curly braces enclose items you choose from | the vertical bar separates choices in curly braces normal monospace normal monospace text in syntax specifications should be typed in exactly as presented. Because UNIX and variants are case-sensitive, case must be preserved. Monospace is also used in presenting items that appear on the screen. monospace italics italics in syntax specifications indicate items that are to be replaced with an actual item (e.g. interface should be replaced with an actual interface name, like eth0). Additional information appears distinctively set apart from the main text. This information includes Notes, Tips, or Technical Notes. Notes are additional pieces of information that may be useful or may clarify the preceeding paragraphs of the manual. Tips provide shortcuts, clarify tasks that may not be immediately obvious, or provide references to additional sources of information. Technical notes are explanations of a more technical nature and may be of more use to programmers and advanced users. Getting Started About IPTraf IPTraf is a network monitoring utility and traffic analyzer for IP networks. It intercepts packets and returns data about captured the network traffic in various statistical facilities. IPTraf comes with these major features: An IP traffic monitor that shows TCP connection information (hosts, packet/byte counts, flags, window sizes), and color-coded information about other IP packets Statistics (counts and load rates) for network interfaces in general and detailed views Statistics per TCP/UDP port Statistical breakdown according to packet sizes A LAN host monitor that returns counts and loads per detected MAC address A powerful filtering system for users to view only interesting traffic Logging An asynchronous DNS resolver for the IP traffic monitor A text-based, full-color, menu-driven user interface suitable for use on all Linux systems with terminals, especially Linux consoles and color xterms Easy configuration Fully software-based. No additional hardware required Basic knowledge of the important TCP/IP protocols (IP, TCP, UDP, ICMP, etc.) is necessary for you to best understand the information generated by the program. Installation IPTraf is most readily available on the Internet, but some may receive it on a diskette. Here are the instructions for both types of distributions. System Requirements IPTraf requires: Hardware Requirements 16 megabytes of physical RAM (more recommended, at least 64 MB for very busy networks) 2 megabytes of free disk space for installation (more will be needed if you log high amounts of traffic over time) Pentium-class processor or higher (Pentium-II 200 MHz or higher recommended) or equivalent. One or more of the supported network interfaces. Operating System Requirements Linux kernel 2.2.0 or higher GNU C Library 2.1 or later ncurses 4.2 or later with the complete terminfo database in /usr/share/terminfo. Support for linux, vt100, xterm, xterm-color recommended. Compilation Requirements The following components are required when compiling IPTraf from the source code. gcc 2.7.2.3 or later GNU C (glibc) development library 2.1 or later ncurses development libraries 4.2 or later Availability IPTraf can be downloaded from the Internet from the official FTP site at ftp://iptraf.seul.org/pub/iptraf/ . The software is available in source form in compressed .tar.gz files named iptraf-x.y.z.tar.gz where x.y.z is the version number. Precompiled ready-to-run software is available in the iptraf-x.y.z.machinetype.bin.tar.gz files. (machinetype indicates what platform the precompiled binaries run on. The official distribution will only be for the Intel x86 architecture indicated as i386.) Installing Downloaded Packages You will need to have GNU tar and GNU zip installed. All modern Linux installations already have these utilities ready. Decompress the .tar.gz file by entering tar zxvf iptraf-x.y.z.tar.gz for the source code or tar zxvf iptraf-x.y.z.i386.bin.tar.gz for the precompiled x86 programs. If your tar doesn't support the z option, you can separately decompress the .tar.gz file then extract the resulting .tar archive. gunzip iptraf-x.y.z.tar.gz tar xvf iptraf-x.y.z.tar This will decompress the sources into a directory called iptraf-x.y.z (source code) or iptraf-x.y.z.bin (precompiled). (x.y.z here should be the IPTraf version number you're installing, like 3.0.0). Change to the created top level directory. To compile and install the software, run the Setup program by entering ./Setup while you are logged in as root. The Setup script will recognize the source distribution and compile the software before installing. It will immediately install a precompiled distribution. The resulting binaries will be placed in the /usr/local/bin directory. All needed directories will also be created. After installation, you will be asked if you want to read the RELEASE-NOTES file. It is recommended that you do so at that point, since the RELEASE-NOTES file contains important information about the new version. Installing a Floppy Distribution If you received IPTraf on a diskette, the sources are already decompressed. The diskette is in Second Extended filesystem format. Perform the following steps to install the software. Insert the floppy in the drive. Mount the floppy on an empty directory. For example, to mount the floppy in the first floppy drive under a directory called /mnt, enter mount -t ext2 /dev/fd0 /mnt This assumes your floppy is in /dev/fd0. You can use any empty directory in place of /mnt. With most Linux installations, this will work fine. After mounting, change to the /mnt (or whatever) directory. Enter ./Setup while logged in as root. Setup will determine whether the diskette contains a source code distribution or ready-to-run precompiled software. This will copy the binaries to /usr/local/bin, and create the necessary working directories. Unmount the diskette by typing umount /mnt (That's umount, not unmount.) You can then eject the diskette. Store it in a safe place. You will also be asked if you want to view the RELEASE-NOTES file. It is recommended that you do so at that point. In both cases (downloaded and floppy), the installation will store the program in /usr/local/bin with the binaries owned by user root, readable, writable, and executable by the owner, no permissions for the group, no permissions for all others. (700 octal, or -rwx------). Note You must be root to do the installation. The old style of installation (cd src;make install) is still supported. Be sure /usr/local/bin is included in your environment's PATH variable. You can edit the appropriate command in your login customization file (.profile for the Bourne-type shells, .cshrc for the C shell and its relatives). Upgrading from Earlier Versions IPTraf 3.0 is a major revision from IPTraf 2.7. The filter subsystem has been completely redesigned and as such, is incompatible with previous filter formats. Therefore old IPTraf filters can no longer be used. The installation procedure for IPTraf 3.0 will rename the filter list files but not delete them. If you install a distribution package (e.g. RPM, dpkg), old filters may still appear in the filter selection list but the new IPTraf version will be unable to load them. Starting and Stopping IPTraf After installation, you can start the program by simply entering iptraf at the shell prompt. You will see a copyright notice, with an instruction to press any key to get started. Just press any character key, and you will be immediately taken to the main menu. All major functions of the program are found there. Entering the IPTraf command without any command-line parameters brings up the program's main menu. From there, you can select the facilities you want. IPTraf determines and makes use of the maximum number of lines and columns on the terminal. Note IPTraf does not have a SIGWINCH handler; it does not adjust itself when an xterm or some other X terminal is resized. Technical note IPTraf needs to refer to the terminfo database in /usr/share/terminfo. If the supplied executable program fails with Error opening terminal, your terminfo database may be located somewhere else. You can control the terminfo search path by using the TERMINFO environment variable. For example, if you're using the sh or bash shell, and your terminfo database is in /usr/lib/terminfo (typical for Slackware distributions), you can use the commands: TERMINFO=/usr/lib/terminfo export TERMINFO You can place these commands in your ~/.profile or the systemwide /etc/profile startup files. You can also create a symbolic link named /usr/share/terminfo to let it point to your existing terminfo (assuming again your terminfo is in /usr/lib/terminfo): ln -s /usr/lib/terminfo /usr/share/terminfo Or you can recompile your program to use your existing ncurses library installation. If you do this, make sure you have ncurses 4.2 or later. Command-line Options IPTraf has a few optional command-line parameters. As with most UNIX commands, IPTraf command-line parameters are case-sensitive (-l is NOT the same as -L). The following command-line parameters can be supplied to the iptraf command: -i iface causes the IP traffic monitor to start immediately on the specified interface. If -i all is specified, all interfaces are monitored. -g starts the general interface statistics -d iface shows detailed statistics for the specified interface -s iface starts the TCP/UDP traffic monitor for the specified interface -z iface starts the packet size breakdown for the specified interface -l iface starts the LAN station monitor on the specified interface. If -l all is specified, all LAN interfaces are monitored. -t timeout The -t parameter, when used with one of the other parameters that specify a facility to start, tells IPTraf to run the indicated facility for only timeout minutes, after which the facility exits. The -t parameter is ignored in menu mode. If this parameter is not specified, the facility runs until the exit keystroke is pressed. -B Redirects all terminal output to the "bit bucket" /dev/null, closes standard input, and places the program in the background. This parameter can be used only with one of the -i, -g, -d, -s, -z, or -l parameters. See Background Operation in Chapter 9. -B is ignored in menu mode. -L filename Allows you to specify an alternate log file name when the any facility is directly started from the command line, whether in foreground or background mode. If specified in foreground mode, the log filename prompt is bypassed, even when logging is turned on in the Configure... menu. If this parameter is omitted in background mode, the default log filename is used. This parameter always turns on logging. If an absolute path is not specified, the log file will be created in the default log file directory -I interval Sets the logging interval (in minutes) when the -L parameter is used. This overrides the Log interval... setting in the Configure... menu. If omitted, the configured value is used. This parameter is ignored when the -L parameter is omitted and logging is disabled. The value specified here will affect all facilities except for the IP traffic monitor. -q Previously used to suppress the warning screen when IPTraf is run on kernels with IP masquerading. Since the masquerading code now processes packets in a way better suited to raw capture, this parameter is no longer needed and is retained only for compatibility. -f Forces IPTraf to clear all lock files and reset all instance counters to zero before running any facilities. IPTraf will then think it's the first instance of itself. The -f parameter overrides the existing locks and counters imposed by the IPTraf process and by the various facilities, causing this instance to think it is the first and that there are no other facilities running. Use this parameter with great caution. A common use for this parameter is to recover from abrupt or abnormal terminations which may leave stale locks and counters still lying around. The -f parameter may be used together with the others. iptraf -h displays a short help screen While the command-line options are case-sensitive, interactive keystroke at the IPTraf full-screen interface are not. Using the Menus Menu items with a trailing ellipsis (...) either pop up a submenu with further items, or require additional information before it can complete the task and return to the menu. Menu items without an ellipsis execute immediately. Use the Up and Down arrow keys on your keyboard to move the selection bar. Press Enter to execute the selected item. Alternatively, you can also directly press the highlighted letter of the item you want. This will immediately execute the option.
The IPTraf Main Menu
Exiting IPTraf You can exit IPTraf with the Exit command in the main menu. When started with one of the command-line options to directly start a statistical facility, pressing X or Q will exit the facility directly, without any confirmation. The -t command-line parameter will automatically exit the facility after the specified length of time without any confirmation as well. Daemon facilities started with the -B parameter will immediately terminate after being sent a USR2 signal. See background operation in chapter 9 for more information. Preparing to Use IPTraf This chapter provides information applicable to all of IPTraf's statistical monitors. Number Display Notations IPTraf initially returns exact counts of bytes and packets. However, as they grow larger, IPTraf begins displaying them in increasingly higher denominations. A number standing alone with no suffix represents an exact count. A number with a K following is a kilo (thousand) figure. An M, G, and T suffix represents mega (million), giga (billion), and tera (trillion) respectively. The following table shows examples. Numeric Display Notations 1024067exactly 1024067 1024Kapproximately 1024000 1024Mapproximately 1024000000 1024Gapproximately 1024000000000 1024Tapproximately 1024000000000000
These notations apply to both packet and byte counts. Instances and Logging Since version 2.4, IPTraf allows multiple instances of the facilities at the same time in different processes (for example, you can now run two or more IP Traffic Monitors at the same time). However only one can listen on a specific interface or all interfaces at once. The only exception is the general interface statistics, which is still restricted to only one instance at a time. Because of this relaxation, each instance now generates log files with unique names for instances, depending on either their instance or the interface they're listening on. If the Logging option is turned on (see the Configuration chapter), IPTraf will prompt you for a log file name while presenting a default. You may accept this default or change it. Press Enter to accept, or Ctrl+X to cancel. Canceling will turn logging off for that particular session. If you don't specify an absolute path, the log file will be placed in /var/log/iptraf.
The logfile prompt dialog
See the Logging section in the Configuration chapter for detailed information on logging. See also the documentation on each statistical facility for the default log file names. The default log file names will also be used if the -B parameter is used to run IPTraf in the background. You can override the defaults with the -L parameter. See Background Operation in Chapter 9. Screen Update Delays Older versions of IPTraf updated the screen as soon as a packet was received. However, screen update is one of the slowest operations the program performs. Since version 1.3, a configuration option has been available to control screen update speed. See the Screen update interval... configuration option under the Configuration chapter of this manual. Supported Network Interfaces IPTraf currently supports the following network interface types and names. lo The loopback interface. Every machine has one, and has an IP address of 127.0.0.1. lo is also indicated if data is detected on the dummyn interface(s). ethn An Ethernet interface. n starts from 0. Therefore, eth0 refers to the first Ethernet interface, eth1 to the second, and so on. Most machines only have one. fddin An FDDI interface. n starts from 0. trn A Token Ring interface, where n starts from 0. pppn A PPP interface. n starts from 0. slin A SLIP interface. n starts from 0. ipppn A synchronous PPP interface using ISDN. n starts from 0. isdnn ISDN interfaces can be given arbitrary names, but for them to work with IPTraf, they must be named isdnn. IPTraf supports synchronous PPP (the ipppn interfaces above), raw IP, and Cisco-HDLC encapsulation. plipn PLIP interfaces. These are point-to-point IP connections using the PC parallel port. ipsecn This refers to Free s/WAN (and possibly other) logical VPN interfaces. sbnin SBNI long-range modem interfaces dvbn, sm200, sm300 DVB satellite-receive interfaces wlann, wvlann Wireless LAN interfaces tunn general logical tunnel interfaces brgn general logical bridge interfaces hdlcn Frame Relay base (FRAD) interfaces (non-PVC) pvcn Frame Relay Permanent Virtual Circuit interfaces Your system's network interfaces must be named according to the schemes specified above. The IP Traffic Monitor Executing the first menu item or specifying -i to the iptraf command takes you to the IP traffic monitor. The traffic monitor is a real-time monitoring system that intercepts all packets on all detected network interfaces, decodes the IP information on all IP packets and displays the appropriate information, most notably the source and destination addresses. It also determines the encapsulated protocol within the IP packet, and displays some important information about that as well. There are two windows in the traffic monitor, both of which can be scrolled with the Up and Down cursor keys. Just press W to move the Active indicator to the window you want to control.
The IP traffic monitor
The Upper Window The upper window of the traffic monitor displays the currently detected TCP connections. Information about TCP packets are displayed here. The window contains these pieces of information: Source address and port Packet count Byte count Source MAC address Packet Size Window Size TCP flag statuses Interface Note Previous versions of IPTraf showed both the source and destination addresses on each line. IPTraf 2 and higher show only the source host:port combination to save on screen real estate. TCP connection endpoints are still indicated with the green brackets (on color terminals) along the left edge of the screen. The Up and Down cursor keys move an indicator bar between entries in the TCP monitor, scrolling the window if necessary. The PgUp and PgDn keys display the previous and next screenfuls of entries respectively. The IP traffic monitor computes the data flow rate of the currently highlighted TCP flow and displays it on the lower-right corner of the screen. The flow rate is in kilobits or kilobytes per second depending on the Activity mode switch in the Configure... menu. Because this monitoring system relies solely on packet information, it does not determine which endpoint initiated the connection. In other words, it does not know which endpoints are the client and server. This is necessary because it can operate in promiscuous mode, and as such cannot determine the socket statuses for other machines on the LAN. However, a little knowledge of the well-known TCP port numbers can give a good idea about which address is that of the server. The system therefore displays two entries for each connection, one for each direction of the TCP connection. To make it easier to determine the direction pairs of each connection, a bracket is used to "join" both together. This bracket appears at the leftmost part of each entry. Just because a host entry appears at the upper end of a connection bracket doesn't mean it was the initiator of the connection. Each entry in the window contains these fields: Source address and port The source address and port indicator is in address:port format. This indicates the source machine and TCP port on that machine from which this data is coming. The destination is the host:port at the other end of the bracket. Packet count The number of packets received for this direction of the TCP connection Byte count The number of bytes received for this direction of the TCP connection. These bytes include total IP and TCP header information, in addition to the actual data. Data link header (e.g. Ethernet and FDDI) data are not included. Source MAC address The address of the host on your local LAN that delivered this packet. This can be viewed by pressing M once if Source MAC addrs in traffic monitor is enabled in the Configure... menu. Packet Size The size of the most recently received packet. This item is visible if you press M for more TCP information. This is the size of the IP datagram only, not including the data link header. Window Size The advertised window size of the most recently received packet. This item is visible if you press M for more TCP information. Flag statuses The flags of the most recently received packet. S SYN. A synchronization is taking place in preparation for connection establishment. If only an S is present (S---) the source is trying to initiate a connection. If an A is also present (S-A-), this is an acknowledgment of a previous connection request, and is responding. A ACK. This is an acknowledgment of a previously received packet P PSH. A request to push all data to the top of the receiving queue U URG. This packet contains urgent data RESET RST. The source machine indicated in this direction reset the entire connection. The direction entries for reset connections become available for new connections. DONE The connection is done sending data in this direction, and has sent a FIN (finished) packet, but has not yet been acknowledged by the other host. CLOSED The FIN has been acknowledged by the other host. When both directions of a connection are marked CLOSED, the entries they occupy become available for new connection entries. - The flag is not set Some other pieces of information can be viewed as well. The M key displays more TCP information. Pressing M once displays the MAC addresses of the LAN hosts that delivered the packets (if the Source MAC addrs in traffic monitor option is enabled in the Configure... menu). N/A is displayed if no packets have been received from the source yet, or if the interface doesn't support MAC addresses (such as PPP interfaces). If the Source MAC addrs in traffic monitor option is not enabled, pressing M simply toggles between the counts and the packet and window sizes. By default, only IP addresses are displayed, but if you have access to a name server or host table, you may enable reverse lookup for the IP addresses. Just enable reverse lookup in the Configure... menu. The rvnamed Process The IP traffic monitor starts a daemon called rvnamed to help speed up reverse lookups without sacrificing too much keyboard control and accuracy of the counts. While reverse lookup is being conducted in the background, IP addresses will be used until the resolution is complete. If for some reason rvnamed cannot start (probably due to improper installation or lack of memory), and you are on the Internet, and you enable reverse lookup, your keyboard control can become very slow. This is because the standard lookup functions do not return until they have completed their tasks, and it can take several seconds for a name resolution in the foreground to complete. rvnamed will spawn up to 200 children to process reverse DNS queries. Tip If you notice unusual SYN activity (too many initial (S---) but frozen SYN entries, or rapidly increasing initial SYN packets for a single connection), you may be under a SYN flooding attack or TCP port scan. Apply appropriate measures, or the targeted machines may begin denying network services. Entries not updated within a user-configurable amount of time may get replaced with new connections. The default time is 15 minutes. This is regardless of whether the connection is closed or not. (Some unclosed connections may be due to extremely slow links or crashes at either end of the connection.) This figure can be changed at the Configure... menu. Some early entries may have a > symbol in front of its packet count. This means the connection was already established when the monitor started. In other words, the figures indicated do not reflect the counts since the start of the TCP connection, but rather, since the start of the traffic monitor. Eventually, these > entries will close (or time out) and disappear. TCP entries without the > were initiated after the traffic monitor started, and the counts indicate the totals of the connection itself. Just consider entries with > partial. Some > entries may go idle if the traffic monitor was started when these connections were already half-closed (FIN sent by one host, but data still being sent by the other). This is because the traffic monitor cannot determine if a connection was already half-closed when it started. These entries will eventually time out. (To minimize these entries, an entry is not added by the monitor until a packet with data or a SYN packet is received.) Direction entries also become available for reuse if an ICMP Destination Unreachable message is received for the connection. The lower part of the screen contains a summary line showing the IP, TCP, UDP, ICMP, and non-IP byte counts since the start of the monitor. The IP, TCP, UDP, and ICMP counts include only the IP datagram header and data, not the data-link headers. The non-IP count includes the data-link headers. Technical note: IP Forwarding and Masquerading Previous versions of IPTraf issued a warning if the kernel had IP masquerading enabled due to the way the kernel masqueraded and translated the IP addresses. The new kernels no longer do it as before and IPTraf now gives output properly on masquerading machines. The -q parameter is no longer required to suppress the warning screen. On forwarding (non-masquerading) machines packets and TCP connections simply appear twice, one each for the incoming and outgoing interfaces if all interafaces are being monitored. On masquerading machines, packets and connections from the internal network to the external network also appear twice, one for the internal and external interface. Packets coming from the internal network will be indicated as coming from the internal IP address that sourced them, and also as coming from the IP address of the external interface on your masquerading machine. In much the same way, packets coming in from the external network will look like they're destined for the external interface's IP address, and again as destined for the final host on the internal network. Closed/Idle/Timed Out Connections A TCP connection entry that closes, gets reset, or stays idle too long normally gets replaced with new connections. However, if there are too many of these, active connections may become interspersed among closed, reset, or idle entries. IPTraf can be set to automatically remove all closed, reset, and idle entries with the TCP closed/idle persistence... configuration option. You can also press the F key to immediately clear them at any time. Note The TCP timeout... option only tells IPTraf how long it should take before a connection should be considered idle and open to replacement by new connections. This does not determine how long it remains on-screen. The TCP closed/idle persistence... parameter flushes entries that have been idle for the number of minutes defined by the TCP timeout... option. Sorting TCP Entries The TCP connection entries can be sorted by pressing the S key, then by selecting a sort criterion. Pressing S will display a box showing the available sort criteria. Press P to sort by packet count, B to sort by byte count. Pressing any other key cancels the sort. The sort operation compares the larger values in each connection entry pair and sorts the counts in descending order. Over time, the entries will go out of order as counts proceed at varying rates. Sorting is not done automatically so as not to degrade performance and accuracy.
The IP traffic monitor sort criteria
Lower Window The lower window displays information about the other types of traffic on your network. The following protocols are detected internally: User Datagram Protocol (UDP) Internet Control Message Protocol (ICMP) Open Shortest-Path First (OSPF) Interior Gateway Routing Protocol (IGRP) Interior Gateway Protocol (IGP) Internet Group Management Protocol (IGMP) General Routing Encapsulation (GRE) Layer 2 Tunneling Protocol (L2TP) IPSec AH and ESP protocols (IPSec AH and IPSec ESP) Address Resolution Protocol (ARP) Reverse Address Resolution Protocol (RARP) Other IP protocols are looked up from the /etc/services file. If /etc/services doesn't contain information about that protocol, the protocol number is indicated. Non-IP packets are indicated as Non-IP in the lower window. Note The source and destination addresses for ARP and RARP entries are MAC addresses. Strictly speaking, ARP and RARP packets aren't IP packets, since they are not encapsulated in an IP datagram. They're just indicated because they are integral to proper IP operation on LANs. For all packets in the lower window, only the first IP fragment is indicated (since that contains the header of the IP-encapsulated protocol) but with no further information from the encapsulated protocol. UDP packets are also displayed in address:port format while ICMP entries also contain the ICMP message type. For easier location, each type of protocol is color-coded (only on color terminals such as the Linux console). UDPRed on White ICMPYellow on Blue OSPFBlack on Cyan IGRPBright white on Cyan IGPRed on Cyan IGMPBright green on Blue GREBlue on white ARPBright white on Red RARPBright white on Red Other IPYellow on red Non-IPYellow on Red The lower window can hold up to 512 entries. You can scroll the lower window by using the W key to move the Active indicator to it, and by using the Up and Down cursor keys. The lower window automatically scrolls every time a new entry is added, and either the first entry or last entry is visible. Upon reaching 512 entries, old entries are thrown out as new entries are added. Some entries may be too long to completely fit in a screen line. You can use the Left and Right cursor keys to vertically scroll the lower window when it is marked Active. If your terminal can be resized (e.g. xterm), you may do so before starting IPTraf. Entries for packets received on LAN interfaces also include the source MAC address of the LAN host which delivered it. This behavior is enabled by turning on the Source MAC addrs in traffic monitor toggle in the Configure... menu. Entry Details In general, the entries in the lower window indicate the protocol, the IP datagram size (full frame size for non-IP, including ARP and RARP), the source address, the destination address, and the network interface the packet was detected on. However, some protocols have a little more information. ICMP ICMP entries are displayed in this format: ICMP type [(subtype)] (size bytes) from source to destination [(src HWaddr srcMACaddress)] on interface where type could be any of the following: echo req, echo rply ICMP echo request and reply. Usually used by the ping program and other network monitoring and diagnostic program. dest unrch ICMP destination unreachable. Something failed to reach its target. The dest unreach type is supplemented with a further indicator of the problem. Destination unreachable messages for TCP traffic causes the corresponding TCP entry in the upper window to be made available for reuse by new connections. redirct ICMP redirect. Usually generated by a router to tell a host that a better gateway is available. src qnch The ICMP source quench is used to stop a host from transmitting. It's a flow control mechanism for IP. time excd Indicates a packet's time-to-live value expired before it got to its destination. Mostly happens if a destination is too far away. Also used by the traceroute program. router adv ICMP router advertisement router sol ICMP router solicitation timestmp req ICMP timestamp request timestmp rep ICMP timestamp reply info req ICMP information request info rep ICMP information reply addr mask req ICMP address mask request addr mask rep ICMP address mask reply param prob ICMP parameter problem bad/unknown An unrecognized ICMP packet was received, or the packet is corrupted. The destination unreachable message also includes information on the type of error encountered. Here are the destination unreachable codes: ntwk network unreachable host host unreachable proto protocol unreachable port port unreachable pkt fltrd packet filtered (normally by an access rule on a router or firewall) DF set the packet has to be fragmented somewhere, but its don't fragment (DF) bit is set. src rte fail source route failed src isltd source isolated (obsolete) net comm denied network communication denied host comm denied host communication denied net unrch for TOS network unreachable for specified IP type-of-service host unrch for TOS host unreachable for specified IP type-of-service prec violtn precedence violation prec cutoff precedence cutoff dest net unkn destination network unknown dest host unkn destination network unknown For more information on ICMP, see RFC 792. OSPF OSPF messages also include a little more information. The format of an OSPF message in the window is: OSPF type (a=area r=router) (sizebytes) from source to destination [(src HWaddr srcMACaddress)] on interface The type can be one of the following: hlo OSPF hello. Hello messages establish OSPF communications and keep routers informed of each other's presence. DB desc OSPF Database Description LSR OSPF Link State Request LSU OSPF Link State Update. Messages indicating the states of the OSPF network links LSA OSPF Link State Acknowledgment The entries in parentheses: a=area The area number of the OSPF message r=router The IP address of the router that generated the message. It is not necessarily the same as the source address of the encapsulating IP packet. Many times, the destination addresses for OSPF packets are class D multicast addresses in standard dotted decimal notation or (if reverse lookup is enabled), hosts under the MCAST.NET domain. Such multicast addresses are defined as follows: 224.0.0.5 (OSPF-ALL.MCAST.NET) OSPF all routers 224.0.0.6 (OSPF-DSIG.MCAST.NET) OSPF all designated routers See RFC 1247 for details on the OSPF protocol. Additional Information When started from the main menu and logging is enabled, the IP traffic monitor prompts you for a log file name. The default name is ip_traffic-n.log (where n is what instance of the traffic monitor this is (1, 2, 3, and so on). (e.g. if this is the first instance, the default file name will be ip_traffic-1.log.) When started with the -i parameter, the log filename can be specified with the -L parameter. See the Command-line Parameters section above for more information. On busy networks, the display may become cluttered with traffic you're not interested in. To control the traffic monitor's output, you can apply a filter. See Chapter 7, Filters for more information on IPTraf's filters. At any time, you can press X or Q to return to the main menu (or back to the shell if the monitor was started with iptraf -i). Network Interface Statistics There are two network interface statistics facilities: the general interface statistics, which displays a statistical summary of all attached interfaces, and the detailed interface statistics, which shows more statistical and load information about a single selected interface. General Interface Statistics The second menu option displays a list of attached network interfaces, and some general packet counts. Specifically, it displays counts of IP, non-IP, and bad IP packets (packets with IP checksum errors). It also includes an activity indicator, which shows the number of kilobits and packets the interface sees per second. All figures are for incoming and outgoing packets. (Again, considering promiscuous mode for LAN interfaces, which simply causes the machine to intercept all packets). This is useful for general monitoring of all attached interfaces. If byte counts and additional information are needed for a specific interface, the Detailed interface statistics option is also available. The activity indicators can be toggled between kbits/s and kbytes/s with the Activity mode configuration option. The general statistics window will dynamically add new entries as packets from newly-created interfaces (e.g. new PPP interfaces) are intercepted. Long lists can be scrolled with the Up, Down, PgUp, and PgDn keys. This monitor is affected by IPTraf's filters as described in Chapter 7. Copies of the statistics are written to the log file iface_stats_general.log at regular intervals if logging is enabled. See the Logging option int the Configuration chapter. This facility can be started directly from the command line with the -g option to the iptraf command. When started from the command line, the log filename and log interval can be specified with the -L and -I parameters respectively. See the Command-line Parameters section above for more information.
The general interface statistics screen
You can press X or Q to return to the main menu. Detailed Interface Statistics The third menu option displays packet statistics for any selected interface. It provides basically the same information as the General interface statistics option, with additional details. This facility provides the following information: Total packet and byte counts IP packet and byte counts TCP packet and byte counts UDP packet and byte count ICMP packet and byte counts Other IP-type packet and byte counts Non-IP packet and byte counts Checksum error count Interface activity Broadcast packet and byte counts All IP byte counts (IP, TCP, UDP, ICMP, other IP) include IP header data and payload. The data link header is not included. The full frame length (including data-link header) is included in the non-IP and Total byte count. All data-link headers are also included in the Total byte counts.
The detailed interface statistics screen
The upper portion of the screen contains the packet and byte counts for all IP and non-IP packets intercepted on the interface. The lower portion contains the total, incoming, and outgoing interface data rates. This facility also displays incoming and outgoing counts and data rates. The packet size breakdown in versions prior to 2.0.0 has been moved to its own facility under Statistical breakdowns.../By packet size as described in Chapter 5. An outgoing packet is one that exits your interface, regardless of whether it originated from your machine or came from another machine and was routed through yours. An incoming packet is one that enters your interface, either addressed to you directly, broadcast, multicast, or captured promiscuously. The rate indicators can be set to display kbits/s or kbytes/s with the Activity mode configuration option. Note Buffering and some other factors may affect the data rates, notably the outgoing rate, causing it to reflect a higher figure than the actual rate at which the interface is sending. The figures are logged at regular intervals if logging is enabled. The default log file name at the prompt is iface_stats_detailed-iface.log where iface is the selected interface for this session (for example, iface_stats_detailed-eth0.log). If you wish to start this facility directly from the command line, you can specify the -d parameter and an interface to monitor. For example, iptraf -d eth0 starts the statistics for eth0. The interface must be specified, or IPTraf will not start the facility. When started from the command line, the log filename and log interval can be specified with the -L and -I parameters respectively. See the Command-line Parameters section above for more information. Note In both the general and detailed statistics screens, as well as in the IP traffic monitor, the packet counts are for actual network packets (layer 2), not the logical IP packets (layer 3) that may be reconstructed after fragmentation. That means, if a packet was fragmented into four pieces, and these four fragments pass over your interface, the packet counts will indicate four separate packets. The figure for the IP checksum errors is a packet count only, because the corrupted IP header cannot be relied upon to give a correct IP packet length value. This facility's output is also affected by IPTraf's filters. See Chapter 7 for more information on filters. Pressing X or Q takes you back to the main menu (if this facility was started with the command-line option, X or Q drops you back to the shell). Statistical Breakdowns Statistical breakdowns contain two facilities that break down traffic counts by either packet size or TCP/UDP port. Packet Sizes The packet size breakdown facility used to be incorporated into the detailed interface statistics. It has since been moved to its own facility. It is entered by selecting Statistical Breakdowns/By packet size. The packet size breakdown takes the interface's Maximum Transmission Unit (MTU) size and divides it into 20 brackets, each bracket containing a range of sizes. As a packet is captured, its size is determined and the appropriate bracket is incremented. This facility provides an idea as to the packet sizes passing over your network, and can aid in network (re)design decisions.
The packet size statistical breakdown
If logging is enabled, copies of the statistics are written at regular intervals to a log file. The default log file name is packet_size-iface.log where iface is the selected interface for this session (for example, packet_size-eth0.log). IPTraf's filters do not affect this facility. The packet size breakdown can also be invoked straight from the command line by specifying the -z iface parameter. The interface parameter is required. For example, this command runs the facility on interface eth0. iptraf -z eth0 When started from the command line, the log filename and log interval can be specified with the -L and -I parameters respectively. See the Command-line Parameters section above for more information. To exit, press X or Ctrl+X. TCP and UDP Traffic Statistics IPTraf also includes a facility that generates statistics on TCP and UDP traffic. This facility displays counts of all TCP and UDP packets with source or destination ports numbered less than 1024. Ports 1 to 1023 are reserved for the TCP/IP application protocols (well-known ports).
The TCP/UDP service monitor
The statistics window indicates the protocol (TCP or UDP), the port number, the total packets and bytes counted for this particular protocol/port combination, the packets and bytes destined for that protocol and port, and the packets and bytes coming from that protocol and port. Byte counts include the IP header and payload only. The data link header is not included. The protocol/port indicators are color-coded for easier identification on color terminals. TCP indicators are in yellow, UDP in bright green. Some network applications or protocols may use port numbers higher than 1023. Examples of these include application proxy servers (HTTP proxy servers typically use values like 8000, 8080, 8888, and the like), and IRC (IRC servers commonly accept connections on ports 6660 to 6669). These ports are by default not included in the counts. If you do want to include a higher-numbered port in the statistics, you can add them yourself from the Configure.../Additional ports... menu item. See the section below. If logging is enabled, The statistics are also written to a log file (the default name is tcp_udp_services-iface.log, where iface is the selected interface (for example, tcp_udp_services-eth0.log). IPTraf computes the total, incoming, outgoing, and data rates of the protocol currently indicated by the facility's highlight bar. The data rates are indicated at the bottom of the screen. If logging is enabled, the average data rates since the start of the facility are placed in the log file. The Up and Down cursor keys move the highlight bar. Pressing X or Ctrl+X exits and returns to the main menu (or the shell if it was started from the command line). Sorting TCP/UDP Entries Pressing the S key brings up a window which allows you to select the field by which the entries will be sorted. You can press R to sort by port, P to sort by total packets, B to sort by total bytes, T to sort by incoming packets (packets to), O to sort by incoming bytes (bytes to), F to sort by outgoing packets (packets from) and M to sort by outgoing bytes (bytes from). Pressing any other key cancels the sort. Port numbers are sorted in ascending order (least first) but statistics are sorted in descending order (largest counts first). As with the IP traffic monitor, sorting is performed only with this sequence. Automatic sorting is not performed so as not to affect performance.
The TCP/UDP monitor's sort criteria
Additional Information IPTraf's filters affect the output of this facility. See Chapter 7, Filters for more information about filters. If you wish to start this facility from the command line, you can use the -s option followed by an interface to monitor. For example, iptraf -s eth0 brings up this module for traffic on eth0. The interface must be specified, or IPTraf will drop back to the shell. When started from the command line, the log filename and log interval can be specified with the -L and -I parameters respectively. See the Command-line Parameters section above for more information. LAN Station Statistics The LAN station monitor (Ethernet station monitor on versions prior to 1.3.0) discovers MAC addresses and displays statistics on the number of incoming, and outgoing packets. It also includes figures for incoming and outgoing kilobits per second for each discovered station. The entry above each line of statistics is the station's LAN type (Ethernet, PLIP, Token Ring, or FDDI) and the hardware MAC address. Each statistics line consists of the following information: Total packets incoming IP packets incoming Total bytes incoming Incoming rate Total packets outgoing IP packets outgoing Total bytes outgoing Outgoing rate The byte counts include the data link header. The activity indicators can be set to display kbits/s or kbytes/s with the Activity mode configuration option. This facility works only for Ethernet, PLIP, Token Ring, and FDDI frames. Loopback. ISDN, and SLIP/PPP networks are not monitored here.
The LAN station monitor
Copies of the statistics are written to a log file at regular intervals if logging is enabled. The default log file name is lan_statistics-n.log, where n is the instance number of this facility (for example, if this is the first instance, the generated default log file name is lan_statistics-1.log). Sorting the LAN Station Monitor Entries Press S to sort the entries. A box will pop up and display the keys you can press to select the field by which the entries will be sorted. Press P to sort by total incoming packets, I to sort by incoming IP packets, B to sort by total incoming bytes, K to sort by total outgoing packets, O to sort by outgoing IP packets, and Y to sort by total outgoing bytes. Pressing any other key cancels the sort.
The LAN station monitor's sort criteria When started from the command line, the log filename and log interval can be specified with the -L and -I parameters respectively. See the Command-line Parameters section above for more information. Additional Information The window can be scrolled with the Up and Down cursor keys. Press X or Q to return to the main menu (or the shell if this facility was started with the -l command-line option). The output of this facility is affected by any applied IPTraf filter. Filters Filters are used to control the information displayed by all facilities. You may want to view statistics only on particular traffic so you must restrict the information displayed. The filters also apply to logging activity. The IPTraf filter management system is accessible through the Filters... submenu.
The Filters submenu
IP Filters The Filters/IP... menu option allows you to define a set of rules that determine what IP traffic to pass to the monitors. Selecting this option pops up another menu with the tasks used to define and apply custom IP filters.
The IP filter menu
Defining a New Filter A freshly installed program will have no filters defined, so before anything else, you will have to define a filter. You can do this by selecting the Define new filter... option. Selecting this option displays a box asking you to enter a short description of the filter you are going to define. Just enter any text that clearly identifies the nature of the filter.
The IP filter name dialog
Press Enter when you're done with that box. As an alternative, you can also press Ctrl+X to cancel the operation. The Filter Rule Selection Screen After you enter the filter's description, you will be taken to a blank rule selection box. At this screen you manage the various rules you define for this filter. You can opt to insert, append, edit, or delete rules.
The filter rule selection screen. Selecting an entry displays that set for editing
Any rules defined will appear here. You will see the source and destination addresses, masks and ports (long addresses and masks may be truncated) and whether this rule includes or excludes matching packets. Between the source and destination parameters is an arrow that indicates whether the rule matches packets (single-headed) only exactly or whether it matches packets flowing in the opposite direction (double-headed). At this screen, press I to insert at the current position of the selection bar, A to append a rule to the end of the list, Enter to edit the highlighted rule and D to delete the selected rule. With an empty list, A or I can be used to add the first rule. To add the first rule, press A or I. You will then be presented with a dialog box that allows you to enter the rule's parameters. Entering Filter Rules You can enter addresses of individual hosts, networks, or a catch-all address. The nature of the address will be determined by the wildcard mask. You'll notice two sets of fields, marked Source and Destination. You fill these out with the information about your source and targets. Fill out the host name or IP address of the hosts or networks in the first field marked Host name/IP Address. Enter it in standard dotted-decimal notation. When done, press Tab to move to the Wildcard mask field. The wildcard mask is similar but not exactly identical to the standard IP subnet mask. The wildcard mask is used to determine which bits to ignore when processing the filter. In most cases, it will work very closely like a subnet mask. Place ones (1) under the bits you want the filter to recognize, and keep zeros (0) under the bits you want the filter to ignore. For example: To recognize the host 207.0.115.44 IP address207.0.115.44 Wildcard mask255.255.255.255 To recognize all hosts belonging to network 202.47.132.x IP address202.47.132.0 Wildcard mask255.255.255.0 To recognize all hosts with any address: IP address0.0.0.0 Wildcard mask0.0.0.0 The IP address/wildcard mask mechanism of the display filter doesn't recognize IP address class. It uses a simple bit- pattern matching algorithm. The wildcard mask also does not have to end on a byte boundary; you may mask right into a byte itself. For example, 255.255.255.224 masks 27 bits (255 is 11111111, 224 is 11100000 in binary). IPTraf also accepts host names in place of the IP addresses. IPTraf will resolve the host name when the filter is loaded. When the filter is interpreted, the wildcard mask will also be applied. This can be useful in cases where a single host name may resolve to several IP addresses. Tip See the Linux Network Administrator's Guide if you need more information on IP addresses and subnet masking. Tip IPTraf allows you to specify the wildcard mask in Classless Interdomain Routing (CIDR) format. This format allows you to specify the number of 1-bits that mask the address. CIDR notation is the form address/bits where the address is the IP address or host name and bits is the number of 1-bits in the mask. For example, if you want to mask 10.1.1.0 with 255.255.255.0, note that 255.255.255.0 has 24 1-bits, so instead of specifying 255.255.255.0 in the wildcard mask field, you can just enter 10.1.1.0/24 in the address field. IPTraf will translate the mask bits into an appropriate wildcard mask and fill in the mask field the next time you edit the filter rule. If you specify the mask in CIDR notation, leave the wildcard mask fields blank. If you fill them up, the wildcard mask fields will take precedence. The Port fields should contain a port number or range of any TCP or UDP service you may be interested in. If you want to match only a single port number, fill in the first field, while leaving the second blank or set to zero. Fill in the second field if you want to match a range of ports (e.g. 80 to 90). Leave the first field blank or set to zero to let the filter ignore the ports altogether. You will most likely be interested in target ports rather than source ports (which are usually unpredictable anyway, perhaps with the exception of FTP data). Non-TCP and non-UDP packets are not affected by these fields, and these are used only when filtering TCP or UDP packets. Fill out the second set of fields with the parameters of the opposite end of the connection. Tip Any address or mask fields left blank default to 0.0.0.0 while blank Port fields default to 0. This makes it easy to define filter rules if you're interested only in either the source or destination, but not the other. For example, you may be interested in traffic originating from network 61.9.88.0, in which case you just enter the source address, mask and port in the Source fields, while leaving the Destination fields blank. The next fields let you specify which IP-type protocols you want matched by this filter rule. Any packet whose protocol's corresponding field is marked with a Y is matched against the filter's defined IP addresses and ports, otherwise they don't pass through this filter rule. If you want to evaluate all IP packets just mark with Y the All IP field. For example, if you want to see only all TCP traffic, mark the TCP field with Y. The long field marked Additional protocols allows you to specify other protocols by their IANA number. (You can view the common IP protocol number in the /etc/protocols file). You can specify a list of protocol numbers or ranges separated by commas, Ranges have the beginning and ending protocol numbers separated with a hyphen. For example, to see the RSVP (46), IP mobile (55), and protocols (101 to 104), you use an entry that looks like this: 46, 55, 101-104 It's certainly possible to specify any of the protocols listed above in this field. Entering 1-255 is functionally identical to marking All IP with a Y. The next field is marked Include/Exclude. This field allows you to decide whether to include or filter out matching packets. Setting this field to I causes the filter to pass matching packets, while setting it to E causes the filter to drop them. This field is set to I by default. The last field in the dialog is labeled Match opposite. When set to Y, the filter will match packets flowing in the opposite direction. Previous versions of IPTraf used to match TCP packets flowing in either direction, so the source and destination address/mask/port combinations were actually interchangeable. Starting with IPTraf 3.0, when filters extended to more than just the IP traffic monitor, this behavior is no longer the default throughout IPTraf except in the IP traffic monitor's TCP window. Note For TCP packets, this field is used in all facilities except the IP traffic monitor. Because the IP traffic monitor must capture TCP packets in both directions to properly determine a closed connection, the filter automatically matches packets in the opposite direction, regardless of this field's setting. However iin all other facilities, automatic matching of the reverse packets is not performed unless you set this field to Y. Filters for UDP and other IP protocols do not automatically match packets in the opposite direction unless you set the field to Y, even in the IP traffic monitor. Press Enter to accept all parameters when done. The parameters will be accepted and you'll be taken back to the rule selection box. You can then add more rules by pressing A or you can insert new rules at any point by pressing I. Should you make a mistake, you can press Enter to edit the selected filter. You may enter as many sets of parameters as you wish. Press Ctrl+X when done. Note Because of the major changes in the filtering system since IPTraf 2.7, old filters will no longer work and will have to be redefined.
The IP filter parameters dialog
Examples To see all traffic to/from host 202.47.132.1 from/to 207.0.115.44, regardless of TCP port Host name/IP Address202.47.132.2207.0.115.44 Wildcard mask255.255.255.255255.255.255.255 Port00 ProtocolsTCP: Y Include/ExcludeI Match oppositeY To see all traffic from host 207.0.115.44 to all hosts on network 202.47.132.x Host name/IP Address207.0.115.44202.47.132.0 Wildcard mask255.255.255.255255.255.255.0 Port00 ProtocolsAll IP: Y Include/ExcludeI Match oppositeN To see all Web traffic (to and from port 80) regardless of source or destination Host name/IP Address0.0.0.00.0.0.0 Wildcard mask0.0.0.00.0.0.0 Port800 ProtocolsTCP: Y Include/ExcludeI Match oppositeY To see all IRC traffic from port 6666 to 6669 Host name/IP Address0.0.0.00.0.0.0 Wildcard mask0.0.0.00.0.0.0 Port06666 to 6669 ProtocolsTCP: Y Include/ExcludeI Match oppositeY To see all DNS traffic, (TCP and UDP, destination port 53) regardless of source or destination Host name/IP Address0.0.0.00.0.0.0 Wildcard mask0.0.0.00.0.0.0 Port053 ProtocolsTCP: Y UDP: Y Include/ExcludeI Match oppositeY To see all mail (SMTP) traffic to a single host (202.47.132.2) from anywhere Host name/IP Address0.0.0.0202.47.132.2 Wildcard mask0.0.0.0255.255.255.255 Port025 ProtocolsTCP: Y Include/ExcludeI Match oppositeN To see traffic from from/to host sunsite.unc.edu to/from cebu.mozcom.com Host name/IP Addresssunsite.unc.educebu.mozcom.com Wildcard mask255.255.255.255255.255.255.255 Port00 ProtocolsAll IP: Y Include/ExcludeI Match oppositeY To omit display of traffic to/from 140.66.5.x from/to anywhere Host name/IP Address140.66.5.00.0.0.0 Wildcard mask255.255.255.00.0.0.0 Port00 ProtocolsAll IP: Y Include/ExcludeE Match oppositeY You can enter as many parameters as you wish. All of them will be interpreted until the first match is found. Excluding Certain Sites Filters follow an implicit "no-match" policy, that is, only packets matching defined rules will be matched, others will be filtered out. This is similar to the access-list policy "whatever is not explicitly permitted is denied". If you want to show all traffic to/from everywhere, except certain places, you can specify the sites you wish to exclude, mark them with E in the Include/Exclude field, and define a general catch-all entry with source address 0.0.0.0, mask 0.0.0.0, port 0, and destination 0.0.0.0, mask 0.0.0.0, port 0, tagged with an I in the Include/Exclude field as the last entry. For example: To see all traffic except all SMTP (both directions), Web (both directions), and traffic (only) from 207.0.115.44 Host name/IP address0.0.0.00.0.0.0 Wildcard mask0.0.0.00.0.0.0 Port250 ProtocolsTCP: Y Include/ExcludeE Match oppositeY Host name/IP address0.0.0.0 0.0.0.0 Wildcard mask0.0.0.00.0.0.0 Port800 ProtocolsTCP: Y Include/ExcludeE Match oppositeY Host name/IP address207.0.115.440.0.0.0 Wildcard mask255.255.255.2550.0.0.0 Port00 ProtocolsAll IP: Y Include/ExcludeE Match oppositeN Host name/IP address0.0.0.00.0.0.0 Wildcard mask0.0.0.00.0.0.0 Port00 ProtocolsAll IP: Y Include/ExcludeI Match oppositeN Tip To filter out all TCP, define a filter with a single entry, with a source of 0.0.0.0 mask 0.0.0.0 port 0, and a destination of 0.0.0.0 mask 0.0.0.0 port 0, with the Include/Exclude field marked E (exclude). Then apply this filter. Applying a Filter The above steps only add the filter to a defined list. To actually apply the filter, you must select Apply filter... from the menu. You will be presented with a list of filters you already defined. Select the one you want to apply, and press Enter. The applied filter stays in effect over exits and restarts of the IPTraf program until it is detached. Editing a Defined Filter Select Edit filter... to modify an existing filter. Once you select this option, you will be presented with the list of defined filters. Select the filter you want to edit by moving the selection bar and press Enter. Edit the description if you wish. Pressing Ctrl+X at this point will abort the operation, and the filter will remain unmodified. Press Enter to accept any changes to the filter description. After pressing Enter, you will see the filter's rules. To edit an existing filter rule, move the selection bar to the desired entry and press Enter. A prefilled dialog box will appear. Edit its contents as desired. Press Enter to accept the changes or Ctrl+X to discard. You can add a new filter rule by pressing I to insert at the selection bar's current position. When you press I, you will be presented with a dialog box asking you to enter the new rule data. Pressing A results in a similar operation, except the rule will be appended as the last entry in the rule list. Pressing D deletes the currently pointed entry. Press X or Ctrl+X to end the edit and save the changes. Note If you're editing the currently applied filter, you will need to re-apply the filter for the changes to take effect. Note Be aware that the filter processes the rules in order. In other words, if a packet matches more than one rule, only the first matching rule is followed. Deleting a Defined Filter Select Delete filter... from the menu to remove a filter from the list. Just move the selection bar to the filter you want to delete, and press Enter. Detaching a Filter The Detach filter option deactivates the filter currently in use. Selecting this option causes all TCP traffic to be passed to the monitors. When you're done with the menu, just select the Exit menu option. ARP, RARP, and other Non-IP Packet Filters The Non-IP filter option toggles the display and logging of all non-IP packets, except ARP and RARP, which are toggled separately. Configuring IPTraf IPTraf can be easily configured with the Configure... item in the main menu. The configuration is stored in the /var/local/iptraf/iptraf.cfg file. If the file is not found, IPTraf uses the default settings. Any changes to the configuration immediately get stored in the configuration file.
The IPTraf configuration menu
Toggles Reverse DNS Lookups Activating reverse lookup causes IPTraf to find out the name of the hosts with the addresses in the IP packets. When this option is enabled, IPTraf's IP traffic monitor starts the rvnamed DNS lookup server to help resolve IP addresses in the background while allowing IPTraf to continue capturing packets. This option is off by default. TCP/UDP Service Names This option, when on, causes IPTraf to display the TCP/UDP service names (smtp, www, pop3, etc.) instead of their numeric ports (25, 80, 110, etc). The number-to-name mappings will depend on the systems services database file (usually /etc/services). Should there be no corresponding service name for the port number, the numeric form will still be displayed. This setting is off by default. Note Reverse lookup and service name lookup take some time and may impact performance and increase the chances of dropped packets. Performance and results are best (albeit more cryptic) with both these settings off. Force promiscuous If this option is enabled, your LAN interfaces will capture all packets on your LAN. Using this option enables you to see all TCP connections and packets passing your LAN segment, even if they're not from or for your machine. When this option is active in the statistics windows, the Activity indicators will show a good estimate of the load on your LAN segment. When this option is disabled, you'll only receive information about packets coming from and entering your machine. The setting of this option affects all LAN ( Ethernet, FDDI, some Token Ring) interfaces on your machine, if you have more than one. The interface's promiscuous flag is set only when a facility is started, and turned off when it exits. However, if promiscuous mode was already set when a facility was started, it remains set on exit. If multiple instances of IPTraf are started, the promiscuous setting is restored only upon exit of the last facility. Note Do not use other programs that change the interface's promiscuous flag at the same time you're using IPTraf. The programs can interfere with each other's expected operations. While IPTraf tries to obtain the initial setting of any promiscuous flags for restoration upon exit, other programs may not be as well-behaved, and they may turn off the promiscuous flags while IPTraf is still monitoring. Color Turn this on with color monitors. Turn it off with black-and- white monitors or non-color terminals (like xterms). Changes to this setting will take effect the next time the program is started. Color is on by default on consoles and color xterms, off on non-color terminals like xterms and VT100s. Logging When this option is active, IPTraf will log information to a disk file, which can be examined or analyzed later. Since IPTraf 2.4.0, IPTraf prompts you for the name of the file to which to write the logs. It will provide a default name, which you are free to accept or change. The IP traffic monitor and LAN station monitor will generate a log file name that is based on what instance they are (first, second, and so on). The general interface statistics' default log file name is constant, because it listens to all interfaces at once, and only one instance can run at one time. The other facilities generate a log file name based on the interface they're listening on. See the descriptions on the facilities above for the default log file names. Press Enter to accept the log file name, or Ctrl+X to cancel. Canceling will turn logging off for that session. The IP traffic monitor will write the following pieces of information to its log file: Start of the traffic monitor Receipt of the first TCP packet for a connection. If that packet is a SYN, (SYN) will be indicated in the log entry. (Of course, the traffic monitor may start in the middle of established connections. It will still count those packets. This also explains why some connection entries may become idle if the traffic monitor is started in the middle of a half-closed connection, and miss the first FIN. Such entries time out in a while.) Receipt of a FIN (with average flow rate) ACK of a FIN Timeouts of TCP entries (with average flow rate) Reset connections (with average flow rate) Everything that appears in the bottom window of the traffic monitor Stopping of the traffic monitor Each log entry includes the date and time the entry was written. Logging is also affected by the defined filters. Log files can grow very fast, so be prepared with plenty of free space and delete unneeded logs. Log write errors are not indicated. Copies of the interface statistics, TCP/UDP statistics, packet size statistics, and LAN host statistics are also written to the log files at regular intervals. See Log Interval... in this chapter. IPTraf closes and reopens the active log file when it receives a USR1 signal. This is useful in cases where a facility is run for long periods of time but the log files have to be cleared or moved. To clear or move an active log file, rename it first. IPTraf will continue to write to the file despite the new name. Then use the UNIX kill command to send the running IPTraf process a USR1 signal. IPTraf will then close the log file and open another with the original name. You can then safely remove or delete the renamed file. Do not delete an open log file. Doing so will only result in a file just as large but filled with null characters (ASCII code 0). Logging comes disabled by default. The USR1 signal is caught only if logging is enabled, it is ignored otherwise. A valid specification of -L on the command line with automatically enable logging for that particular session. The saved configuration setting is not affected. Activity mode Toggles activity indicators in the interface and LAN statistics facilities between kilobits per second (kbits/s) or kilobytes per second (kbytes/s). The default setting is kilobits per second. Source MAC addrs in traffic monitor When enabled, the IP traffic monitor retrieves the packets' source MAC addresses if they came in on an Ethernet, FDDI, or PLIP interface. The addresses appear in the lower window for non-TCP packets, while for TCP connections, they can be viewed by pressing M. No such information is displayed if the network interface doesn't use MAC addresses (such as PPP interfaces). This can be used to determine the actual source of the packets on your local LAN. The traffic monitor also logs the MAC addresses with this option enabled. The default setting is off. Timers The Timers... submenu allows you to IPTraf's interval and timeout functions.
The Timers configuration submenu
TCP Timeout This figure determines the amount of time (in minutes) a connection entry may remain idle before it becomes eligible for replacement by a new connection. The default is 15 minutes. You may want to reduce this on an isolated (not connected to the Internet) LAN or a LAN connected to the Internet with high-speed links. Just enter the new value and press Enter. You can press Ctrl+X to leave the current value unchanged. Log Interval This figure determines the number of minutes between logging of interface statistics, TCP/UDP figures, and LAN host statistics. The default is 60 minutes. This figure is meaningless if logging is disabled. This configuration item can be overridden with the -I when a facility is directly invoked from the command line (not accessed via the main menu), and remains effective for that particular session. The configured value is not affected. Screen Update Interval This value determines the rate in seconds at which the screen is updated. The default is 0, which means the screen is updated as fast as possible, giving close-to-realtime reflection of network activity. However, this high-speed update can cause incredible amounts of traffic if IPTraf is run on a remote terminal (e.g. a Telnet or Secure Shell session). You can set this to a higher value, such as 1 or 2 seconds to slow down the updates. This figure does not affect the rate of data capture. Only the screen refresh is affected. The figures are still updated as fast as possible, although the figure display will no longer be as close to realtime. The default setting is 0, which shouldn't be a problem on the console. Set it to a slightly higher value on remote terminals or slow links. The setting affects all monitoring facilities. Note Updating the screen is one of the slowest operations in a program. Older versions of IPTraf had a problem once network activity became very high. Because each packet caused a screen update, IPTraf began spending more time with the screen updates, causing a loss of packets once network activity reached a certain point. However, since many users like rapid counts on their screen, a compromise was incorporated. Even when the screen update interval is set to 0, there is still a 50ms delay between screen updates (except the LAN station monitor, which has a 100 ms delay). This is still visually fast, but provides more time to the packet capture routine. Higher delays may result in better accuracy of counts and activity. In any case, this setting only affects screen updates. Capture still proceeds as fast as possible. TCP closed/idle persistence This parameter determines the interval (in minutes) at which the IP Traffic Monitor clears from the TCP display window all closed, idle, and timed out entries. Enter 0 to keep such entries on the screen indefinitely, disappearing only when replaced by new connections. Note The TCP timeout... option only tells IPTraf how long it should take before a connection should be considered idle and open to replacement by new connections. This does not determine how long it remains onscreen. The TCP closed/idle persistence... parameter flushes entries that have been closed or reset, or idle for the number of minutes defined by the TCP timeout... option. Custom Information The remaining configuration items allow you to enter information which IPTraf uses for its displays and logs. Additional ports Select this item to enter a port number to be included in the TCP/UDP counts in the TCP/UDP service statistics main menu item described above. By default, port numbers above 1023 are not monitored. If you do have a higher-numbered port to monitor, enter it here. You will see two fields. If you have only one port to enter, just fill up the first field. To specify a range, fill both fields, the first port in the first field, the last port in the second field. You can select this option multiple times to add more values or ranges. Delete port/range Select this item to remove a higher-numbered port number or port range you entered earlier with the Additional ports... option. A window will come up containing the entered ports and ranges. Select the entry you want delete and press Enter. LAN Station Identifiers The LAN station statistics facility monitors stations based on their respective MAC addresses. The hexadecimal notation of these addresses make them even more difficult to remember than the dotted-decimal IP addresses, so these facilities were added to help you better determine which station is which. Selecting the Ethernet/PLIP host descriptions... or FDDI/Token Ring host descriptions... options brings up a submenu asking you to add, edit, or delete descriptions. To add a new description, select the Add description... option. A dialog box will appear, asking you for the MAC address and an appropriate description. Type in the address in hexadecimal notation with no punctuation of any kind. The dialog box is case-insensitive for the address; the alphabetical digits A to F will be stored in lowercase. Use the Tab key to move between fields and Enter to accept. Press Ctrl+X to discard this dialog and return to the main menu. The description may be anything: the IP address, a fully-qualified domain name, or a description of your liking as long as the field can hold. Enter as many descriptions as you need. Press Ctrl+X at a blank dialog after you have entered the last entry These descriptions will be displayed alongside the MAC addresses in the LAN station monitor, together with the type of frame (Ethernet, PLIP, or FDDI). An existing address or description may be edited by selecting the Edit description... option from the submenu. A panel will appear with a list of existing address descriptions. Select the one you wish to edit and press Enter. A dialog box identical to that when you add a description will appear with prefilled fields. Just backspace over and edit the fields. Press Enter to accept or Ctrl+X to cancel. Selecting the Delete description... submenu item brings up the selection panel. Select the description you want to delete and press Enter. You can also press Ctrl+X to cancel the operation. IPTraf 2.4 and later also recognizes the /etc/ethers file. Should a hardware address be present in the IPTraf definition files and in /etc/ethers, the IPTraf definition will be used. Note The description file for Ethernet and PLIP is ethernet.desc, while the FDDI and Token Ring mappings are stored in fddi.desc in the IPTraf working directory. These files are in colon-delimited text format. Database engines or custom scripts can be told to append data lines to those files. Each line follows this simple format: address:description For example 00201e457e:Cisco 3640 gateway Do not put colons, periods, or any invalid characters in the MAC address. Background Operation IPTraf's facilities can be placed in the background solely for logging. When running in the background, it doesn't display any output on the screen, and doesn't receive input from the keyboard, and drops you back to the shell. Before starting a statistical facility in the background, configure IPTraf in the usual way (set filters, add TCP/UDP ports, etc). Once that's done, exit all instances of IPTraf on the system, then invoke IPTraf from the command line with the parameter to start the facility you want, the timeout (-t) parameter if you wish, and the -B parameter to actually daemonize the program. For example, to run the IP traffic monitor in the background for all interfaces, issue the command iptraf -i all -B To run the detailed interface statistics on interface eth0 for 5 minutes in the background: iptraf -d eth0 -t 5 -B If the timeout parameter is not specified, the facility will run until the process receives a USR2 signal. To stop a facility in the background, do a ps x at the command line, and find the process id (pid) of the iptraf process you're looking for. Then send that process a USR2 signal with the kill command: kill -USR2 pid Since IPTraf cannot send error messages to the terminal, all messages are written to the file daemon.log in the IPTraf logging directory. The -B parameter automatically enables logging regardless of its configured setting. The parameter is ignored if not used with one of the parameters to start a facility from the command line. The log file can be specified with the -L command-line parameter. If this parameter is not specified, the default log file name for the facility will be used (see the descriptions of the facilities above for the default log name patterns). If you don't specify an path, the log file will be placed in /var/log/iptraf. The logging interval for all facilities (except the IP traffic monitor) can also be overriden with the -I command-line parameter. Messages IPTraf's messages are presented in two ways. In interactive mode, messages are displayed in a distictive message box. In daemon (background) mode, appropriate messages are written to the iptraf.log file in the IPTraf log directory (normally /var/log/iptraf. IPTraf Messages Unable to create config file IPTraf cannot create the configuration file. The most likely cause of this is that you didn't properly install the program, and the necessary directory /var/local/iptraf does not exist. Can also be generated if you have a disk problem or if you have too many files open. Unable to read config file The configuration record cannot be read. You most likely have a disk problem. Unable to write config file The configuration file cannot be written. You either have a disk problem, or (more likely), your disk is full. Enter an appropriate description for this filter Enter something to clearly describe the filter you are defining. Error loading filter list file IPTraf cannot access the list of defined TCP or UDP filters. Can also be an indicator of a bad disk. Error writing filter list file The filter list file cannot be written to. You may have trouble accessing your filters. Unable to read TCP/UDP/misc IP filter file IPTraf cannot read the filter data off the file. Could be caused by a bad disk. Error opening filter data file IPTraf cannot open the filter file. Could be caused by a shortage of file descriptors or a bad disk. Unable to write filter data IPTraf cannot add the newly defined filter to the filter list. This may be due to a bad disk. Cannot create filter data file IPTraf cannot create the filter record file. The defined filter is lost. Unable to save filter changes IPTraf cannot save the changes you made to the filter. You probably have a disk error. Unable to write filter state information The current state of the filters cannot be saved. IPTraf will be unable to correctly reload the filters the next time it's started. This can be caused by a bad disk or improper installation. Unable to save interface flags IPTraf was unable to save the flags of the network interfaces. This is probably due to a bad installation or full filesystem. Unable to retrieve saved interface flags IPTraf was unable to retrieve the save interface flags. Probably again due to a bad installation or full filesystem. protocol filter data file in use; try again later Filter state file in use; try again later Another IPTraf process is modifying the TCP, UDP or miscellaneous IP filter data or the filter state file and has locked the files or file. Try again once the other IPTraf process has terminated or completed its modifications and unlocked the files. Unable to resolve hostname The indicated host name in the filter cannot be resolved into an IP address. Check the local hosts database /etc/hosts or your machine's DNS configuration or DNS server. The filter parameters will not be used. Unable to open host description file IPTraf cannot open the file containing the descriptions for Ethernet or FDDI addresses. Could be due to a bad disk or a hit on the file descriptor limit. Unable to write host description IPTraf was unable to write the description record for this Ethernet or FDDI address. Could be due to a bad disk or corrupted filesystem. No descriptions You tried to edit or delete a description with no previous descriptions defined. Cannot open log file There is a problem opening the log file. There is most likely a problem with the disk, or there are too many open files. Unable to obtain interface list IPTraf was unable to retrieve the list of network interfaces from the /proc filesystem. This may be due to a badly configured kernel. IPTraf needs /proc filesystem support. No active interfaces. Check their status or the /proc filesystem. IPTraf found no active interfaces. Either all interfaces are down or the /proc/net/dev file was empty or unavailable. Activate at least one interface or check the /proc/net/dev file. Unable to obtain interface parameters for interface The system call to retrieve the interface's flags failed. Check your interface or kernel driver. Promisc change failed for interface The system call to change the promiscuous flag failed. Check your interface or its kernel driver. Unable to open raw socket for flag change IPTraf was unable to open the necessary socket for the promiscuous change operation. May be due to a shortage of file descriptors. Unable to open socket for MTU determination Returned by the facility for detailed interface statistics if the raw socket's opening sequence failed. The facility will abort. Unable to open raw socket IPTraf was unable to open the raw socket for packet capture. May be due to a shortage of file descriptors. Reminder IPTraf 2.x.x requires Linux kernel 2.2.x, with the Packet Socket option compiled in or installed as a module. IPTraf 2.x will return this error on a pre-2.2 kernel or on a 2.2 kernel without Packet Socket. Unable to obtain interface MTU The detailed statistics facility was unable to obtain the maximum transmission unit (MTU) for the selected interface. The facility will abort. Specified interface not supported The interface specified with the -i, -d, -s, -l, or -z command-line parameters is not supported by IPTraf. Specified interface not active The interface specified with the -i, -d, -s, -l, or -z command-line parameters is supported, but not currently activated. Fatal: memory allocation error May occur if you have too little memory to allocate for windows, the menu system, or dialog boxes. IPTraf tries to prevent further allocations if memory runs out during a monitor. However, this could also mean a bug if you're reasonably sure you're not out of memory. An instructional message on bug reporting follows this message. Technical note This is actually a response to the segmentation fault error (SIGSEGV). This program can be run only by the system administrator IPTraf normally does not allow anybody but uid 0 (root) to run it. This measure is included for safety reasons. See the section on recompiling the program below if you want to override this. This feature is built in, and not part of the configuration Your TERM variable is not set The TERM (terminal type) environment variable must be set to a valid terminal type so that the screen management routines can function properly. Set it to the appropriate terminal type. Linux consoles typically have their TERM variables set to linux. Received TERM signal Not related to the previous message. The TERM (terminate) signal is normally used to gracefully shut down a program. This message simply indicates that the TERM signal was caught and IPTraf is attempting to shut down as gracefully as possible. Invalid option or missing parameter, use iptraf -h for help The -i, -d, -s, -l, or -z options were specified but no interface was specified on the command line. These parameters require a valid interface name (or all for -i or -l). This message also appears if an unknown option is passed to the iptraf command. Warning: unable to tag this process IPTraf normally tags itself when it runs to prevent multiple instances of the statistical facilities from running. This message means the program was unable to create the necessary tag file. This may be due to a bad or improper installation. Try running the make install procedure or the Setup in the distribution's top-level directory. Warning: unable to tag facility IPTraf was unable to create the tag file for the facility you started. The facility will still run, but other instances of IPTraf that may be running simultaneously will allow the same facility to run. This may cause both instances of the facility to malfunction. This could be due to a bad disk or bad installation. facility already running/listening on interface The facility you tried to start is currently running on the indicated interface in another IPTraf process on the machine. This restriction is placed to prevent conflicts involving internal sockets or the log files. General interface statistics already active in another process Only one instance of the general interface statistics can run at a time. Duplicate port/range entry You entered a port number or range that was already added to the list of additional ports to be monitored by the TCP/UDP service monitor No custom ports There are no ports or port ranges earlier added. There's nothing to delete. Can't start rvnamed; lookups will block IPTraf cannot start the rvnamed daemon; probably due to a bad installation. IPTraf will fall back to blocking lookups. Can't spawn new process; lookups will block IPTraf cannot start a new process. This may be due to memory shortage. IPTraf will fall back to blocking lookups. Fork error, IPTraf cannot run in background IPTraf cannot start a new process, and can go into the background. This may be due to memory shortage. IPTraf aborts. No memory for new filter entry IPTraf was unable to allocate memory for a new filter entry. Most likely due to memory shortage. Memory Low This indicator appears if memory runs low due to a lot of entries in a facility. Should critical functions fail (window creation, internal allocation), the program could terminate with a segmentation violation. Note Any message or indicator about low memory means that your system does not have enough memory to handle the entries. It is almost certain that sooner or later, IPTraf or other applications will abort due to the failure of important system calls or library functions. Memory must be added right away. IPC Error This indicator appears if an error occurs receiving data from the rvnamed program (IPC stands for Interprocess Communication). This indication should not occur under normal circumstances. Report instances of this condition and the circumstances under which it happens. You may also include data from the rvnamed.log file. Error opening terminal: terminal The screen management routines cannot find the terminfo entry for your terminal. IPTraf expects the terminfo database located in /usr/share/terminfo. This error could occur when your terminfo database is located somewhere else. See the section on controlling the terminfo search path. This will end your IPTraf session In interactive mode IPTraf asks you to confirm your exit command. Press Enter to return to the shell or any other key to cancel your command and return to the main menu. rvnamed Messages As a daemon, rvnamed does not send messages to the screen. It writes its messages to the file rvnamed.log in the IPTraf log directory. Unable to open child communication socket rvnamed was unable to open the communication endpoint for data reception from the children it creates. This is highly unusual, and should it occur, report the circumstances. Unable to open client communication socket rvnamed was unable to open the communication endpoint for data exchange with the IPTraf program. This is highly unusual, and should it occur, report the circumstances. Error binding client communication socket Error binding child communication socket rvnamed was unable to assign a name to the indicated communication socket. This may be due to a bad, full, or corrupted filesystem. Fatal error: no memory for descriptor monitoring rvnamed ran out of memory. IPTraf will resort to blocking, and may freeze. Error on fork, returning IP address rvnamed had a problem spawning a copy of itself to resolve the IP address. rvnamed will simply return the IP address in its literal, dotted-decimal notation. IPTraf will still function normally. This may be due to lack of memory or a process limit hit. Maximum child process limit reached rvnamed has reached its maximum number of child processes. This is intended as a "brake" to prevent too many rvnamed children from hogging your computer's resources and possibly crashing it. Unless IPTraf is monitoring an extremely busy network without filters, this shouldn't happen, at least, not that often. If you notice this message, try applying filters or check your DNS server. Many times, this can happen when the DNS server goes down for whatever reason, and you have rvnamed children taking too long to resolve. GNU Free Documentation License Version 1.1, March 2000
Copyright (C) 2000 Free Software Foundation, Inc. 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA Everyone is permitted to copy and distribute verbatim copies of this license document, but changing it is not allowed.
PREAMBLE The purpose of this License is to make a manual, textbook, or other written document "free" in the sense of freedom: to assure everyone the effective freedom to copy and redistribute it, with or without modifying it, either commercially or noncommercially. Secondarily, this License preserves for the author and publisher a way to get credit for their work, while not being considered responsible for modifications made by others. This License is a kind of "copyleft", which means that derivative works of the document must themselves be free in the same sense. It complements the GNU General Public License, which is a copyleft license designed for free software. We have designed this License in order to use it for manuals for free software, because free software needs free documentation: a free program should come with manuals providing the same freedoms that the software does. But this License is not limited to software manuals; it can be used for any textual work, regardless of subject matter or whether it is published as a printed book. We recommend this License principally for works whose purpose is instruction or reference. APPLICABILITY AND DEFINITIONS This License applies to any manual or other work that contains a notice placed by the copyright holder saying it can be distributed under the terms of this License. The "Document", below, refers to any such manual or work. Any member of the public is a licensee, and is addressed as "you". A "Modified Version" of the Document means any work containing the Document or a portion of it, either copied verbatim, or with modifications and/or translated into another language. A "Secondary Section" is a named appendix or a front-matter section of the Document that deals exclusively with the relationship of the publishers or authors of the Document to the Document's overall subject (or to related matters) and contains nothing that could fall directly within that overall subject. (For example, if the Document is in part a textbook of mathematics, a Secondary Section may not explain any mathematics.) The relationship could be a matter of historical connection with the subject or with related matters, or of legal, commercial, philosophical, ethical or political position regarding them. The "Invariant Sections" are certain Secondary Sections whose titles are designated, as being those of Invariant Sections, in the notice that says that the Document is released under this License. The "Cover Texts" are certain short passages of text that are listed, as Front-Cover Texts or Back-Cover Texts, in the notice that says that the Document is released under this License. A "Transparent" copy of the Document means a machine-readable copy, represented in a format whose specification is available to the general public, whose contents can be viewed and edited directly and straightforwardly with generic text editors or (for images composed of pixels) generic paint programs or (for drawings) some widely available drawing editor, and that is suitable for input to text formatters or for automatic translation to a variety of formats suitable for input to text formatters. A copy made in an otherwise Transparent file format whose markup has been designed to thwart or discourage subsequent modification by readers is not Transparent. A copy that is not "Transparent" is called "Opaque". Examples of suitable formats for Transparent copies include plain ASCII without markup, Texinfo input format, LaTeX input format, SGML or XML using a publicly available DTD, and standard-conforming simple HTML designed for human modification. Opaque formats include PostScript, PDF, proprietary formats that can be read and edited only by proprietary word processors, SGML or XML for which the DTD and/or processing tools are not generally available, and the machine-generated HTML produced by some word processors for output purposes only. The "Title Page" means, for a printed book, the title page itself, plus such following pages as are needed to hold, legibly, the material this License requires to appear in the title page. For works in formats which do not have any title page as such, "Title Page" means the text near the most prominent appearance of the work's title, preceding the beginning of the body of the text. VERBATIM COPYING You may copy and distribute the Document in any medium, either commercially or noncommercially, provided that this License, the copyright notices, and the license notice saying this License applies to the Document are reproduced in all copies, and that you add no other conditions whatsoever to those of this License. You may not use technical measures to obstruct or control the reading or further copying of the copies you make or distribute. However, you may accept compensation in exchange for copies. If you distribute a large enough number of copies you must also follow the conditions in section 3. You may also lend copies, under the same conditions stated above, and you may publicly display copies. COPYING IN QUANTITY If you publish printed copies of the Document numbering more than 100, and the Document's license notice requires Cover Texts, you must enclose the copies in covers that carry, clearly and legibly, all these Cover Texts: Front-Cover Texts on the front cover, and Back-Cover Texts on the back cover. Both covers must also clearly and legibly identify you as the publisher of these copies. The front cover must present the full title with all words of the title equally prominent and visible. You may add other material on the covers in addition. Copying with changes limited to the covers, as long as they preserve the title of the Document and satisfy these conditions, can be treated as verbatim copying in other respects. If the required texts for either cover are too voluminous to fit legibly, you should put the first ones listed (as many as fit reasonably) on the actual cover, and continue the rest onto adjacent pages. If you publish or distribute Opaque copies of the Document numbering more than 100, you must either include a machine-readable Transparent copy along with each Opaque copy, or state in or with each Opaque copy a publicly-accessible computer-network location containing a complete Transparent copy of the Document, free of added material, which the general network-using public has access to download anonymously at no charge using public-standard network protocols. If you use the latter option, you must take reasonably prudent steps, when you begin distribution of Opaque copies in quantity, to ensure that this Transparent copy will remain thus accessible at the stated location until at least one year after the last time you distribute an Opaque copy (directly or through your agents or retailers) of that edition to the public. It is requested, but not required, that you contact the authors of the Document well before redistributing any large number of copies, to give them a chance to provide you with an updated version of the Document. MODIFICATIONS You may copy and distribute a Modified Version of the Document under the conditions of sections 2 and 3 above, provided that you release the Modified Version under precisely this License, with the Modified Version filling the role of the Document, thus licensing distribution and modification of the Modified Version to whoever possesses a copy of it. In addition, you must do these things in the Modified Version: Use in the Title Page (and on the covers, if any) a title distinct from that of the Document, and from those of previous versions (which should, if there were any, be listed in the History section of the Document). You may use the same title as a previous version if the original publisher of that version gives permission. List on the Title Page, as authors, one or more persons or entities responsible for authorship of the modifications in the Modified Version, together with at least five of the principal authors of the Document (all of its principal authors, if it has less than five). State on the Title page the name of the publisher of the Modified Version, as the publisher. Preserve all the copyright notices of the Document. Add an appropriate copyright notice for your modifications adjacent to the other copyright notices. Include, immediately after the copyright notices, a license notice giving the public permission to use the Modified Version under the terms of this License, in the form shown in the Addendum below. Preserve in that license notice the full lists of Invariant Sections and required Cover Texts given in the Document's license notice. Include an unaltered copy of this License. Preserve the section entitled "History", and its title, and add to it an item stating at least the title, year, new authors, and publisher of the Modified Version as given on the Title Page. If there is no section entitled "History" in the Document, create one stating the title, year, authors, and publisher of the Document as given on its Title Page, then add an item describing the Modified Version as stated in the previous sentence. Preserve the network location, if any, given in the Document for public access to a Transparent copy of the Document, and likewise the network locations given in the Document for previous versions it was based on. These may be placed in the "History" section. You may omit a network location for a work that was published at least four years before the Document itself, or if the original publisher of the version it refers to gives permission. In any section entitled "Acknowledgements" or "Dedications", preserve the section's title, and preserve in the section all the substance and tone of each of the contributor acknowledgements and/or dedications given therein. Preserve all the Invariant Sections of the Document, unaltered in their text and in their titles. Section numbers or the equivalent are not considered part of the section titles. Delete any section entitled "Endorsements". Such a section may not be included in the Modified Version. Do not retitle any existing section as "Endorsements" or to conflict in title with any Invariant Section. If the Modified Version includes new front-matter sections or appendices that qualify as Secondary Sections and contain no material copied from the Document, you may at your option designate some or all of these sections as invariant. To do this, add their titles to the list of Invariant Sections in the Modified Version's license notice. These titles must be distinct from any other section titles. You may add a section entitled "Endorsements", provided it contains nothing but endorsements of your Modified Version by various parties--for example, statements of peer review or that the text has been approved by an organization as the authoritative definition of a standard. You may add a passage of up to five words as a Front-Cover Text, and a passage of up to 25 words as a Back-Cover Text, to the end of the list of Cover Texts in the Modified Version. Only one passage of Front-Cover Text and one of Back-Cover Text may be added by (or through arrangements made by) any one entity. If the Document already includes a cover text for the same cover, previously added by you or by arrangement made by the same entity you are acting on behalf of, you may not add another; but you may replace the old one, on explicit permission from the previous publisher that added the old one. The author(s) and publisher(s) of the Document do not by this License give permission to use their names for publicity for or to assert or imply endorsement of any Modified Version. COMBINING DOCUMENTS You may combine the Document with other documents released under this License, under the terms defined in section 4 above for modified versions, provided that you include in the combination all of the Invariant Sections of all of the original documents, unmodified, and list them all as Invariant Sections of your combined work in its license notice. The combined work need only contain one copy of this License, and multiple identical Invariant Sections may be replaced with a single copy. If there are multiple Invariant Sections with the same name but different contents, make the title of each such section unique by adding at the end of it, in parentheses, the name of the original author or publisher of that section if known, or else a unique number. Make the same adjustment to the section titles in the list of Invariant Sections in the license notice of the combined work. In the combination, you must combine any sections entitled "History" in the various original documents, forming one section entitled "History"; likewise combine any sections entitled "Acknowledgements", and any sections entitled "Dedications". You must delete all sections entitled "Endorsements." COLLECTIONS OF DOCUMENTS You may make a collection consisting of the Document and other documents released under this License, and replace the individual copies of this License in the various documents with a single copy that is included in the collection, provided that you follow the rules of this License for verbatim copying of each of the documents in all other respects. You may extract a single document from such a collection, and distribute it individually under this License, provided you insert a copy of this License into the extracted document, and follow this License in all other respects regarding verbatim copying of that document. AGGREGATION WITH INDEPENDENT WORKS A compilation of the Document or its derivatives with other separate and independent documents or works, in or on a volume of a storage or distribution medium, does not as a whole count as a Modified Version of the Document, provided no compilation copyright is claimed for the compilation. Such a compilation is called an "aggregate", and this License does not apply to the other self-contained works thus compiled with the Document, on account of their being thus compiled, if they are not themselves derivative works of the Document. If the Cover Text requirement of section 3 is applicable to these copies of the Document, then if the Document is less than one quarter of the entire aggregate, the Document's Cover Texts may be placed on covers that surround only the Document within the aggregate. Otherwise they must appear on covers around the whole aggregate. TRANSLATION Translation is considered a kind of modification, so you may distribute translations of the Document under the terms of section 4. Replacing Invariant Sections with translations requires special permission from their copyright holders, but you may include translations of some or all Invariant Sections in addition to the original versions of these Invariant Sections. You may include a translation of this License provided that you also include the original English version of this License. In case of a disagreement between the translation and the original English version of this License, the original English version will prevail. TERMINATION You may not copy, modify, sublicense, or distribute the Document except as expressly provided for under this License. Any other attempt to copy, modify, sublicense or distribute the Document is void, and will automatically terminate your rights under this License. However, parties who have received copies, or rights, from you under this License will not have their licenses terminated so long as such parties remain in full compliance. FUTURE REVISIONS OF THIS LICENSE The Free Software Foundation may publish new, revised versions of the GNU Free Documentation License from time to time. Such new versions will be similar in spirit to the present version, but may differ in detail to address new problems or concerns. See http://www.gnu.org/copyleft/. Each version of the License is given a distinguishing version number. If the Document specifies that a particular numbered version of this License "or any later version" applies to it, you have the option of following the terms and conditions either of that specified version or of any later version that has been published (not as a draft) by the Free Software Foundation. If the Document does not specify a version number of this License, you may choose any version ever published (not as a draft) by the Free Software Foundation. How to use this License for your documents To use this License in a document you have written, include a copy of the License in the document and put the following copyright and license notices just after the title page:
Copyright (c) YEAR YOUR NAME. Permission is granted to copy, distribute and/or modify this document under the terms of the GNU Free Documentation License, Version 1.1 or any later version published by the Free Software Foundation; with the Invariant Sections being LIST THEIR TITLES, with the Front-Cover Texts being LIST, and with the Back-Cover Texts being LIST. A copy of the license is included in the section entitled "GNU Free Documentation License".
If you have no Invariant Sections, write "with no Invariant Sections" instead of saying which ones are invariant. If you have no Front-Cover Texts, write "no Front-Cover Texts" instead of "Front-Cover Texts being LIST"; likewise for Back-Cover Texts. If your document contains nontrivial examples of program code, we recommend releasing these examples in parallel under your choice of free software license, such as the GNU General Public License, to permit their use in free software. iptraf-3.0.0/Documentation/manual.html0100644000000000000000000001552210274340277016465 0ustar rootroot IPTraf User's Manual

IPTraf User's Manual

Copyright © 1997, 2003 by Gerard Paul Java

Version 3.0.0
Table of Contents
About This Document
For Additional Information
Document Conventions
Getting Started
About IPTraf
Installation
System Requirements
Availability
Installing Downloaded Packages
Installing a Floppy Distribution
Upgrading from Earlier Versions
Starting and Stopping IPTraf
Command-line Options
Using the Menus
Exiting IPTraf
Preparing to Use IPTraf
Number Display Notations
Instances and Logging
Screen Update Delays
Supported Network Interfaces
The IP Traffic Monitor
The Upper Window
Closed/Idle/Timed Out Connections
Sorting TCP Entries
Lower Window
Entry Details
Additional Information
Network Interface Statistics
General Interface Statistics
Detailed Interface Statistics
Statistical Breakdowns
Packet Sizes
TCP and UDP Traffic Statistics
Sorting TCP/UDP Entries
Additional Information
LAN Station Statistics
Sorting the LAN Station Monitor Entries
Additional Information
Filters
IP Filters
Defining a New Filter
Applying a Filter
Editing a Defined Filter
Deleting a Defined Filter
Detaching a Filter
ARP, RARP, and other Non-IP Packet Filters
Configuring IPTraf
Toggles
Reverse DNS Lookups
TCP/UDP Service Names
Force promiscuous
Color
Logging
Activity mode
Source MAC addrs in traffic monitor
Timers
TCP Timeout
Log Interval
Screen Update Interval
TCP closed/idle persistence
Custom Information
Additional ports
Delete port/range
LAN Station Identifiers
Background Operation
Messages
IPTraf Messages
rvnamed Messages
GNU Free Documentation License
PREAMBLE
APPLICABILITY AND DEFINITIONS
VERBATIM COPYING
COPYING IN QUANTITY
MODIFICATIONS
COMBINING DOCUMENTS
COLLECTIONS OF DOCUMENTS
AGGREGATION WITH INDEPENDENT WORKS
TRANSLATION
TERMINATION
FUTURE REVISIONS OF THIS LICENSE
How to use this License for your documents
  Next >>>
  About This Document
iptraf-3.0.0/Documentation/ln9.html0100644000000000000000000000445710274340274015714 0ustar rootroot
IPTraf User's Manual

This manual is released under the terms of the GNU Free Documentation License of March, 2000 as published by the Free Software Foundation, reproduced in this manual as Appendix B.

IPTraf is open-source software released under the terms of the GNU General Public License version 2 or any later version as published by the Free Software Foundation, reproduced in the LICENSE file in the distribution's top-level directory.

The accomanying software and the information contained in this document are provided "AS IS" without warranty of any kind, express or implied, including, without limitation, the implied warranties of mercantability or fitness for any particular purpose.

In no event shall the author be liable for any indirect, special, consequential, or incidental damages arising from the use of this manual or the accompanying software even if the author has been advised of the possibility of such damages.

Linux is a registered trademark of Linus Torvalds. Pentium is a registered trademark of Intel Corporation. All other trademarks are property of their respective owners.

Some structure declarations were based on code copyrighted by the Regents of the University of California.

Token Ring parsing code based on the Token Ring packet construction code in the Linux 2.2 kernel.

 Home 
iptraf-3.0.0/Documentation/preface.html0100644000000000000000000000462310274340275016613 0ustar rootroot About This Document
IPTraf User's Manual
<<< PreviousNext >>>

About This Document

This document contains the instructions on how to use the IPTraf network monitoring software version 3.0. This manual details the different statistical facilities, the user interface, and the important features of the software.

For Additional Information

See the included README file for summarized and late-breaking information. Also read the RELEASE-NOTES file for important new information about this new version. The CHANGES file contains a record of the changes made to the software since 1.0.0. README.rvnamed contains information on the rvnamed reverse resolution program. See the other README files for support and development information.

<<< PreviousHomeNext >>>
IPTraf User's Manual Document Conventions
iptraf-3.0.0/Documentation/conventions.html0100644000000000000000000000723710274340275017557 0ustar rootroot Document Conventions
IPTraf User's Manual
<<< PreviousAbout This DocumentNext >>>

Document Conventions

The following symbols and typefaces are used throughout this manual:

[ ]

items in brackets are optional. Brackets also denote items that may or may not be displayed onscreen depending on settings or conditions.

{ }

curly braces enclose items you choose from

|

the vertical bar separates choices in curly braces

normal monospace

normal monospace text in syntax specifications should be typed in exactly as presented. Because UNIX and variants are case-sensitive, case must be preserved. Monospace is also used in presenting items that appear on the screen.

monospace italics

italics in syntax specifications indicate items that are to be replaced with an actual item (e.g. interface should be replaced with an actual interface name, like eth0).

Additional information appears distinctively set apart from the main text. This information includes Notes, Tips, or Technical Notes.

Notes are additional pieces of information that may be useful or may clarify the preceeding paragraphs of the manual.

Tips provide shortcuts, clarify tasks that may not be immediately obvious, or provide references to additional sources of information.

Technical notes are explanations of a more technical nature and may be of more use to programmers and advanced users.

<<< PreviousHomeNext >>>
About This DocumentUpGetting Started
iptraf-3.0.0/Documentation/gettingstarted.html0100644000000000000000000000673610274340275020245 0ustar rootroot Getting Started
IPTraf User's Manual
<<< PreviousNext >>>

Getting Started

About IPTraf

IPTraf is a network monitoring utility and traffic analyzer for IP networks. It intercepts packets and returns data about captured the network traffic in various statistical facilities.

IPTraf comes with these major features:

  • An IP traffic monitor that shows TCP connection information (hosts, packet/byte counts, flags, window sizes), and color-coded information about other IP packets

  • Statistics (counts and load rates) for network interfaces in general and detailed views

  • Statistics per TCP/UDP port

  • Statistical breakdown according to packet sizes

  • A LAN host monitor that returns counts and loads per detected MAC address

  • A powerful filtering system for users to view only interesting traffic

  • Logging

  • An asynchronous DNS resolver for the IP traffic monitor

  • A text-based, full-color, menu-driven user interface suitable for use on all Linux systems with terminals, especially Linux consoles and color xterms

  • Easy configuration

  • Fully software-based. No additional hardware required

Basic knowledge of the important TCP/IP protocols (IP, TCP, UDP, ICMP, etc.) is necessary for you to best understand the information generated by the program.

<<< PreviousHomeNext >>>
Document Conventions Installation
iptraf-3.0.0/Documentation/installation.html0100644000000000000000000002505110274340275017705 0ustar rootroot Installation
IPTraf User's Manual
<<< PreviousGetting StartedNext >>>

Installation

IPTraf is most readily available on the Internet, but some may receive it on a diskette. Here are the instructions for both types of distributions.

System Requirements

IPTraf requires:

Hardware Requirements

  • 16 megabytes of physical RAM (more recommended, at least 64 MB for very busy networks)

  • 2 megabytes of free disk space for installation (more will be needed if you log high amounts of traffic over time)

  • Pentium-class processor or higher (Pentium-II 200 MHz or higher recommended) or equivalent.

  • One or more of the supported network interfaces.

Operating System Requirements

  • Linux kernel 2.2.0 or higher

  • GNU C Library 2.1 or later

  • ncurses 4.2 or later with the complete terminfo database in /usr/share/terminfo. Support for linux, vt100, xterm, xterm-color recommended.

Compilation Requirements

The following components are required when compiling IPTraf from the source code.

  • gcc 2.7.2.3 or later

  • GNU C (glibc) development library 2.1 or later

  • ncurses development libraries 4.2 or later

Availability

IPTraf can be downloaded from the Internet from the official FTP site at ftp://iptraf.seul.org/pub/iptraf/.

The software is available in source form in compressed .tar.gz files named iptraf-x.y.z.tar.gz where x.y.z is the version number. Precompiled ready-to-run software is available in the iptraf-x.y.z.machinetype.bin.tar.gz files. (machinetype indicates what platform the precompiled binaries run on. The official distribution will only be for the Intel x86 architecture indicated as i386.)

Installing Downloaded Packages

You will need to have GNU tar and GNU zip installed. All modern Linux installations already have these utilities ready.

  1. Decompress the .tar.gz file by entering

    tar zxvf iptraf-x.y.z.tar.gz

    for the source code or

    tar zxvf iptraf-x.y.z.i386.bin.tar.gz

    for the precompiled x86 programs.

    If your tar doesn't support the z option, you can separately decompress the .tar.gz file then extract the resulting .tar archive.

    gunzip iptraf-x.y.z.tar.gz
tar xvf iptraf-x.y.z.tar

    This will decompress the sources into a directory called iptraf-x.y.z (source code) or iptraf-x.y.z.bin (precompiled). (x.y.z here should be the IPTraf version number you're installing, like 3.0.0).

  2. Change to the created top level directory.

  3. To compile and install the software, run the Setup program by entering

    ./Setup

    while you are logged in as root. The Setup script will recognize the source distribution and compile the software before installing. It will immediately install a precompiled distribution.

The resulting binaries will be placed in the /usr/local/bin directory. All needed directories will also be created.

After installation, you will be asked if you want to read the RELEASE-NOTES file. It is recommended that you do so at that point, since the RELEASE-NOTES file contains important information about the new version.

Installing a Floppy Distribution

If you received IPTraf on a diskette, the sources are already decompressed. The diskette is in Second Extended filesystem format. Perform the following steps to install the software.

  1. Insert the floppy in the drive.

  2. Mount the floppy on an empty directory. For example, to mount the floppy in the first floppy drive under a directory called /mnt, enter

    mount -t ext2 /dev/fd0 /mnt

    This assumes your floppy is in /dev/fd0. You can use any empty directory in place of /mnt. With most Linux installations, this will work fine.

  3. After mounting, change to the /mnt (or whatever) directory.

  4. Enter

    ./Setup

    while logged in as root. Setup will determine whether the diskette contains a source code distribution or ready-to-run precompiled software. This will copy the binaries to /usr/local/bin, and create the necessary working directories.

  5. Unmount the diskette by typing

    umount /mnt

    (That's umount, not unmount.)

    You can then eject the diskette. Store it in a safe place.

    You will also be asked if you want to view the RELEASE-NOTES file. It is recommended that you do so at that point.

    In both cases (downloaded and floppy), the installation will store the program in /usr/local/bin with the binaries owned by user root, readable, writable, and executable by the owner, no permissions for the group, no permissions for all others. (700 octal, or -rwx------).

    NoteNote
     

    You must be root to do the installation. The old style of installation (cd src;make install) is still supported.

Be sure /usr/local/bin is included in your environment's PATH variable. You can edit the appropriate command in your login customization file (.profile for the Bourne-type shells, .cshrc for the C shell and its relatives).

<<< PreviousHomeNext >>>
Getting StartedUpUpgrading from Earlier Versions
iptraf-3.0.0/Documentation/upgrading.html0100644000000000000000000000450510274340275017165 0ustar rootroot Upgrading from Earlier Versions
IPTraf User's Manual
<<< PreviousGetting StartedNext >>>

Upgrading from Earlier Versions

IPTraf 3.0 is a major revision from IPTraf 2.7. The filter subsystem has been completely redesigned and as such, is incompatible with previous filter formats. Therefore old IPTraf filters can no longer be used. The installation procedure for IPTraf 3.0 will rename the filter list files but not delete them.

If you install a distribution package (e.g. RPM, dpkg), old filters may still appear in the filter selection list but the new IPTraf version will be unable to load them.

<<< PreviousHomeNext >>>
InstallationUpStarting and Stopping IPTraf
iptraf-3.0.0/Documentation/startstop.html0100644000000000000000000001143210274340275017245 0ustar rootroot Starting and Stopping IPTraf
IPTraf User's Manual
<<< PreviousGetting StartedNext >>>

Starting and Stopping IPTraf

After installation, you can start the program by simply entering

iptraf

at the shell prompt. You will see a copyright notice, with an instruction to press any key to get started. Just press any character key, and you will be immediately taken to the main menu. All major functions of the program are found there.

Entering the IPTraf command without any command-line parameters brings up the program's main menu. From there, you can select the facilities you want.

IPTraf determines and makes use of the maximum number of lines and columns on the terminal.

NoteNote
 

IPTraf does not have a SIGWINCH handler; it does not adjust itself when an xterm or some other X terminal is resized.

NoteTechnical note
 

IPTraf needs to refer to the terminfo database in /usr/share/terminfo. If the supplied executable program fails with Error opening terminal, your terminfo database may be located somewhere else. You can control the terminfo search path by using the TERMINFO environment variable. For example, if you're using the sh or bash shell, and your terminfo database is in /usr/lib/terminfo (typical for Slackware distributions), you can use the commands: 

TERMINFO=/usr/lib/terminfo
export TERMINFO

You can place these commands in your ~/.profile or the systemwide /etc/profile startup files.

You can also create a symbolic link named /usr/share/terminfo to let it point to your existing terminfo (assuming again your terminfo is in /usr/lib/terminfo):

ln -s /usr/lib/terminfo /usr/share/terminfo

Or you can recompile your program to use your existing ncurses library installation. If you do this, make sure you have ncurses 4.2 or later.

<<< PreviousHomeNext >>>
Upgrading from Earlier VersionsUpCommand-line Options
iptraf-3.0.0/Documentation/cmdline.html0100644000000000000000000001621510274340275016621 0ustar rootroot Command-line Options
IPTraf User's Manual
<<< PreviousGetting StartedNext >>>

Command-line Options

IPTraf has a few optional command-line parameters. As with most UNIX commands, IPTraf command-line parameters are case-sensitive (-l is NOT the same as -L).

The following command-line parameters can be supplied to the iptraf command:

-i iface

causes the IP traffic monitor to start immediately on the specified interface. If -i all is specified, all interfaces are monitored.

-g

starts the general interface statistics

-d iface

shows detailed statistics for the specified interface

-s iface

starts the TCP/UDP traffic monitor for the specified interface

-z iface

starts the packet size breakdown for the specified interface

-l iface

starts the LAN station monitor on the specified interface. If -l all is specified, all LAN interfaces are monitored.

-t timeout

The -t parameter, when used with one of the other parameters that specify a facility to start, tells IPTraf to run the indicated facility for only timeout minutes, after which the facility exits. The -t parameter is ignored in menu mode.

If this parameter is not specified, the facility runs until the exit keystroke is pressed.

-B

Redirects all terminal output to the "bit bucket" /dev/null, closes standard input, and places the program in the background. This parameter can be used only with one of the -i, -g, -d, -s, -z, or -l parameters. See Background Operation in Chapter 9. -B is ignored in menu mode.

-L filename

Allows you to specify an alternate log file name when the any facility is directly started from the command line, whether in foreground or background mode. If specified in foreground mode, the log filename prompt is bypassed, even when logging is turned on in the Configure... menu. If this parameter is omitted in background mode, the default log filename is used.

This parameter always turns on logging.

If an absolute path is not specified, the log file will be created in the default log file directory

-I interval

Sets the logging interval (in minutes) when the -L parameter is used. This overrides the Log interval... setting in the Configure... menu. If omitted, the configured value is used. This parameter is ignored when the -L parameter is omitted and logging is disabled.

The value specified here will affect all facilities except for the IP traffic monitor.

-q

Previously used to suppress the warning screen when IPTraf is run on kernels with IP masquerading. Since the masquerading code now processes packets in a way better suited to raw capture, this parameter is no longer needed and is retained only for compatibility.

-f

Forces IPTraf to clear all lock files and reset all instance counters to zero before running any facilities. IPTraf will then think it's the first instance of itself.

The -f parameter overrides the existing locks and counters imposed by the IPTraf process and by the various facilities, causing this instance to think it is the first and that there are no other facilities running. Use this parameter with great caution. A common use for this parameter is to recover from abrupt or abnormal terminations which may leave stale locks and counters still lying around.

The -f parameter may be used together with the others.

iptraf -h

displays a short help screen

While the command-line options are case-sensitive, interactive keystroke at the IPTraf full-screen interface are not.

<<< PreviousHomeNext >>>
Starting and Stopping IPTrafUpUsing the Menus
iptraf-3.0.0/Documentation/menus.html0100644000000000000000000000466010274340275016336 0ustar rootroot Using the Menus
IPTraf User's Manual
<<< PreviousGetting StartedNext >>>

Using the Menus

Menu items with a trailing ellipsis (...) either pop up a submenu with further items, or require additional information before it can complete the task and return to the menu. Menu items without an ellipsis execute immediately.

Use the Up and Down arrow keys on your keyboard to move the selection bar. Press Enter to execute the selected item. Alternatively, you can also directly press the highlighted letter of the item you want. This will immediately execute the option.

Figure 1. The IPTraf Main Menu

<<< PreviousHomeNext >>>
Command-line OptionsUpExiting IPTraf
iptraf-3.0.0/Documentation/exiting.html0100644000000000000000000000467010274340275016657 0ustar rootroot Exiting IPTraf
IPTraf User's Manual
<<< PreviousGetting StartedNext >>>

Exiting IPTraf

You can exit IPTraf with the Exit command in the main menu.

When started with one of the command-line options to directly start a statistical facility, pressing X or Q will exit the facility directly, without any confirmation. The -t command-line parameter will automatically exit the facility after the specified length of time without any confirmation as well. Daemon facilities started with the -B parameter will immediately terminate after being sent a USR2 signal. See background operation in chapter 9 for more information.

<<< PreviousHomeNext >>>
Using the MenusUpPreparing to Use IPTraf
iptraf-3.0.0/Documentation/preparingtouse.html0100644000000000000000000000617710274340275020263 0ustar rootroot Preparing to Use IPTraf
IPTraf User's Manual
<<< PreviousNext >>>

Preparing to Use IPTraf

This chapter provides information applicable to all of IPTraf's statistical monitors.

Number Display Notations

IPTraf initially returns exact counts of bytes and packets. However, as they grow larger, IPTraf begins displaying them in increasingly higher denominations.

A number standing alone with no suffix represents an exact count. A number with a K following is a kilo (thousand) figure. An M, G, and T suffix represents mega (million), giga (billion), and tera (trillion) respectively. The following table shows examples.

Table 1. Numeric Display Notations

1024067exactly 1024067
1024Kapproximately 1024000
1024Mapproximately 1024000000
1024Gapproximately 1024000000000
1024Tapproximately 1024000000000000

These notations apply to both packet and byte counts.

<<< PreviousHomeNext >>>
Exiting IPTraf Instances and Logging
iptraf-3.0.0/Documentation/instances.html0100644000000000000000000000703310274340275017173 0ustar rootroot Instances and Logging
IPTraf User's Manual
<<< PreviousPreparing to Use IPTrafNext >>>

Instances and Logging

Since version 2.4, IPTraf allows multiple instances of the facilities at the same time in different processes (for example, you can now run two or more IP Traffic Monitors at the same time). However only one can listen on a specific interface or all interfaces at once. The only exception is the general interface statistics, which is still restricted to only one instance at a time.

Because of this relaxation, each instance now generates log files with unique names for instances, depending on either their instance or the interface they're listening on. If the Logging option is turned on (see the Configuration chapter), IPTraf will prompt you for a log file name while presenting a default. You may accept this default or change it. Press Enter to accept, or Ctrl+X to cancel. Canceling will turn logging off for that particular session.

If you don't specify an absolute path, the log file will be placed in /var/log/iptraf.

Figure 1. The logfile prompt dialog

See the Logging section in the Configuration chapter for detailed information on logging. See also the documentation on each statistical facility for the default log file names.

The default log file names will also be used if the -B parameter is used to run IPTraf in the background. You can override the defaults with the -L parameter. See Background Operation in Chapter 9.

<<< PreviousHomeNext >>>
Preparing to Use IPTrafUpScreen Update Delays
iptraf-3.0.0/Documentation/updates.html0100644000000000000000000000437210274340275016654 0ustar rootroot Screen Update Delays
IPTraf User's Manual
<<< PreviousPreparing to Use IPTrafNext >>>

Screen Update Delays

Older versions of IPTraf updated the screen as soon as a packet was received. However, screen update is one of the slowest operations the program performs. Since version 1.3, a configuration option has been available to control screen update speed.

See the Screen update interval... configuration option under the Configuration chapter of this manual.

<<< PreviousHomeNext >>>
Instances and LoggingUpSupported Network Interfaces
iptraf-3.0.0/Documentation/ifaces.html0100644000000000000000000001310510274340275016433 0ustar rootroot Supported Network Interfaces
IPTraf User's Manual
<<< PreviousPreparing to Use IPTrafNext >>>

Supported Network Interfaces

IPTraf currently supports the following network interface types and names.

lo

The loopback interface. Every machine has one, and has an IP address of 127.0.0.1. lo is also indicated if data is detected on the dummyn interface(s).

ethn

An Ethernet interface. n starts from 0. Therefore, eth0 refers to the first Ethernet interface, eth1 to the second, and so on. Most machines only have one.

fddin

An FDDI interface. n starts from 0.

trn

A Token Ring interface, where n starts from 0.

pppn

A PPP interface. n starts from 0.

slin

A SLIP interface. n starts from 0.

ipppn

A synchronous PPP interface using ISDN. n starts from 0.

isdnn

ISDN interfaces can be given arbitrary names, but for them to work with IPTraf, they must be named isdnn. IPTraf supports synchronous PPP (the ipppn interfaces above), raw IP, and Cisco-HDLC encapsulation.

plipn

PLIP interfaces. These are point-to-point IP connections using the PC parallel port.

ipsecn

This refers to Free s/WAN (and possibly other) logical VPN interfaces.

sbnin

SBNI long-range modem interfaces

dvbn, sm200, sm300

DVB satellite-receive interfaces

wlann, wvlann

Wireless LAN interfaces

tunn

general logical tunnel interfaces

brgn

general logical bridge interfaces

hdlcn

Frame Relay base (FRAD) interfaces (non-PVC)

pvcn

Frame Relay Permanent Virtual Circuit interfaces

Your system's network interfaces must be named according to the schemes specified above.

<<< PreviousHomeNext >>>
Screen Update DelaysUpThe IP Traffic Monitor
iptraf-3.0.0/Documentation/itrafmon.html0100644000000000000000000004226310274340275017027 0ustar rootroot The IP Traffic Monitor
IPTraf User's Manual
<<< PreviousNext >>>

The IP Traffic Monitor

Executing the first menu item or specifying -i to the iptraf command takes you to the IP traffic monitor. The traffic monitor is a real-time monitoring system that intercepts all packets on all detected network interfaces, decodes the IP information on all IP packets and displays the appropriate information, most notably the source and destination addresses. It also determines the encapsulated protocol within the IP packet, and displays some important information about that as well.

There are two windows in the traffic monitor, both of which can be scrolled with the Up and Down cursor keys. Just press W to move the Active indicator to the window you want to control.

Figure 1. The IP traffic monitor

The Upper Window

The upper window of the traffic monitor displays the currently detected TCP connections. Information about TCP packets are displayed here. The window contains these pieces of information:

  • Source address and port

  • Packet count

  • Byte count

  • Source MAC address

  • Packet Size

  • Window Size

  • TCP flag statuses

  • Interface

NoteNote
 

Previous versions of IPTraf showed both the source and destination addresses on each line. IPTraf 2 and higher show only the source host:port combination to save on screen real estate. TCP connection endpoints are still indicated with the green brackets (on color terminals) along the left edge of the screen.

The Up and Down cursor keys move an indicator bar between entries in the TCP monitor, scrolling the window if necessary. The PgUp and PgDn keys display the previous and next screenfuls of entries respectively.

The IP traffic monitor computes the data flow rate of the currently highlighted TCP flow and displays it on the lower-right corner of the screen. The flow rate is in kilobits or kilobytes per second depending on the Activity mode switch in the Configure... menu.

Because this monitoring system relies solely on packet information, it does not determine which endpoint initiated the connection. In other words, it does not know which endpoints are the client and server. This is necessary because it can operate in promiscuous mode, and as such cannot determine the socket statuses for other machines on the LAN. However, a little knowledge of the well-known TCP port numbers can give a good idea about which address is that of the server.

The system therefore displays two entries for each connection, one for each direction of the TCP connection. To make it easier to determine the direction pairs of each connection, a bracket is used to "join" both together. This bracket appears at the leftmost part of each entry.

Just because a host entry appears at the upper end of a connection bracket doesn't mean it was the initiator of the connection.

Each entry in the window contains these fields:

Source address and port

The source address and port indicator is in address:port format. This indicates the source machine and TCP port on that machine from which this data is coming.

The destination is the host:port at the other end of the bracket.

Packet count

The number of packets received for this direction of the TCP connection

Byte count

The number of bytes received for this direction of the TCP connection. These bytes include total IP and TCP header information, in addition to the actual data. Data link header (e.g. Ethernet and FDDI) data are not included.

Source MAC address

The address of the host on your local LAN that delivered this packet. This can be viewed by pressing M once if Source MAC addrs in traffic monitor is enabled in the Configure... menu.

Packet Size

The size of the most recently received packet. This item is visible if you press M for more TCP information. This is the size of the IP datagram only, not including the data link header.

Window Size

The advertised window size of the most recently received packet. This item is visible if you press M for more TCP information.

Flag statuses

The flags of the most recently received packet.

S

SYN. A synchronization is taking place in preparation for connection establishment. If only an S is present (S---) the source is trying to initiate a connection. If an A is also present (S-A-), this is an acknowledgment of a previous connection request, and is responding.

A

ACK. This is an acknowledgment of a previously received packet

P

PSH. A request to push all data to the top of the receiving queue

U

URG. This packet contains urgent data

RESET

RST. The source machine indicated in this direction reset the entire connection. The direction entries for reset connections become available for new connections.

DONE

The connection is done sending data in this direction, and has sent a FIN (finished) packet, but has not yet been acknowledged by the other host.

CLOSED

The FIN has been acknowledged by the other host. When both directions of a connection are marked CLOSED, the entries they occupy become available for new connection entries.

-

The flag is not set

Some other pieces of information can be viewed as well. The M key displays more TCP information. Pressing M once displays the MAC addresses of the LAN hosts that delivered the packets (if the Source MAC addrs in traffic monitor option is enabled in the Configure... menu). N/A is displayed if no packets have been received from the source yet, or if the interface doesn't support MAC addresses (such as PPP interfaces).

If the Source MAC addrs in traffic monitor option is not enabled, pressing M simply toggles between the counts and the packet and window sizes.

By default, only IP addresses are displayed, but if you have access to a name server or host table, you may enable reverse lookup for the IP addresses. Just enable reverse lookup in the Configure... menu.

The rvnamed Process

The IP traffic monitor starts a daemon called rvnamed to help speed up reverse lookups without sacrificing too much keyboard control and accuracy of the counts. While reverse lookup is being conducted in the background, IP addresses will be used until the resolution is complete.

If for some reason rvnamed cannot start (probably due to improper installation or lack of memory), and you are on the Internet, and you enable reverse lookup, your keyboard control can become very slow. This is because the standard lookup functions do not return until they have completed their tasks, and it can take several seconds for a name resolution in the foreground to complete.

rvnamed will spawn up to 200 children to process reverse DNS queries.

TipTip
 

If you notice unusual SYN activity (too many initial (S---) but frozen SYN entries, or rapidly increasing initial SYN packets for a single connection), you may be under a SYN flooding attack or TCP port scan. Apply appropriate measures, or the targeted machines may begin denying network services.

Entries not updated within a user-configurable amount of time may get replaced with new connections. The default time is 15 minutes. This is regardless of whether the connection is closed or not. (Some unclosed connections may be due to extremely slow links or crashes at either end of the connection.) This figure can be changed at the Configure... menu.

Some early entries may have a > symbol in front of its packet count. This means the connection was already established when the monitor started. In other words, the figures indicated do not reflect the counts since the start of the TCP connection, but rather, since the start of the traffic monitor. Eventually, these > entries will close (or time out) and disappear. TCP entries without the > were initiated after the traffic monitor started, and the counts indicate the totals of the connection itself. Just consider entries with > partial.

Some > entries may go idle if the traffic monitor was started when these connections were already half-closed (FIN sent by one host, but data still being sent by the other). This is because the traffic monitor cannot determine if a connection was already half-closed when it started. These entries will eventually time out. (To minimize these entries, an entry is not added by the monitor until a packet with data or a SYN packet is received.)

Direction entries also become available for reuse if an ICMP Destination Unreachable message is received for the connection.

The lower part of the screen contains a summary line showing the IP, TCP, UDP, ICMP, and non-IP byte counts since the start of the monitor. The IP, TCP, UDP, and ICMP counts include only the IP datagram header and data, not the data-link headers. The non-IP count includes the data-link headers.

NoteTechnical note: IP Forwarding and Masquerading
 

Previous versions of IPTraf issued a warning if the kernel had IP masquerading enabled due to the way the kernel masqueraded and translated the IP addresses. The new kernels no longer do it as before and IPTraf now gives output properly on masquerading machines. The -q parameter is no longer required to suppress the warning screen.

On forwarding (non-masquerading) machines packets and TCP connections simply appear twice, one each for the incoming and outgoing interfaces if all interafaces are being monitored.

On masquerading machines, packets and connections from the internal network to the external network also appear twice, one for the internal and external interface. Packets coming from the internal network will be indicated as coming from the internal IP address that sourced them, and also as coming from the IP address of the external interface on your masquerading machine. In much the same way, packets coming in from the external network will look like they're destined for the external interface's IP address, and again as destined for the final host on the internal network.

Closed/Idle/Timed Out Connections

A TCP connection entry that closes, gets reset, or stays idle too long normally gets replaced with new connections. However, if there are too many of these, active connections may become interspersed among closed, reset, or idle entries.

IPTraf can be set to automatically remove all closed, reset, and idle entries with the TCP closed/idle persistence... configuration option. You can also press the F key to immediately clear them at any time.

NoteNote
 

The TCP timeout... option only tells IPTraf how long it should take before a connection should be considered idle and open to replacement by new connections. This does not determine how long it remains on-screen. The TCP closed/idle persistence... parameter flushes entries that have been idle for the number of minutes defined by the TCP timeout... option.

Sorting TCP Entries

The TCP connection entries can be sorted by pressing the S key, then by selecting a sort criterion. Pressing S will display a box showing the available sort criteria. Press P to sort by packet count, B to sort by byte count. Pressing any other key cancels the sort.

The sort operation compares the larger values in each connection entry pair and sorts the counts in descending order.

Over time, the entries will go out of order as counts proceed at varying rates. Sorting is not done automatically so as not to degrade performance and accuracy.

Figure 2. The IP traffic monitor sort criteria

<<< PreviousHomeNext >>>
Supported Network Interfaces Lower Window
iptraf-3.0.0/Documentation/lowerwin.html0100644000000000000000000003306710274340275017060 0ustar rootroot Lower Window
IPTraf User's Manual
<<< PreviousThe IP Traffic MonitorNext >>>

Lower Window

The lower window displays information about the other types of traffic on your network. The following protocols are detected internally:

  • User Datagram Protocol (UDP)

  • Internet Control Message Protocol (ICMP)

  • Open Shortest-Path First (OSPF)

  • Interior Gateway Routing Protocol (IGRP)

  • Interior Gateway Protocol (IGP)

  • Internet Group Management Protocol (IGMP)

  • General Routing Encapsulation (GRE)

  • Layer 2 Tunneling Protocol (L2TP)

  • IPSec AH and ESP protocols (IPSec AH and IPSec ESP)

  • Address Resolution Protocol (ARP)

  • Reverse Address Resolution Protocol (RARP)

Other IP protocols are looked up from the /etc/services file. If /etc/services doesn't contain information about that protocol, the protocol number is indicated.

Non-IP packets are indicated as Non-IP in the lower window.

NoteNote
 

The source and destination addresses for ARP and RARP entries are MAC addresses.

Strictly speaking, ARP and RARP packets aren't IP packets, since they are not encapsulated in an IP datagram. They're just indicated because they are integral to proper IP operation on LANs.

For all packets in the lower window, only the first IP fragment is indicated (since that contains the header of the IP-encapsulated protocol) but with no further information from the encapsulated protocol.

UDP packets are also displayed in address:port format while ICMP entries also contain the ICMP message type. For easier location, each type of protocol is color-coded (only on color terminals such as the Linux console).

UDP

Red on White

ICMP

Yellow on Blue

OSPF

Black on Cyan

IGRP

Bright white on Cyan

IGP

Red on Cyan

IGMP

Bright green on Blue

GRE

Blue on white

ARP

Bright white on Red

RARP

Bright white on Red

Other IP

Yellow on red

Non-IP

Yellow on Red

The lower window can hold up to 512 entries. You can scroll the lower window by using the W key to move the Active indicator to it, and by using the Up and Down cursor keys. The lower window automatically scrolls every time a new entry is added, and either the first entry or last entry is visible. Upon reaching 512 entries, old entries are thrown out as new entries are added.

Some entries may be too long to completely fit in a screen line. You can use the Left and Right cursor keys to vertically scroll the lower window when it is marked Active. If your terminal can be resized (e.g. xterm), you may do so before starting IPTraf.

Entries for packets received on LAN interfaces also include the source MAC address of the LAN host which delivered it. This behavior is enabled by turning on the Source MAC addrs in traffic monitor toggle in the Configure... menu.

Entry Details

In general, the entries in the lower window indicate the protocol, the IP datagram size (full frame size for non-IP, including ARP and RARP), the source address, the destination address, and the network interface the packet was detected on. However, some protocols have a little more information.

ICMP

ICMP entries are displayed in this format:

ICMP type [(subtype)] (size bytes) from source to destination
[(src HWaddr srcMACaddress)] on interface

where type could be any of the following:

echo req, echo rply

ICMP echo request and reply. Usually used by the ping program and other network monitoring and diagnostic program.

dest unrch

ICMP destination unreachable. Something failed to reach its target. The dest unreach type is supplemented with a further indicator of the problem. Destination unreachable messages for TCP traffic causes the corresponding TCP entry in the upper window to be made available for reuse by new connections.

redirct

ICMP redirect. Usually generated by a router to tell a host that a better gateway is available.

src qnch

The ICMP source quench is used to stop a host from transmitting. It's a flow control mechanism for IP.

time excd

Indicates a packet's time-to-live value expired before it got to its destination. Mostly happens if a destination is too far away. Also used by the traceroute program.

router adv

ICMP router advertisement

router sol

ICMP router solicitation

timestmp req

ICMP timestamp request

timestmp rep

ICMP timestamp reply

info req

ICMP information request

info rep

ICMP information reply

addr mask req

ICMP address mask request

addr mask rep

ICMP address mask reply

param prob

ICMP parameter problem

bad/unknown

An unrecognized ICMP packet was received, or the packet is corrupted.

The destination unreachable message also includes information on the type of error encountered. Here are the destination unreachable codes:

ntwk

network unreachable

host

host unreachable

proto

protocol unreachable

port

port unreachable

pkt fltrd

packet filtered (normally by an access rule on a router or firewall)

DF set

the packet has to be fragmented somewhere, but its don't fragment (DF) bit is set.

src rte fail

source route failed

src isltd

source isolated (obsolete)

net comm denied

network communication denied

host comm denied

host communication denied

net unrch for TOS

network unreachable for specified IP type-of-service

host unrch for TOS

host unreachable for specified IP type-of-service

prec violtn

precedence violation

prec cutoff

precedence cutoff

dest net unkn

destination network unknown

dest host unkn

destination network unknown

For more information on ICMP, see RFC 792.

OSPF

OSPF messages also include a little more information. The format of an OSPF message in the window is:

OSPF type (a=area r=router) (sizebytes) from source to destination
[(src HWaddr srcMACaddress)] on interface

The type can be one of the following:

hlo

OSPF hello. Hello messages establish OSPF communications and keep routers informed of each other's presence.

DB desc

OSPF Database Description

LSR

OSPF Link State Request

LSU

OSPF Link State Update. Messages indicating the states of the OSPF network links

LSA

OSPF Link State Acknowledgment

The entries in parentheses:

a=area

The area number of the OSPF message

r=router

The IP address of the router that generated the message. It is not necessarily the same as the source address of the encapsulating IP packet.

Many times, the destination addresses for OSPF packets are class D multicast addresses in standard dotted decimal notation or (if reverse lookup is enabled), hosts under the MCAST.NET domain. Such multicast addresses are defined as follows:

224.0.0.5 (OSPF-ALL.MCAST.NET)

OSPF all routers

224.0.0.6 (OSPF-DSIG.MCAST.NET)

OSPF all designated routers

See RFC 1247 for details on the OSPF protocol.

<<< PreviousHomeNext >>>
The IP Traffic MonitorUpAdditional Information
iptraf-3.0.0/Documentation/x1077.html0100644000000000000000000000572610274340275016001 0ustar rootroot Additional Information
IPTraf User's Manual
<<< PreviousThe IP Traffic MonitorNext >>>

Additional Information

When started from the main menu and logging is enabled, the IP traffic monitor prompts you for a log file name. The default name is ip_traffic-n.log (where n is what instance of the traffic monitor this is (1, 2, 3, and so on). (e.g. if this is the first instance, the default file name will be ip_traffic-1.log.)

When started with the -i parameter, the log filename can be specified with the -L parameter. See the Command-line Parameters section above for more information.

On busy networks, the display may become cluttered with traffic you're not interested in. To control the traffic monitor's output, you can apply a filter. See Chapter 7, Filters for more information on IPTraf's filters.

At any time, you can press X or Q to return to the main menu (or back to the shell if the monitor was started with iptraf -i).

<<< PreviousHomeNext >>>
Lower WindowUpNetwork Interface Statistics
iptraf-3.0.0/Documentation/netstats.html0100644000000000000000000001035410274340276017052 0ustar rootroot Network Interface Statistics
IPTraf User's Manual
<<< PreviousNext >>>

Network Interface Statistics

There are two network interface statistics facilities: the general interface statistics, which displays a statistical summary of all attached interfaces, and the detailed interface statistics, which shows more statistical and load information about a single selected interface.

General Interface Statistics

The second menu option displays a list of attached network interfaces, and some general packet counts. Specifically, it displays counts of IP, non-IP, and bad IP packets (packets with IP checksum errors). It also includes an activity indicator, which shows the number of kilobits and packets the interface sees per second. All figures are for incoming and outgoing packets. (Again, considering promiscuous mode for LAN interfaces, which simply causes the machine to intercept all packets). This is useful for general monitoring of all attached interfaces. If byte counts and additional information are needed for a specific interface, the Detailed interface statistics option is also available.

The activity indicators can be toggled between kbits/s and kbytes/s with the Activity mode configuration option.

The general statistics window will dynamically add new entries as packets from newly-created interfaces (e.g. new PPP interfaces) are intercepted. Long lists can be scrolled with the Up, Down, PgUp, and PgDn keys.

This monitor is affected by IPTraf's filters as described in Chapter 7.

Copies of the statistics are written to the log file iface_stats_general.log at regular intervals if logging is enabled. See the Logging option int the Configuration chapter.

This facility can be started directly from the command line with the -g option to the iptraf command. When started from the command line, the log filename and log interval can be specified with the -L and -I parameters respectively. See the Command-line Parameters section above for more information.

Figure 1. The general interface statistics screen

You can press X or Q to return to the main menu.

<<< PreviousHomeNext >>>
Additional Information Detailed Interface Statistics
iptraf-3.0.0/Documentation/detstats.html0100644000000000000000000001633210274340276017042 0ustar rootroot Detailed Interface Statistics
IPTraf User's Manual
<<< PreviousNetwork Interface StatisticsNext >>>

Detailed Interface Statistics

The third menu option displays packet statistics for any selected interface. It provides basically the same information as the General interface statistics option, with additional details. This facility provides the following information:

  • Total packet and byte counts

  • IP packet and byte counts

  • TCP packet and byte counts

  • UDP packet and byte count

  • ICMP packet and byte counts

  • Other IP-type packet and byte counts

  • Non-IP packet and byte counts

  • Checksum error count

  • Interface activity

  • Broadcast packet and byte counts

All IP byte counts (IP, TCP, UDP, ICMP, other IP) include IP header data and payload. The data link header is not included. The full frame length (including data-link header) is included in the non-IP and Total byte count. All data-link headers are also included in the Total byte counts.

Figure 2. The detailed interface statistics screen

The upper portion of the screen contains the packet and byte counts for all IP and non-IP packets intercepted on the interface. The lower portion contains the total, incoming, and outgoing interface data rates.

This facility also displays incoming and outgoing counts and data rates. The packet size breakdown in versions prior to 2.0.0 has been moved to its own facility under Statistical breakdowns.../By packet size as described in Chapter 5.

An outgoing packet is one that exits your interface, regardless of whether it originated from your machine or came from another machine and was routed through yours. An incoming packet is one that enters your interface, either addressed to you directly, broadcast, multicast, or captured promiscuously.

The rate indicators can be set to display kbits/s or kbytes/s with the Activity mode configuration option.

NoteNote
 

Buffering and some other factors may affect the data rates, notably the outgoing rate, causing it to reflect a higher figure than the actual rate at which the interface is sending.

The figures are logged at regular intervals if logging is enabled. The default log file name at the prompt is iface_stats_detailed-iface.log where iface is the selected interface for this session (for example, iface_stats_detailed-eth0.log).

If you wish to start this facility directly from the command line, you can specify the -d parameter and an interface to monitor. For example,

iptraf -d eth0

starts the statistics for eth0. The interface must be specified, or IPTraf will not start the facility.

When started from the command line, the log filename and log interval can be specified with the -L and -I parameters respectively. See the Command-line Parameters section above for more information.

NoteNote
 

In both the general and detailed statistics screens, as well as in the IP traffic monitor, the packet counts are for actual network packets (layer 2), not the logical IP packets (layer 3) that may be reconstructed after fragmentation. That means, if a packet was fragmented into four pieces, and these four fragments pass over your interface, the packet counts will indicate four separate packets.

The figure for the IP checksum errors is a packet count only, because the corrupted IP header cannot be relied upon to give a correct IP packet length value.

This facility's output is also affected by IPTraf's filters. See Chapter 7 for more information on filters.

Pressing X or Q takes you back to the main menu (if this facility was started with the command-line option, X or Q drops you back to the shell).

<<< PreviousHomeNext >>>
Network Interface StatisticsUpStatistical Breakdowns
iptraf-3.0.0/Documentation/statbreakdowns.html0100644000000000000000000000765110274340276020246 0ustar rootroot Statistical Breakdowns
IPTraf User's Manual
<<< PreviousNext >>>

Statistical Breakdowns

Statistical breakdowns contain two facilities that break down traffic counts by either packet size or TCP/UDP port.

Packet Sizes

The packet size breakdown facility used to be incorporated into the detailed interface statistics. It has since been moved to its own facility. It is entered by selecting Statistical Breakdowns/By packet size.

The packet size breakdown takes the interface's Maximum Transmission Unit (MTU) size and divides it into 20 brackets, each bracket containing a range of sizes. As a packet is captured, its size is determined and the appropriate bracket is incremented.

This facility provides an idea as to the packet sizes passing over your network, and can aid in network (re)design decisions.

Figure 1. The packet size statistical breakdown

If logging is enabled, copies of the statistics are written at regular intervals to a log file. The default log file name is packet_size-iface.log where iface is the selected interface for this session (for example, packet_size-eth0.log).

IPTraf's filters do not affect this facility.

The packet size breakdown can also be invoked straight from the command line by specifying the -z iface parameter. The interface parameter is required. For example, this command runs the facility on interface eth0.

iptraf -z eth0

When started from the command line, the log filename and log interval can be specified with the -L and -I parameters respectively. See the Command-line Parameters section above for more information.

To exit, press X or Ctrl+X.

<<< PreviousHomeNext >>>
Detailed Interface Statistics TCP and UDP Traffic Statistics
iptraf-3.0.0/Documentation/servmon.html0100644000000000000000000001422310274340276016675 0ustar rootroot TCP and UDP Traffic Statistics
IPTraf User's Manual
<<< PreviousStatistical BreakdownsNext >>>

TCP and UDP Traffic Statistics

IPTraf also includes a facility that generates statistics on TCP and UDP traffic. This facility displays counts of all TCP and UDP packets with source or destination ports numbered less than 1024. Ports 1 to 1023 are reserved for the TCP/IP application protocols (well-known ports).

Figure 2. The TCP/UDP service monitor

The statistics window indicates the protocol (TCP or UDP), the port number, the total packets and bytes counted for this particular protocol/port combination, the packets and bytes destined for that protocol and port, and the packets and bytes coming from that protocol and port.

Byte counts include the IP header and payload only. The data link header is not included.

The protocol/port indicators are color-coded for easier identification on color terminals. TCP indicators are in yellow, UDP in bright green.

Some network applications or protocols may use port numbers higher than 1023. Examples of these include application proxy servers (HTTP proxy servers typically use values like 8000, 8080, 8888, and the like), and IRC (IRC servers commonly accept connections on ports 6660 to 6669). These ports are by default not included in the counts. If you do want to include a higher-numbered port in the statistics, you can add them yourself from the Configure.../Additional ports... menu item. See the section below.

If logging is enabled, The statistics are also written to a log file (the default name is tcp_udp_services-iface.log, where iface is the selected interface (for example, tcp_udp_services-eth0.log).

IPTraf computes the total, incoming, outgoing, and data rates of the protocol currently indicated by the facility's highlight bar. The data rates are indicated at the bottom of the screen. If logging is enabled, the average data rates since the start of the facility are placed in the log file.

The Up and Down cursor keys move the highlight bar. Pressing X or Ctrl+X exits and returns to the main menu (or the shell if it was started from the command line).

Sorting TCP/UDP Entries

Pressing the S key brings up a window which allows you to select the field by which the entries will be sorted. You can press R to sort by port, P to sort by total packets, B to sort by total bytes, T to sort by incoming packets (packets to), O to sort by incoming bytes (bytes to), F to sort by outgoing packets (packets from) and M to sort by outgoing bytes (bytes from). Pressing any other key cancels the sort.

Port numbers are sorted in ascending order (least first) but statistics are sorted in descending order (largest counts first).

As with the IP traffic monitor, sorting is performed only with this sequence. Automatic sorting is not performed so as not to affect performance.

Figure 3. The TCP/UDP monitor's sort criteria

Additional Information

IPTraf's filters affect the output of this facility. See Chapter 7, Filters for more information about filters.

If you wish to start this facility from the command line, you can use the -s option followed by an interface to monitor. For example,

iptraf -s eth0

brings up this module for traffic on eth0. The interface must be specified, or IPTraf will drop back to the shell.

When started from the command line, the log filename and log interval can be specified with the -L and -I parameters respectively. See the Command-line Parameters section above for more information.

<<< PreviousHomeNext >>>
Statistical BreakdownsUpLAN Station Statistics
iptraf-3.0.0/Documentation/hostmon.html0100644000000000000000000001121110274340276016665 0ustar rootroot LAN Station Statistics
IPTraf User's Manual
<<< PreviousNext >>>

LAN Station Statistics

The LAN station monitor (Ethernet station monitor on versions prior to 1.3.0) discovers MAC addresses and displays statistics on the number of incoming, and outgoing packets. It also includes figures for incoming and outgoing kilobits per second for each discovered station.

The entry above each line of statistics is the station's LAN type (Ethernet, PLIP, Token Ring, or FDDI) and the hardware MAC address. Each statistics line consists of the following information:

  • Total packets incoming

  • IP packets incoming

  • Total bytes incoming

  • Incoming rate

  • Total packets outgoing

  • IP packets outgoing

  • Total bytes outgoing

  • Outgoing rate

The byte counts include the data link header. The activity indicators can be set to display kbits/s or kbytes/s with the Activity mode configuration option.

This facility works only for Ethernet, PLIP, Token Ring, and FDDI frames. Loopback. ISDN, and SLIP/PPP networks are not monitored here.

Figure 1. The LAN station monitor

Copies of the statistics are written to a log file at regular intervals if logging is enabled. The default log file name is lan_statistics-n.log, where n is the instance number of this facility (for example, if this is the first instance, the generated default log file name is lan_statistics-1.log).

Sorting the LAN Station Monitor Entries

Press S to sort the entries. A box will pop up and display the keys you can press to select the field by which the entries will be sorted. Press P to sort by total incoming packets, I to sort by incoming IP packets, B to sort by total incoming bytes, K to sort by total outgoing packets, O to sort by outgoing IP packets, and Y to sort by total outgoing bytes. Pressing any other key cancels the sort.

Figure 2. The LAN station monitor's sort criteria

When started from the command line, the log filename and log interval can be specified with the -L and -I parameters respectively. See the Command-line Parameters section above for more information.

<<< PreviousHomeNext >>>
TCP and UDP Traffic Statistics Additional Information
iptraf-3.0.0/Documentation/morelanmoninfo.html0100644000000000000000000000411310274340276020224 0ustar rootroot Additional Information
IPTraf User's Manual
<<< PreviousLAN Station StatisticsNext >>>

Additional Information

The window can be scrolled with the Up and Down cursor keys. Press X or Q to return to the main menu (or the shell if this facility was started with the -l command-line option).

The output of this facility is affected by any applied IPTraf filter.

<<< PreviousHomeNext >>>
LAN Station StatisticsUpFilters
iptraf-3.0.0/Documentation/filters.html0100644000000000000000000011744410274340276016665 0ustar rootroot Filters
IPTraf User's Manual
<<< PreviousNext >>>

Filters

Filters are used to control the information displayed by all facilities. You may want to view statistics only on particular traffic so you must restrict the information displayed. The filters also apply to logging activity.

The IPTraf filter management system is accessible through the Filters... submenu.

Figure 1. The Filters submenu

IP Filters

The Filters/IP... menu option allows you to define a set of rules that determine what IP traffic to pass to the monitors. Selecting this option pops up another menu with the tasks used to define and apply custom IP filters.

Figure 2. The IP filter menu

Defining a New Filter

A freshly installed program will have no filters defined, so before anything else, you will have to define a filter. You can do this by selecting the Define new filter... option.

Selecting this option displays a box asking you to enter a short description of the filter you are going to define. Just enter any text that clearly identifies the nature of the filter.

Figure 3. The IP filter name dialog

Press Enter when you're done with that box. As an alternative, you can also press Ctrl+X to cancel the operation.

The Filter Rule Selection Screen

After you enter the filter's description, you will be taken to a blank rule selection box. At this screen you manage the various rules you define for this filter. You can opt to insert, append, edit, or delete rules.

Figure 4. The filter rule selection screen. Selecting an entry displays that set for editing

Any rules defined will appear here. You will see the source and destination addresses, masks and ports (long addresses and masks may be truncated) and whether this rule includes or excludes matching packets.

Between the source and destination parameters is an arrow that indicates whether the rule matches packets (single-headed) only exactly or whether it matches packets flowing in the opposite direction (double-headed).

At this screen, press I to insert at the current position of the selection bar, A to append a rule to the end of the list, Enter to edit the highlighted rule and D to delete the selected rule. With an empty list, A or I can be used to add the first rule.

To add the first rule, press A or I. You will then be presented with a dialog box that allows you to enter the rule's parameters.

Entering Filter Rules

You can enter addresses of individual hosts, networks, or a catch-all address. The nature of the address will be determined by the wildcard mask.

You'll notice two sets of fields, marked Source and Destination. You fill these out with the information about your source and targets.

Fill out the host name or IP address of the hosts or networks in the first field marked Host name/IP Address. Enter it in standard dotted-decimal notation. When done, press Tab to move to the Wildcard mask field. The wildcard mask is similar but not exactly identical to the standard IP subnet mask. The wildcard mask is used to determine which bits to ignore when processing the filter. In most cases, it will work very closely like a subnet mask. Place ones (1) under the bits you want the filter to recognize, and keep zeros (0) under the bits you want the filter to ignore. For example:

To recognize the host 207.0.115.44

IP address207.0.115.44
Wildcard mask255.255.255.255

To recognize all hosts belonging to network 202.47.132.x

IP address202.47.132.0
Wildcard mask255.255.255.0

To recognize all hosts with any address:

IP address0.0.0.0
Wildcard mask0.0.0.0

The IP address/wildcard mask mechanism of the display filter doesn't recognize IP address class. It uses a simple bit- pattern matching algorithm.

The wildcard mask also does not have to end on a byte boundary; you may mask right into a byte itself. For example, 255.255.255.224 masks 27 bits (255 is 11111111, 224 is 11100000 in binary).

IPTraf also accepts host names in place of the IP addresses. IPTraf will resolve the host name when the filter is loaded. When the filter is interpreted, the wildcard mask will also be applied. This can be useful in cases where a single host name may resolve to several IP addresses.

TipTip
 

See the Linux Network Administrator's Guide if you need more information on IP addresses and subnet masking.

TipTip
 

IPTraf allows you to specify the wildcard mask in Classless Interdomain Routing (CIDR) format. This format allows you to specify the number of 1-bits that mask the address. CIDR notation is the form address/bits where the address is the IP address or host name and bits is the number of 1-bits in the mask. For example, if you want to mask 10.1.1.0 with 255.255.255.0, note that 255.255.255.0 has 24 1-bits, so instead of specifying 255.255.255.0 in the wildcard mask field, you can just enter 10.1.1.0/24 in the address field. IPTraf will translate the mask bits into an appropriate wildcard mask and fill in the mask field the next time you edit the filter rule.

If you specify the mask in CIDR notation, leave the wildcard mask fields blank. If you fill them up, the wildcard mask fields will take precedence.

The Port fields should contain a port number or range of any TCP or UDP service you may be interested in. If you want to match only a single port number, fill in the first field, while leaving the second blank or set to zero. Fill in the second field if you want to match a range of ports (e.g. 80 to 90). Leave the first field blank or set to zero to let the filter ignore the ports altogether. You will most likely be interested in target ports rather than source ports (which are usually unpredictable anyway, perhaps with the exception of FTP data).

Non-TCP and non-UDP packets are not affected by these fields, and these are used only when filtering TCP or UDP packets.

Fill out the second set of fields with the parameters of the opposite end of the connection.

TipTip
 

Any address or mask fields left blank default to 0.0.0.0 while blank Port fields default to 0. This makes it easy to define filter rules if you're interested only in either the source or destination, but not the other. For example, you may be interested in traffic originating from network 61.9.88.0, in which case you just enter the source address, mask and port in the Source fields, while leaving the Destination fields blank.

The next fields let you specify which IP-type protocols you want matched by this filter rule. Any packet whose protocol's corresponding field is marked with a Y is matched against the filter's defined IP addresses and ports, otherwise they don't pass through this filter rule.

If you want to evaluate all IP packets just mark with Y the All IP field.

For example, if you want to see only all TCP traffic, mark the TCP field with Y.

The long field marked Additional protocols allows you to specify other protocols by their IANA number. (You can view the common IP protocol number in the /etc/protocols file). You can specify a list of protocol numbers or ranges separated by commas, Ranges have the beginning and ending protocol numbers separated with a hyphen.

For example, to see the RSVP (46), IP mobile (55), and protocols (101 to 104), you use an entry that looks like this:

46, 55, 101-104

It's certainly possible to specify any of the protocols listed above in this field. Entering 1-255 is functionally identical to marking All IP with a Y.

The next field is marked Include/Exclude. This field allows you to decide whether to include or filter out matching packets. Setting this field to I causes the filter to pass matching packets, while setting it to E causes the filter to drop them. This field is set to I by default.

The last field in the dialog is labeled Match opposite. When set to Y, the filter will match packets flowing in the opposite direction. Previous versions of IPTraf used to match TCP packets flowing in either direction, so the source and destination address/mask/port combinations were actually interchangeable. Starting with IPTraf 3.0, when filters extended to more than just the IP traffic monitor, this behavior is no longer the default throughout IPTraf except in the IP traffic monitor's TCP window.

NoteNote
 

For TCP packets, this field is used in all facilities except the IP traffic monitor. Because the IP traffic monitor must capture TCP packets in both directions to properly determine a closed connection, the filter automatically matches packets in the opposite direction, regardless of this field's setting. However iin all other facilities, automatic matching of the reverse packets is not performed unless you set this field to Y.

Filters for UDP and other IP protocols do not automatically match packets in the opposite direction unless you set the field to Y, even in the IP traffic monitor.

Press Enter to accept all parameters when done. The parameters will be accepted and you'll be taken back to the rule selection box. You can then add more rules by pressing A or you can insert new rules at any point by pressing I. Should you make a mistake, you can press Enter to edit the selected filter. You may enter as many sets of parameters as you wish. Press Ctrl+X when done.

NoteNote
 

Because of the major changes in the filtering system since IPTraf 2.7, old filters will no longer work and will have to be redefined.

Figure 5. The IP filter parameters dialog

Examples

To see all traffic to/from host 202.47.132.1 from/to 207.0.115.44, regardless of TCP port

Host name/IP Address202.47.132.2207.0.115.44
Wildcard mask255.255.255.255255.255.255.255
Port00
ProtocolsTCP: Y 
Include/ExcludeI 
Match oppositeY 

To see all traffic from host 207.0.115.44 to all hosts on network 202.47.132.x

Host name/IP Address207.0.115.44202.47.132.0
Wildcard mask255.255.255.255255.255.255.0
Port00
ProtocolsAll IP: Y 
Include/ExcludeI 
Match oppositeN 

To see all Web traffic (to and from port 80) regardless of source or destination

Host name/IP Address0.0.0.00.0.0.0
Wildcard mask0.0.0.00.0.0.0
Port800
ProtocolsTCP: Y 
Include/ExcludeI 
Match oppositeY 

To see all IRC traffic from port 6666 to 6669

Host name/IP Address0.0.0.00.0.0.0
Wildcard mask0.0.0.00.0.0.0
Port06666 to 6669
ProtocolsTCP: Y 
Include/ExcludeI 
Match oppositeY 

To see all DNS traffic, (TCP and UDP, destination port 53) regardless of source or destination

Host name/IP Address0.0.0.00.0.0.0
Wildcard mask0.0.0.00.0.0.0
Port053
ProtocolsTCP: Y UDP: Y 
Include/ExcludeI 
Match oppositeY 

To see all mail (SMTP) traffic to a single host (202.47.132.2) from anywhere

Host name/IP Address0.0.0.0202.47.132.2
Wildcard mask0.0.0.0255.255.255.255
Port025
ProtocolsTCP: Y 
Include/ExcludeI 
Match oppositeN 

To see traffic from from/to host sunsite.unc.edu to/from cebu.mozcom.com

Host name/IP Addresssunsite.unc.educebu.mozcom.com
Wildcard mask255.255.255.255255.255.255.255
Port00
ProtocolsAll IP: Y 
Include/ExcludeI 
Match oppositeY 

To omit display of traffic to/from 140.66.5.x from/to anywhere

Host name/IP Address140.66.5.00.0.0.0
Wildcard mask255.255.255.00.0.0.0
Port00
ProtocolsAll IP: Y 
Include/ExcludeE 
Match oppositeY 

You can enter as many parameters as you wish. All of them will be interpreted until the first match is found.

Excluding Certain Sites

Filters follow an implicit "no-match" policy, that is, only packets matching defined rules will be matched, others will be filtered out. This is similar to the access-list policy "whatever is not explicitly permitted is denied". If you want to show all traffic to/from everywhere, except certain places, you can specify the sites you wish to exclude, mark them with E in the Include/Exclude field, and define a general catch-all entry with source address 0.0.0.0, mask 0.0.0.0, port 0, and destination 0.0.0.0, mask 0.0.0.0, port 0, tagged with an I in the Include/Exclude field as the last entry.

For example:

To see all traffic except all SMTP (both directions), Web (both directions), and traffic (only) from 207.0.115.44

Host name/IP address0.0.0.00.0.0.0
Wildcard mask0.0.0.00.0.0.0
Port250
ProtocolsTCP: Y 
Include/ExcludeE 
Match oppositeY 
   
Host name/IP address0.0.0.0 0.0.0.0
Wildcard mask0.0.0.00.0.0.0
Port800
ProtocolsTCP: Y 
Include/ExcludeE 
Match oppositeY 
   
Host name/IP address207.0.115.440.0.0.0
Wildcard mask255.255.255.2550.0.0.0
Port00
ProtocolsAll IP: Y 
Include/ExcludeE 
Match oppositeN 
   
Host name/IP address0.0.0.00.0.0.0
Wildcard mask0.0.0.00.0.0.0
Port00
ProtocolsAll IP: Y 
Include/ExcludeI 
Match oppositeN 

TipTip
 

To filter out all TCP, define a filter with a single entry, with a source of 0.0.0.0 mask 0.0.0.0 port 0, and a destination of 0.0.0.0 mask 0.0.0.0 port 0, with the Include/Exclude field marked E (exclude). Then apply this filter.

Applying a Filter

The above steps only add the filter to a defined list. To actually apply the filter, you must select Apply filter... from the menu. You will be presented with a list of filters you already defined. Select the one you want to apply, and press Enter.

The applied filter stays in effect over exits and restarts of the IPTraf program until it is detached.

Editing a Defined Filter

Select Edit filter... to modify an existing filter. Once you select this option, you will be presented with the list of defined filters. Select the filter you want to edit by moving the selection bar and press Enter.

Edit the description if you wish. Pressing Ctrl+X at this point will abort the operation, and the filter will remain unmodified. Press Enter to accept any changes to the filter description.

After pressing Enter, you will see the filter's rules. To edit an existing filter rule, move the selection bar to the desired entry and press Enter. A prefilled dialog box will appear. Edit its contents as desired. Press Enter to accept the changes or Ctrl+X to discard.

You can add a new filter rule by pressing I to insert at the selection bar's current position. When you press I, you will be presented with a dialog box asking you to enter the new rule data. Pressing A results in a similar operation, except the rule will be appended as the last entry in the rule list.

Pressing D deletes the currently pointed entry.

Press X or Ctrl+X to end the edit and save the changes.

NoteNote
 

If you're editing the currently applied filter, you will need to re-apply the filter for the changes to take effect.

NoteNote
 

Be aware that the filter processes the rules in order. In other words, if a packet matches more than one rule, only the first matching rule is followed.

Deleting a Defined Filter

Select Delete filter... from the menu to remove a filter from the list. Just move the selection bar to the filter you want to delete, and press Enter.

Detaching a Filter

The Detach filter option deactivates the filter currently in use. Selecting this option causes all TCP traffic to be passed to the monitors.

When you're done with the menu, just select the Exit menu option.

<<< PreviousHomeNext >>>
Additional Information ARP, RARP, and other Non-IP Packet Filters
iptraf-3.0.0/Documentation/nonipfilters.html0100644000000000000000000000367610274340276017732 0ustar rootroot ARP, RARP, and other Non-IP Packet Filters
IPTraf User's Manual
<<< PreviousFiltersNext >>>

ARP, RARP, and other Non-IP Packet Filters

The Non-IP filter option toggles the display and logging of all non-IP packets, except ARP and RARP, which are toggled separately.

<<< PreviousHomeNext >>>
FiltersUpConfiguring IPTraf
iptraf-3.0.0/Documentation/config.html0100644000000000000000000002571310274340276016457 0ustar rootroot Configuring IPTraf
IPTraf User's Manual
<<< PreviousNext >>>

Configuring IPTraf

IPTraf can be easily configured with the Configure... item in the main menu. The configuration is stored in the /var/local/iptraf/iptraf.cfg file. If the file is not found, IPTraf uses the default settings. Any changes to the configuration immediately get stored in the configuration file.

Figure 1. The IPTraf configuration menu

Toggles

Reverse DNS Lookups

Activating reverse lookup causes IPTraf to find out the name of the hosts with the addresses in the IP packets. When this option is enabled, IPTraf's IP traffic monitor starts the rvnamed DNS lookup server to help resolve IP addresses in the background while allowing IPTraf to continue capturing packets.

This option is off by default.

TCP/UDP Service Names

This option, when on, causes IPTraf to display the TCP/UDP service names (smtp, www, pop3, etc.) instead of their numeric ports (25, 80, 110, etc). The number-to-name mappings will depend on the systems services database file (usually /etc/services). Should there be no corresponding service name for the port number, the numeric form will still be displayed.

This setting is off by default.

NoteNote
 

Reverse lookup and service name lookup take some time and may impact performance and increase the chances of dropped packets. Performance and results are best (albeit more cryptic) with both these settings off.

Force promiscuous

If this option is enabled, your LAN interfaces will capture all packets on your LAN. Using this option enables you to see all TCP connections and packets passing your LAN segment, even if they're not from or for your machine. When this option is active in the statistics windows, the Activity indicators will show a good estimate of the load on your LAN segment.

When this option is disabled, you'll only receive information about packets coming from and entering your machine.

The setting of this option affects all LAN ( Ethernet, FDDI, some Token Ring) interfaces on your machine, if you have more than one.

The interface's promiscuous flag is set only when a facility is started, and turned off when it exits. However, if promiscuous mode was already set when a facility was started, it remains set on exit.

If multiple instances of IPTraf are started, the promiscuous setting is restored only upon exit of the last facility.

NoteNote
 

Do not use other programs that change the interface's promiscuous flag at the same time you're using IPTraf. The programs can interfere with each other's expected operations. While IPTraf tries to obtain the initial setting of any promiscuous flags for restoration upon exit, other programs may not be as well-behaved, and they may turn off the promiscuous flags while IPTraf is still monitoring.

Color

Turn this on with color monitors. Turn it off with black-and- white monitors or non-color terminals (like xterms). Changes to this setting will take effect the next time the program is started.

Color is on by default on consoles and color xterms, off on non-color terminals like xterms and VT100s.

Logging

When this option is active, IPTraf will log information to a disk file, which can be examined or analyzed later. Since IPTraf 2.4.0, IPTraf prompts you for the name of the file to which to write the logs. It will provide a default name, which you are free to accept or change. The IP traffic monitor and LAN station monitor will generate a log file name that is based on what instance they are (first, second, and so on). The general interface statistics' default log file name is constant, because it listens to all interfaces at once, and only one instance can run at one time.

The other facilities generate a log file name based on the interface they're listening on.

See the descriptions on the facilities above for the default log file names.

Press Enter to accept the log file name, or Ctrl+X to cancel. Canceling will turn logging off for that session.

The IP traffic monitor will write the following pieces of information to its log file:

  • Start of the traffic monitor

  • Receipt of the first TCP packet for a connection. If that packet is a SYN, (SYN) will be indicated in the log entry. (Of course, the traffic monitor may start in the middle of established connections. It will still count those packets. This also explains why some connection entries may become idle if the traffic monitor is started in the middle of a half-closed connection, and miss the first FIN. Such entries time out in a while.)

  • Receipt of a FIN (with average flow rate)

  • ACK of a FIN

  • Timeouts of TCP entries (with average flow rate)

  • Reset connections (with average flow rate)

  • Everything that appears in the bottom window of the traffic monitor

  • Stopping of the traffic monitor

Each log entry includes the date and time the entry was written. Logging is also affected by the defined filters.

Log files can grow very fast, so be prepared with plenty of free space and delete unneeded logs. Log write errors are not indicated.

Copies of the interface statistics, TCP/UDP statistics, packet size statistics, and LAN host statistics are also written to the log files at regular intervals. See Log Interval... in this chapter.

IPTraf closes and reopens the active log file when it receives a USR1 signal. This is useful in cases where a facility is run for long periods of time but the log files have to be cleared or moved.

To clear or move an active log file, rename it first. IPTraf will continue to write to the file despite the new name. Then use the UNIX kill command to send the running IPTraf process a USR1 signal. IPTraf will then close the log file and open another with the original name. You can then safely remove or delete the renamed file.

Do not delete an open log file. Doing so will only result in a file just as large but filled with null characters (ASCII code 0).

Logging comes disabled by default. The USR1 signal is caught only if logging is enabled, it is ignored otherwise.

A valid specification of -L on the command line with automatically enable logging for that particular session. The saved configuration setting is not affected.

Activity mode

Toggles activity indicators in the interface and LAN statistics facilities between kilobits per second (kbits/s) or kilobytes per second (kbytes/s).

The default setting is kilobits per second.

Source MAC addrs in traffic monitor

When enabled, the IP traffic monitor retrieves the packets' source MAC addresses if they came in on an Ethernet, FDDI, or PLIP interface. The addresses appear in the lower window for non-TCP packets, while for TCP connections, they can be viewed by pressing M.

No such information is displayed if the network interface doesn't use MAC addresses (such as PPP interfaces).

This can be used to determine the actual source of the packets on your local LAN.

The traffic monitor also logs the MAC addresses with this option enabled. The default setting is off.

<<< PreviousHomeNext >>>
ARP, RARP, and other Non-IP Packet Filters Timers
iptraf-3.0.0/Documentation/timers.html0100644000000000000000000001471310274340276016513 0ustar rootroot Timers
IPTraf User's Manual
<<< PreviousConfiguring IPTrafNext >>>

Timers

The Timers... submenu allows you to IPTraf's interval and timeout functions.

Figure 2. The Timers configuration submenu

TCP Timeout

This figure determines the amount of time (in minutes) a connection entry may remain idle before it becomes eligible for replacement by a new connection. The default is 15 minutes. You may want to reduce this on an isolated (not connected to the Internet) LAN or a LAN connected to the Internet with high-speed links. Just enter the new value and press Enter. You can press Ctrl+X to leave the current value unchanged.

Log Interval

This figure determines the number of minutes between logging of interface statistics, TCP/UDP figures, and LAN host statistics. The default is 60 minutes. This figure is meaningless if logging is disabled.

This configuration item can be overridden with the -I when a facility is directly invoked from the command line (not accessed via the main menu), and remains effective for that particular session. The configured value is not affected.

Screen Update Interval

This value determines the rate in seconds at which the screen is updated. The default is 0, which means the screen is updated as fast as possible, giving close-to-realtime reflection of network activity. However, this high-speed update can cause incredible amounts of traffic if IPTraf is run on a remote terminal (e.g. a Telnet or Secure Shell session). You can set this to a higher value, such as 1 or 2 seconds to slow down the updates.

This figure does not affect the rate of data capture. Only the screen refresh is affected. The figures are still updated as fast as possible, although the figure display will no longer be as close to realtime.

The default setting is 0, which shouldn't be a problem on the console. Set it to a slightly higher value on remote terminals or slow links. The setting affects all monitoring facilities.

NoteNote
 

Updating the screen is one of the slowest operations in a program. Older versions of IPTraf had a problem once network activity became very high. Because each packet caused a screen update, IPTraf began spending more time with the screen updates, causing a loss of packets once network activity reached a certain point.

However, since many users like rapid counts on their screen, a compromise was incorporated. Even when the screen update interval is set to 0, there is still a 50ms delay between screen updates (except the LAN station monitor, which has a 100 ms delay). This is still visually fast, but provides more time to the packet capture routine. Higher delays may result in better accuracy of counts and activity.

In any case, this setting only affects screen updates. Capture still proceeds as fast as possible.

TCP closed/idle persistence

This parameter determines the interval (in minutes) at which the IP Traffic Monitor clears from the TCP display window all closed, idle, and timed out entries. Enter 0 to keep such entries on the screen indefinitely, disappearing only when replaced by new connections.

NoteNote
 

The TCP timeout... option only tells IPTraf how long it should take before a connection should be considered idle and open to replacement by new connections. This does not determine how long it remains onscreen. The TCP closed/idle persistence... parameter flushes entries that have been closed or reset, or idle for the number of minutes defined by the TCP timeout... option.

<<< PreviousHomeNext >>>
Configuring IPTrafUpCustom Information
iptraf-3.0.0/Documentation/customports.html0100644000000000000000000001504510274340276017611 0ustar rootroot Custom Information
IPTraf User's Manual
<<< PreviousConfiguring IPTrafNext >>>

Custom Information

The remaining configuration items allow you to enter information which IPTraf uses for its displays and logs.

Additional ports

Select this item to enter a port number to be included in the TCP/UDP counts in the TCP/UDP service statistics main menu item described above. By default, port numbers above 1023 are not monitored. If you do have a higher-numbered port to monitor, enter it here.

You will see two fields. If you have only one port to enter, just fill up the first field. To specify a range, fill both fields, the first port in the first field, the last port in the second field.

You can select this option multiple times to add more values or ranges.

Delete port/range

Select this item to remove a higher-numbered port number or port range you entered earlier with the Additional ports... option. A window will come up containing the entered ports and ranges. Select the entry you want delete and press Enter.

LAN Station Identifiers

The LAN station statistics facility monitors stations based on their respective MAC addresses. The hexadecimal notation of these addresses make them even more difficult to remember than the dotted-decimal IP addresses, so these facilities were added to help you better determine which station is which.

Selecting the Ethernet/PLIP host descriptions... or FDDI/Token Ring host descriptions... options brings up a submenu asking you to add, edit, or delete descriptions.

To add a new description, select the Add description... option. A dialog box will appear, asking you for the MAC address and an appropriate description. Type in the address in hexadecimal notation with no punctuation of any kind. The dialog box is case-insensitive for the address; the alphabetical digits A to F will be stored in lowercase.

Use the Tab key to move between fields and Enter to accept. Press Ctrl+X to discard this dialog and return to the main menu.

The description may be anything: the IP address, a fully-qualified domain name, or a description of your liking as long as the field can hold.

Enter as many descriptions as you need. Press Ctrl+X at a blank dialog after you have entered the last entry

These descriptions will be displayed alongside the MAC addresses in the LAN station monitor, together with the type of frame (Ethernet, PLIP, or FDDI).

An existing address or description may be edited by selecting the Edit description... option from the submenu. A panel will appear with a list of existing address descriptions. Select the one you wish to edit and press Enter. A dialog box identical to that when you add a description will appear with prefilled fields. Just backspace over and edit the fields. Press Enter to accept or Ctrl+X to cancel.

Selecting the Delete description... submenu item brings up the selection panel. Select the description you want to delete and press Enter. You can also press Ctrl+X to cancel the operation.

IPTraf 2.4 and later also recognizes the /etc/ethers file. Should a hardware address be present in the IPTraf definition files and in /etc/ethers, the IPTraf definition will be used.

NoteNote
 

The description file for Ethernet and PLIP is ethernet.desc, while the FDDI and Token Ring mappings are stored in fddi.desc in the IPTraf working directory. These files are in colon-delimited text format. Database engines or custom scripts can be told to append data lines to those files. Each line follows this simple format:

address:description

For example

00201e457e:Cisco 3640 gateway

Do not put colons, periods, or any invalid characters in the MAC address.

<<< PreviousHomeNext >>>
TimersUpBackground Operation
iptraf-3.0.0/Documentation/backop.html0100644000000000000000000001053510274340277016446 0ustar rootroot Background Operation
IPTraf User's Manual
<<< PreviousNext >>>

Background Operation

IPTraf's facilities can be placed in the background solely for logging. When running in the background, it doesn't display any output on the screen, and doesn't receive input from the keyboard, and drops you back to the shell.

Before starting a statistical facility in the background, configure IPTraf in the usual way (set filters, add TCP/UDP ports, etc).

Once that's done, exit all instances of IPTraf on the system, then invoke IPTraf from the command line with the parameter to start the facility you want, the timeout (-t) parameter if you wish, and the -B parameter to actually daemonize the program. For example, to run the IP traffic monitor in the background for all interfaces, issue the command

iptraf -i all -B

To run the detailed interface statistics on interface eth0 for 5 minutes in the background:

iptraf -d eth0 -t 5 -B

If the timeout parameter is not specified, the facility will run until the process receives a USR2 signal. To stop a facility in the background, do a

ps x

at the command line, and find the process id (pid) of the iptraf process you're looking for. Then send that process a USR2 signal with the kill command:

kill -USR2 pid

Since IPTraf cannot send error messages to the terminal, all messages are written to the file daemon.log in the IPTraf logging directory.

The -B parameter automatically enables logging regardless of its configured setting. The parameter is ignored if not used with one of the parameters to start a facility from the command line.

The log file can be specified with the -L command-line parameter. If this parameter is not specified, the default log file name for the facility will be used (see the descriptions of the facilities above for the default log name patterns). If you don't specify an path, the log file will be placed in /var/log/iptraf.

The logging interval for all facilities (except the IP traffic monitor) can also be overriden with the -I command-line parameter.

<<< PreviousHomeNext >>>
Custom Information Messages
iptraf-3.0.0/Documentation/messages.html0100644000000000000000000005346310274340277017025 0ustar rootroot Messages
IPTraf User's Manual
<<< PreviousNext >>>

Messages

IPTraf's messages are presented in two ways. In interactive mode, messages are displayed in a distictive message box. In daemon (background) mode, appropriate messages are written to the iptraf.log file in the IPTraf log directory (normally /var/log/iptraf.

IPTraf Messages

Unable to create config file

IPTraf cannot create the configuration file. The most likely cause of this is that you didn't properly install the program, and the necessary directory /var/local/iptraf does not exist. Can also be generated if you have a disk problem or if you have too many files open.

Unable to read config file

The configuration record cannot be read. You most likely have a disk problem.

Unable to write config file

The configuration file cannot be written. You either have a disk problem, or (more likely), your disk is full.

Enter an appropriate description for this filter

Enter something to clearly describe the filter you are defining.

Error loading filter list file

IPTraf cannot access the list of defined TCP or UDP filters. Can also be an indicator of a bad disk.

Error writing filter list file

The filter list file cannot be written to. You may have trouble accessing your filters.

Unable to read TCP/UDP/misc IP filter file

IPTraf cannot read the filter data off the file. Could be caused by a bad disk.

Error opening filter data file

IPTraf cannot open the filter file. Could be caused by a shortage of file descriptors or a bad disk.

Unable to write filter data

IPTraf cannot add the newly defined filter to the filter list. This may be due to a bad disk.

Cannot create filter data file

IPTraf cannot create the filter record file. The defined filter is lost.

Unable to save filter changes

IPTraf cannot save the changes you made to the filter. You probably have a disk error.

Unable to write filter state information

The current state of the filters cannot be saved. IPTraf will be unable to correctly reload the filters the next time it's started. This can be caused by a bad disk or improper installation.

Unable to save interface flags

IPTraf was unable to save the flags of the network interfaces. This is probably due to a bad installation or full filesystem.

Unable to retrieve saved interface flags

IPTraf was unable to retrieve the save interface flags. Probably again due to a bad installation or full filesystem.

protocol filter data file in use; try again later

Filter state file in use; try again later

Another IPTraf process is modifying the TCP, UDP or miscellaneous IP filter data or the filter state file and has locked the files or file. Try again once the other IPTraf process has terminated or completed its modifications and unlocked the files.

Unable to resolve hostname

The indicated host name in the filter cannot be resolved into an IP address. Check the local hosts database /etc/hosts or your machine's DNS configuration or DNS server. The filter parameters will not be used.

Unable to open host description file

IPTraf cannot open the file containing the descriptions for Ethernet or FDDI addresses. Could be due to a bad disk or a hit on the file descriptor limit.

Unable to write host description

IPTraf was unable to write the description record for this Ethernet or FDDI address. Could be due to a bad disk or corrupted filesystem.

No descriptions

You tried to edit or delete a description with no previous descriptions defined.

Cannot open log file

There is a problem opening the log file. There is most likely a problem with the disk, or there are too many open files.

Unable to obtain interface list

IPTraf was unable to retrieve the list of network interfaces from the /proc filesystem. This may be due to a badly configured kernel. IPTraf needs /proc filesystem support.

No active interfaces. Check their status or the /proc filesystem.

IPTraf found no active interfaces. Either all interfaces are down or the /proc/net/dev file was empty or unavailable. Activate at least one interface or check the /proc/net/dev file.

Unable to obtain interface parameters for interface

The system call to retrieve the interface's flags failed. Check your interface or kernel driver.

Promisc change failed for interface

The system call to change the promiscuous flag failed. Check your interface or its kernel driver.

Unable to open raw socket for flag change

IPTraf was unable to open the necessary socket for the promiscuous change operation. May be due to a shortage of file descriptors.

Unable to open socket for MTU determination

Returned by the facility for detailed interface statistics if the raw socket's opening sequence failed. The facility will abort.

Unable to open raw socket

IPTraf was unable to open the raw socket for packet capture. May be due to a shortage of file descriptors.

NoteReminder
 

IPTraf 2.x.x requires Linux kernel 2.2.x, with the Packet Socket option compiled in or installed as a module. IPTraf 2.x will return this error on a pre-2.2 kernel or on a 2.2 kernel without Packet Socket.

Unable to obtain interface MTU

The detailed statistics facility was unable to obtain the maximum transmission unit (MTU) for the selected interface. The facility will abort.

Specified interface not supported

The interface specified with the -i, -d, -s, -l, or -z command-line parameters is not supported by IPTraf.

Specified interface not active

The interface specified with the -i, -d, -s, -l, or -z command-line parameters is supported, but not currently activated.

Fatal: memory allocation error

May occur if you have too little memory to allocate for windows, the menu system, or dialog boxes. IPTraf tries to prevent further allocations if memory runs out during a monitor. However, this could also mean a bug if you're reasonably sure you're not out of memory. An instructional message on bug reporting follows this message.

NoteTechnical note
 

This is actually a response to the segmentation fault error (SIGSEGV).

This program can be run only by the system administrator

IPTraf normally does not allow anybody but uid 0 (root) to run it. This measure is included for safety reasons. See the section on recompiling the program below if you want to override this. This feature is built in, and not part of the configuration

Your TERM variable is not set

The TERM (terminal type) environment variable must be set to a valid terminal type so that the screen management routines can function properly. Set it to the appropriate terminal type. Linux consoles typically have their TERM variables set to linux.

Received TERM signal

Not related to the previous message. The TERM (terminate) signal is normally used to gracefully shut down a program. This message simply indicates that the TERM signal was caught and IPTraf is attempting to shut down as gracefully as possible.

Invalid option or missing parameter, use iptraf -h for help

The -i, -d, -s, -l, or -z options were specified but no interface was specified on the command line. These parameters require a valid interface name (or all for -i or -l). This message also appears if an unknown option is passed to the iptraf command.

Warning: unable to tag this process

IPTraf normally tags itself when it runs to prevent multiple instances of the statistical facilities from running. This message means the program was unable to create the necessary tag file. This may be due to a bad or improper installation. Try running the make install procedure or the Setup in the distribution's top-level directory.

Warning: unable to tag facility

IPTraf was unable to create the tag file for the facility you started. The facility will still run, but other instances of IPTraf that may be running simultaneously will allow the same facility to run. This may cause both instances of the facility to malfunction. This could be due to a bad disk or bad installation.

facility already running/listening on interface

The facility you tried to start is currently running on the indicated interface in another IPTraf process on the machine. This restriction is placed to prevent conflicts involving internal sockets or the log files.

General interface statistics already active in another process

Only one instance of the general interface statistics can run at a time.

Duplicate port/range entry

You entered a port number or range that was already added to the list of additional ports to be monitored by the TCP/UDP service monitor

No custom ports

There are no ports or port ranges earlier added. There's nothing to delete.

Can't start rvnamed; lookups will block

IPTraf cannot start the rvnamed daemon; probably due to a bad installation. IPTraf will fall back to blocking lookups.

Can't spawn new process; lookups will block

IPTraf cannot start a new process. This may be due to memory shortage. IPTraf will fall back to blocking lookups.

Fork error, IPTraf cannot run in background

IPTraf cannot start a new process, and can go into the background. This may be due to memory shortage. IPTraf aborts.

No memory for new filter entry

IPTraf was unable to allocate memory for a new filter entry. Most likely due to memory shortage.

Memory Low

This indicator appears if memory runs low due to a lot of entries in a facility. Should critical functions fail (window creation, internal allocation), the program could terminate with a segmentation violation.

NoteNote
 

Any message or indicator about low memory means that your system does not have enough memory to handle the entries. It is almost certain that sooner or later, IPTraf or other applications will abort due to the failure of important system calls or library functions. Memory must be added right away.

IPC Error

This indicator appears if an error occurs receiving data from the rvnamed program (IPC stands for Interprocess Communication). This indication should not occur under normal circumstances. Report instances of this condition and the circumstances under which it happens. You may also include data from the rvnamed.log file.

Error opening terminal: terminal

The screen management routines cannot find the terminfo entry for your terminal. IPTraf expects the terminfo database located in /usr/share/terminfo. This error could occur when your terminfo database is located somewhere else. See the section on controlling the terminfo search path.

This will end your IPTraf session

In interactive mode IPTraf asks you to confirm your exit command. Press Enter to return to the shell or any other key to cancel your command and return to the main menu.
<<< PreviousHomeNext >>>
Background Operation rvnamed Messages
iptraf-3.0.0/Documentation/rvnamedmessages.html0100644000000000000000000001071610274340277020374 0ustar rootroot rvnamed Messages
IPTraf User's Manual
<<< PreviousMessagesNext >>>

rvnamed Messages

As a daemon, rvnamed does not send messages to the screen. It writes its messages to the file rvnamed.log in the IPTraf log directory.

Unable to open child communication socket

rvnamed was unable to open the communication endpoint for data reception from the children it creates. This is highly unusual, and should it occur, report the circumstances.

Unable to open client communication socket

rvnamed was unable to open the communication endpoint for data exchange with the IPTraf program. This is highly unusual, and should it occur, report the circumstances.

Error binding client communication socket Error binding child communication socket

rvnamed was unable to assign a name to the indicated communication socket. This may be due to a bad, full, or corrupted filesystem.

Fatal error: no memory for descriptor monitoring

rvnamed ran out of memory. IPTraf will resort to blocking, and may freeze.

Error on fork, returning IP address

rvnamed had a problem spawning a copy of itself to resolve the IP address. rvnamed will simply return the IP address in its literal, dotted-decimal notation. IPTraf will still function normally. This may be due to lack of memory or a process limit hit.

Maximum child process limit reached

rvnamed has reached its maximum number of child processes. This is intended as a "brake" to prevent too many rvnamed children from hogging your computer's resources and possibly crashing it. Unless IPTraf is monitoring an extremely busy network without filters, this shouldn't happen, at least, not that often. If you notice this message, try applying filters or check your DNS server. Many times, this can happen when the DNS server goes down for whatever reason, and you have rvnamed children taking too long to resolve.
<<< PreviousHomeNext >>>
MessagesUpGNU Free Documentation License
iptraf-3.0.0/Documentation/gfdl.html0100644000000000000000000000652410274340277016126 0ustar rootroot GNU Free Documentation License
IPTraf User's Manual
<<< PreviousNext >>>

GNU Free Documentation License

Version 1.1, March 2000

Copyright (C) 2000 Free Software Foundation, Inc. 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA Everyone is permitted to copy and distribute verbatim copies of this license document, but changing it is not allowed.

PREAMBLE

The purpose of this License is to make a manual, textbook, or other written document "free" in the sense of freedom: to assure everyone the effective freedom to copy and redistribute it, with or without modifying it, either commercially or noncommercially. Secondarily, this License preserves for the author and publisher a way to get credit for their work, while not being considered responsible for modifications made by others.

This License is a kind of "copyleft", which means that derivative works of the document must themselves be free in the same sense. It complements the GNU General Public License, which is a copyleft license designed for free software.

We have designed this License in order to use it for manuals for free software, because free software needs free documentation: a free program should come with manuals providing the same freedoms that the software does. But this License is not limited to software manuals; it can be used for any textual work, regardless of subject matter or whether it is published as a printed book. We recommend this License principally for works whose purpose is instruction or reference.

<<< PreviousHomeNext >>>
rvnamed Messages APPLICABILITY AND DEFINITIONS
iptraf-3.0.0/Documentation/gfdl-1.html0100644000000000000000000001215510274340277016261 0ustar rootroot APPLICABILITY AND DEFINITIONS
IPTraf User's Manual
<<< PreviousGNU Free Documentation LicenseNext >>>

APPLICABILITY AND DEFINITIONS

This License applies to any manual or other work that contains a notice placed by the copyright holder saying it can be distributed under the terms of this License. The "Document", below, refers to any such manual or work. Any member of the public is a licensee, and is addressed as "you".

A "Modified Version" of the Document means any work containing the Document or a portion of it, either copied verbatim, or with modifications and/or translated into another language.

A "Secondary Section" is a named appendix or a front-matter section of the Document that deals exclusively with the relationship of the publishers or authors of the Document to the Document's overall subject (or to related matters) and contains nothing that could fall directly within that overall subject. (For example, if the Document is in part a textbook of mathematics, a Secondary Section may not explain any mathematics.) The relationship could be a matter of historical connection with the subject or with related matters, or of legal, commercial, philosophical, ethical or political position regarding them.

The "Invariant Sections" are certain Secondary Sections whose titles are designated, as being those of Invariant Sections, in the notice that says that the Document is released under this License.

The "Cover Texts" are certain short passages of text that are listed, as Front-Cover Texts or Back-Cover Texts, in the notice that says that the Document is released under this License.

A "Transparent" copy of the Document means a machine-readable copy, represented in a format whose specification is available to the general public, whose contents can be viewed and edited directly and straightforwardly with generic text editors or (for images composed of pixels) generic paint programs or (for drawings) some widely available drawing editor, and that is suitable for input to text formatters or for automatic translation to a variety of formats suitable for input to text formatters. A copy made in an otherwise Transparent file format whose markup has been designed to thwart or discourage subsequent modification by readers is not Transparent. A copy that is not "Transparent" is called "Opaque".

Examples of suitable formats for Transparent copies include plain ASCII without markup, Texinfo input format, LaTeX input format, SGML or XML using a publicly available DTD, and standard-conforming simple HTML designed for human modification. Opaque formats include PostScript, PDF, proprietary formats that can be read and edited only by proprietary word processors, SGML or XML for which the DTD and/or processing tools are not generally available, and the machine-generated HTML produced by some word processors for output purposes only.

The "Title Page" means, for a printed book, the title page itself, plus such following pages as are needed to hold, legibly, the material this License requires to appear in the title page. For works in formats which do not have any title page as such, "Title Page" means the text near the most prominent appearance of the work's title, preceding the beginning of the body of the text.

<<< PreviousHomeNext >>>
GNU Free Documentation LicenseUpVERBATIM COPYING
iptraf-3.0.0/Documentation/gfdl-2.html0100644000000000000000000000505610274340277016264 0ustar rootroot VERBATIM COPYING
IPTraf User's Manual
<<< PreviousGNU Free Documentation LicenseNext >>>

VERBATIM COPYING

You may copy and distribute the Document in any medium, either commercially or noncommercially, provided that this License, the copyright notices, and the license notice saying this License applies to the Document are reproduced in all copies, and that you add no other conditions whatsoever to those of this License. You may not use technical measures to obstruct or control the reading or further copying of the copies you make or distribute. However, you may accept compensation in exchange for copies. If you distribute a large enough number of copies you must also follow the conditions in section 3.

You may also lend copies, under the same conditions stated above, and you may publicly display copies.

<<< PreviousHomeNext >>>
APPLICABILITY AND DEFINITIONSUpCOPYING IN QUANTITY
iptraf-3.0.0/Documentation/gfdl-3.html0100644000000000000000000000754110274340277016266 0ustar rootroot COPYING IN QUANTITY
IPTraf User's Manual
<<< PreviousGNU Free Documentation LicenseNext >>>

COPYING IN QUANTITY

If you publish printed copies of the Document numbering more than 100, and the Document's license notice requires Cover Texts, you must enclose the copies in covers that carry, clearly and legibly, all these Cover Texts: Front-Cover Texts on the front cover, and Back-Cover Texts on the back cover. Both covers must also clearly and legibly identify you as the publisher of these copies. The front cover must present the full title with all words of the title equally prominent and visible. You may add other material on the covers in addition. Copying with changes limited to the covers, as long as they preserve the title of the Document and satisfy these conditions, can be treated as verbatim copying in other respects.

If the required texts for either cover are too voluminous to fit legibly, you should put the first ones listed (as many as fit reasonably) on the actual cover, and continue the rest onto adjacent pages.

If you publish or distribute Opaque copies of the Document numbering more than 100, you must either include a machine-readable Transparent copy along with each Opaque copy, or state in or with each Opaque copy a publicly-accessible computer-network location containing a complete Transparent copy of the Document, free of added material, which the general network-using public has access to download anonymously at no charge using public-standard network protocols. If you use the latter option, you must take reasonably prudent steps, when you begin distribution of Opaque copies in quantity, to ensure that this Transparent copy will remain thus accessible at the stated location until at least one year after the last time you distribute an Opaque copy (directly or through your agents or retailers) of that edition to the public.

It is requested, but not required, that you contact the authors of the Document well before redistributing any large number of copies, to give them a chance to provide you with an updated version of the Document.

<<< PreviousHomeNext >>>
VERBATIM COPYINGUpMODIFICATIONS
iptraf-3.0.0/Documentation/gfdl-4.html0100644000000000000000000001573410274340277016272 0ustar rootroot MODIFICATIONS
IPTraf User's Manual
<<< PreviousGNU Free Documentation LicenseNext >>>

MODIFICATIONS

You may copy and distribute a Modified Version of the Document under the conditions of sections 2 and 3 above, provided that you release the Modified Version under precisely this License, with the Modified Version filling the role of the Document, thus licensing distribution and modification of the Modified Version to whoever possesses a copy of it. In addition, you must do these things in the Modified Version:

  1. Use in the Title Page (and on the covers, if any) a title distinct from that of the Document, and from those of previous versions (which should, if there were any, be listed in the History section of the Document). You may use the same title as a previous version if the original publisher of that version gives permission.

  2. List on the Title Page, as authors, one or more persons or entities responsible for authorship of the modifications in the Modified Version, together with at least five of the principal authors of the Document (all of its principal authors, if it has less than five).

  3. State on the Title page the name of the publisher of the Modified Version, as the publisher.

  4. Preserve all the copyright notices of the Document.

  5. Add an appropriate copyright notice for your modifications adjacent to the other copyright notices.

  6. Include, immediately after the copyright notices, a license notice giving the public permission to use the Modified Version under the terms of this License, in the form shown in the Addendum below.

  7. Preserve in that license notice the full lists of Invariant Sections and required Cover Texts given in the Document's license notice.

  8. Include an unaltered copy of this License.

  9. Preserve the section entitled "History", and its title, and add to it an item stating at least the title, year, new authors, and publisher of the Modified Version as given on the Title Page. If there is no section entitled "History" in the Document, create one stating the title, year, authors, and publisher of the Document as given on its Title Page, then add an item describing the Modified Version as stated in the previous sentence.

  10. Preserve the network location, if any, given in the Document for public access to a Transparent copy of the Document, and likewise the network locations given in the Document for previous versions it was based on. These may be placed in the "History" section. You may omit a network location for a work that was published at least four years before the Document itself, or if the original publisher of the version it refers to gives permission.

  11. In any section entitled "Acknowledgements" or "Dedications", preserve the section's title, and preserve in the section all the substance and tone of each of the contributor acknowledgements and/or dedications given therein.

  12. Preserve all the Invariant Sections of the Document, unaltered in their text and in their titles. Section numbers or the equivalent are not considered part of the section titles.

  13. Delete any section entitled "Endorsements". Such a section may not be included in the Modified Version.

  14. Do not retitle any existing section as "Endorsements" or to conflict in title with any Invariant Section.

If the Modified Version includes new front-matter sections or appendices that qualify as Secondary Sections and contain no material copied from the Document, you may at your option designate some or all of these sections as invariant. To do this, add their titles to the list of Invariant Sections in the Modified Version's license notice. These titles must be distinct from any other section titles.

You may add a section entitled "Endorsements", provided it contains nothing but endorsements of your Modified Version by various parties--for example, statements of peer review or that the text has been approved by an organization as the authoritative definition of a standard.

You may add a passage of up to five words as a Front-Cover Text, and a passage of up to 25 words as a Back-Cover Text, to the end of the list of Cover Texts in the Modified Version. Only one passage of Front-Cover Text and one of Back-Cover Text may be added by (or through arrangements made by) any one entity. If the Document already includes a cover text for the same cover, previously added by you or by arrangement made by the same entity you are acting on behalf of, you may not add another; but you may replace the old one, on explicit permission from the previous publisher that added the old one.

The author(s) and publisher(s) of the Document do not by this License give permission to use their names for publicity for or to assert or imply endorsement of any Modified Version.

<<< PreviousHomeNext >>>
COPYING IN QUANTITYUpCOMBINING DOCUMENTS
iptraf-3.0.0/Documentation/gfdl-5.html0100644000000000000000000000603210274340277016262 0ustar rootroot COMBINING DOCUMENTS
IPTraf User's Manual
<<< PreviousGNU Free Documentation LicenseNext >>>

COMBINING DOCUMENTS

You may combine the Document with other documents released under this License, under the terms defined in section 4 above for modified versions, provided that you include in the combination all of the Invariant Sections of all of the original documents, unmodified, and list them all as Invariant Sections of your combined work in its license notice.

The combined work need only contain one copy of this License, and multiple identical Invariant Sections may be replaced with a single copy. If there are multiple Invariant Sections with the same name but different contents, make the title of each such section unique by adding at the end of it, in parentheses, the name of the original author or publisher of that section if known, or else a unique number. Make the same adjustment to the section titles in the list of Invariant Sections in the license notice of the combined work.

In the combination, you must combine any sections entitled "History" in the various original documents, forming one section entitled "History"; likewise combine any sections entitled "Acknowledgements", and any sections entitled "Dedications". You must delete all sections entitled "Endorsements."

<<< PreviousHomeNext >>>
MODIFICATIONSUpCOLLECTIONS OF DOCUMENTS
iptraf-3.0.0/Documentation/gfdl-6.html0100644000000000000000000000475410274340277016274 0ustar rootroot COLLECTIONS OF DOCUMENTS
IPTraf User's Manual
<<< PreviousGNU Free Documentation LicenseNext >>>

COLLECTIONS OF DOCUMENTS

You may make a collection consisting of the Document and other documents released under this License, and replace the individual copies of this License in the various documents with a single copy that is included in the collection, provided that you follow the rules of this License for verbatim copying of each of the documents in all other respects.

You may extract a single document from such a collection, and distribute it individually under this License, provided you insert a copy of this License into the extracted document, and follow this License in all other respects regarding verbatim copying of that document.

<<< PreviousHomeNext >>>
COMBINING DOCUMENTSUpAGGREGATION WITH INDEPENDENT WORKS
iptraf-3.0.0/Documentation/gfdl-7.html0100644000000000000000000000534210274340277016267 0ustar rootroot AGGREGATION WITH INDEPENDENT WORKS
IPTraf User's Manual
<<< PreviousGNU Free Documentation LicenseNext >>>

AGGREGATION WITH INDEPENDENT WORKS

A compilation of the Document or its derivatives with other separate and independent documents or works, in or on a volume of a storage or distribution medium, does not as a whole count as a Modified Version of the Document, provided no compilation copyright is claimed for the compilation. Such a compilation is called an "aggregate", and this License does not apply to the other self-contained works thus compiled with the Document, on account of their being thus compiled, if they are not themselves derivative works of the Document.

If the Cover Text requirement of section 3 is applicable to these copies of the Document, then if the Document is less than one quarter of the entire aggregate, the Document's Cover Texts may be placed on covers that surround only the Document within the aggregate. Otherwise they must appear on covers around the whole aggregate.

<<< PreviousHomeNext >>>
COLLECTIONS OF DOCUMENTSUpTRANSLATION
iptraf-3.0.0/Documentation/gfdl-8.html0100644000000000000000000000471410274340277016272 0ustar rootroot TRANSLATION
IPTraf User's Manual
<<< PreviousGNU Free Documentation LicenseNext >>>

TRANSLATION

Translation is considered a kind of modification, so you may distribute translations of the Document under the terms of section 4. Replacing Invariant Sections with translations requires special permission from their copyright holders, but you may include translations of some or all Invariant Sections in addition to the original versions of these Invariant Sections. You may include a translation of this License provided that you also include the original English version of this License. In case of a disagreement between the translation and the original English version of this License, the original English version will prevail.

<<< PreviousHomeNext >>>
AGGREGATION WITH INDEPENDENT WORKSUpTERMINATION
iptraf-3.0.0/Documentation/gfdl-9.html0100644000000000000000000000437110274340277016272 0ustar rootroot TERMINATION
IPTraf User's Manual
<<< PreviousGNU Free Documentation LicenseNext >>>

TERMINATION

You may not copy, modify, sublicense, or distribute the Document except as expressly provided for under this License. Any other attempt to copy, modify, sublicense or distribute the Document is void, and will automatically terminate your rights under this License. However, parties who have received copies, or rights, from you under this License will not have their licenses terminated so long as such parties remain in full compliance.

<<< PreviousHomeNext >>>
TRANSLATIONUpFUTURE REVISIONS OF THIS LICENSE
iptraf-3.0.0/Documentation/gfdl-10.html0100644000000000000000000000541210274340277016337 0ustar rootroot FUTURE REVISIONS OF THIS LICENSE
IPTraf User's Manual
<<< PreviousGNU Free Documentation LicenseNext >>>

FUTURE REVISIONS OF THIS LICENSE

The Free Software Foundation may publish new, revised versions of the GNU Free Documentation License from time to time. Such new versions will be similar in spirit to the present version, but may differ in detail to address new problems or concerns. See http://www.gnu.org/copyleft/.

Each version of the License is given a distinguishing version number. If the Document specifies that a particular numbered version of this License "or any later version" applies to it, you have the option of following the terms and conditions either of that specified version or of any later version that has been published (not as a draft) by the Free Software Foundation. If the Document does not specify a version number of this License, you may choose any version ever published (not as a draft) by the Free Software Foundation.

<<< PreviousHomeNext >>>
TERMINATIONUpHow to use this License for your documents
iptraf-3.0.0/Documentation/gfdl-11.html0100644000000000000000000000575010274340277016345 0ustar rootroot How to use this License for your documents
IPTraf User's Manual
<<< PreviousGNU Free Documentation License 

How to use this License for your documents

To use this License in a document you have written, include a copy of the License in the document and put the following copyright and license notices just after the title page:

Copyright (c) YEAR YOUR NAME. Permission is granted to copy, distribute and/or modify this document under the terms of the GNU Free Documentation License, Version 1.1 or any later version published by the Free Software Foundation; with the Invariant Sections being LIST THEIR TITLES, with the Front-Cover Texts being LIST, and with the Back-Cover Texts being LIST. A copy of the license is included in the section entitled "GNU Free Documentation License".

If you have no Invariant Sections, write "with no Invariant Sections" instead of saying which ones are invariant. If you have no Front-Cover Texts, write "no Front-Cover Texts" instead of "Front-Cover Texts being LIST"; likewise for Back-Cover Texts.

If your document contains nontrivial examples of program code, we recommend releasing these examples in parallel under your choice of free software license, such as the GNU General Public License, to permit their use in free software.

<<< PreviousHome 
FUTURE REVISIONS OF THIS LICENSEUp 
iptraf-3.0.0/Documentation/manual.rtf0100644000000000000000000070112710274335775016326 0ustar rootroot{\rtf1\ansi\deff0 {\fonttbl{\f3\fnil\fcharset0 Courier New;} {\f2\fnil\fcharset0 Helvetica;} {\f4\fnil\fcharset0 Arial;} {\f1\fnil\fcharset0 Palatino;} {\f0\fnil\fcharset0 Times New Roman;} } {\colortbl;}{\stylesheet{\s1 Heading 1;}{\s2 Heading 2;}{\s3 Heading 3;}{\s4 Heading 4;}{\s5 Heading 5;}{\s6 Heading 6;}{\s7 Heading 7;}{\s8 Heading 8;}{\s9 Heading 9;}} \deflang1024\notabind\facingp\hyphauto1\widowctrl \sectd\plain\pgwsxn12240\pghsxn15840\marglsxn1920\margrsxn1920\margtsxn960\margbsxn480\headery0\footery0\pgndec{\headerl\pard\sl-240\sb770\sa-50\plain\tqc\tx4200\tqr\tx8400 {}\tab {}\tab {}\par}{\footerl\pard\sl-240\sb-670\sa910\plain\tqc\tx4200\tqr\tx8400 {}\tab {}\tab {}\par}{\headerr\pard\sl-240\sb770\sa-50\plain\tqc\tx4200\tqr\tx8400 {}\tab {}\tab {}\par}{\footerr\pard\sl-240\sb-670\sa910\plain\tqc\tx4200\tqr\tx8400 {}\tab {}\tab {}\par}\pard\sl20 {\*\bkmkstart ID_MANUAL}{\*\bkmkend ID_MANUAL}\fs20\f1 \hyphpar0\par\pard\sb242\sl354\qc \b\fs32\f2 IPTraf User's Manual\hyphpar0\par\sect\sectd\plain\pgwsxn12240\pghsxn15840\marglsxn1920\margrsxn1920\margtsxn960\margbsxn480\headery0\footery0\pgndec{\headerl\pard\sl-240\sb770\sa-50\plain\tqc\tx4200\tqr\tx8400 {}\tab {}\tab {}\par}{\footerl\pard\sl-240\sb-670\sa910\plain\tqc\tx4200\tqr\tx8400 {}\tab {}\tab {}\par}{\headerr\pard\sl-240\sb770\sa-50\plain\tqc\tx4200\tqr\tx8400 {}\tab {}\tab {}\par}{\footerr\pard\sl-240\sb-670\sa910\plain\tqc\tx4200\tqr\tx8400 {}\tab {}\tab {}\par}\pard\sl20 \fs20\f1 \keepn\hyphpar0\par\pard\sl-240 \b\f2 IPTraf User's Manual\hyphpar0\par\pard\sl220 \b0\f1 Copyright\~\'a9\~1997, 2003 by Gerard Paul Java\hyphpar0\par\pard\sb200\sl220 \fs16 This manual is released under the terms of the GNU Free Documentation License of March, 2000 as published by the Free Software Foundation, reproduced in this manual as Appendix B.\hyphpar0\par\pard\sl220 IPTraf is open-source software released under the terms of the GNU General Public License version 2 or any later version as published by the Free Software Foundation, reproduced in the LICENSE file in the distribution's top-level directory.\hyphpar0\par\pard\sl220 The accomanying software and the information contained in this document are provided "AS IS" without warranty of any kind, express or implied, including, without limitation, the implied warranties of mercantability or fitness for any particular purpose.\hyphpar0\par\pard\sl220 In no event shall the author be liable for any indirect, special, consequential, or incidental damages arising from the use of this manual or the accompanying software even if the author has been advised of the possibility of such damages.\hyphpar0\par\pard\sl220 Linux is a registered trademark of Linus Torvalds. Pentium is a registered trademark of Intel Corporation. All other trademarks are property of their respective owners.\hyphpar0\par\pard\sl220 Some structure declarations were based on code copyrighted by the Regents of the University of California.\hyphpar0\par\pard\sl220 Token Ring parsing code based on the Token Ring packet construction code in the Linux 2.2 kernel.\hyphpar0\par\sect\sectd\plain\pgwsxn12240\pghsxn15840\marglsxn1920\margrsxn1920\margtsxn960\margbsxn480\headery0\footery0\pgnlcrm\pgnrestart\titlepg{\headerf\pard\sl-240\sb770\sa-50\plain\tqc\tx4200\tqr\tx8400 {}\tab {}\tab {}\par}{\footerf\pard\sl-240\sb-670\sa910\plain\tqc\tx4200\tqr\tx8400 {}\tab {}\tab {\i\fs20\f1 \chpgn }\par}{\headerl\pard\sl-240\sb770\sa-50\plain\tqc\tx4200\tqr\tx8400 {}\tab {}\tab {}\par}{\footerl\pard\sl-240\sb-670\sa910\plain\tqc\tx4200\tqr\tx8400 {\i\fs20\f1 \chpgn }\tab {}\tab {}\par}{\headerr\pard\sl-240\sb770\sa-50\plain\tqc\tx4200\tqr\tx8400 {}\tab {}\tab {}\par}{\footerr\pard\sl-240\sb-670\sa910\plain\tqc\tx4200\tqr\tx8400 {}\tab {}\tab {\i\fs20\f1 \chpgn }\par}\pard\sb220\s1\sl322 \b\fs29\f2 Table of Contents\keepn\hyphpar0\par\pard\sb146\li1440\sl220\fi-480 {\field{\*\fldinst HYPERLINK \\l ID_PREFACE}{\fldrslt \fs20\f1 About This Document}}\fs20\f1 \tqr\tldot\tx8400\tab {\field{\*\fldinst HYPERLINK \\l ID_PREFACE}{\fldrslt {\field\flddirty{\*\fldinst PAGEREF ID_PREFACE}{\fldrslt 000}}}}\hyphpar0\par\pard\sb48\li1920\sl220\fi-480 {\field{\*\fldinst HYPERLINK \\l ID_ADDINFO}{\fldrslt \b0 For Additional Information}}\b0 \tqr\tldot\tx8400\tab {\field{\*\fldinst HYPERLINK \\l ID_ADDINFO}{\fldrslt {\field\flddirty{\*\fldinst PAGEREF ID_ADDINFO}{\fldrslt 000}}}}\hyphpar0\par\pard\li1920\sl220\fi-480 {\field{\*\fldinst HYPERLINK \\l ID_CONVENTIONS}{\fldrslt Document Conventions}}\tqr\tldot\tx8400\tab {\field{\*\fldinst HYPERLINK \\l ID_CONVENTIONS}{\fldrslt {\field\flddirty{\*\fldinst PAGEREF ID_CONVENTIONS}{\fldrslt 000}}}}\hyphpar0\par\pard\sb48\li1440\sl220\fi-480 {\field{\*\fldinst HYPERLINK \\l ID_GETTINGSTARTED}{\fldrslt \b 1. Getting Started}}\b \tqr\tldot\tx8400\tab {\field{\*\fldinst HYPERLINK \\l ID_GETTINGSTARTED}{\fldrslt {\field\flddirty{\*\fldinst PAGEREF ID_GETTINGSTARTED}{\fldrslt 000}}}}\hyphpar0\par\pard\sb48\li1920\sl220\fi-480 {\field{\*\fldinst HYPERLINK \\l _65 }{\fldrslt \b0 About IPTraf}}\b0 \tqr\tldot\tx8400\tab {\field{\*\fldinst HYPERLINK \\l _65 }{\fldrslt {\field\flddirty{\*\fldinst PAGEREF _65}{\fldrslt 000}}}}\hyphpar0\par\pard\li1920\sl220\fi-480 {\field{\*\fldinst HYPERLINK \\l ID_INSTALLATION}{\fldrslt Installation}}\tqr\tldot\tx8400\tab {\field{\*\fldinst HYPERLINK \\l ID_INSTALLATION}{\fldrslt {\field\flddirty{\*\fldinst PAGEREF ID_INSTALLATION}{\fldrslt 000}}}}\hyphpar0\par\pard\li2400\sl220\fi-480 {\field{\*\fldinst HYPERLINK \\l _96 }{\fldrslt System Requirements}}\tqr\tldot\tx8400\tab {\field{\*\fldinst HYPERLINK \\l _96 }{\fldrslt {\field\flddirty{\*\fldinst PAGEREF _96}{\fldrslt 000}}}}\hyphpar0\par\pard\li2400\sl220\fi-480 {\field{\*\fldinst HYPERLINK \\l _134 }{\fldrslt Availability}}\tqr\tldot\tx8400\tab {\field{\*\fldinst HYPERLINK \\l _134 }{\fldrslt {\field\flddirty{\*\fldinst PAGEREF _134}{\fldrslt 000}}}}\hyphpar0\par\pard\li2400\sl220\fi-480 {\field{\*\fldinst HYPERLINK \\l _149 }{\fldrslt Installing Downloaded Packages}}\tqr\tldot\tx8400\tab {\field{\*\fldinst HYPERLINK \\l _149 }{\fldrslt {\field\flddirty{\*\fldinst PAGEREF _149}{\fldrslt 000}}}}\hyphpar0\par\pard\li2400\sl220\fi-480 {\field{\*\fldinst HYPERLINK \\l _186 }{\fldrslt Installing a Floppy Distribution}}\tqr\tldot\tx8400\tab {\field{\*\fldinst HYPERLINK \\l _186 }{\fldrslt {\field\flddirty{\*\fldinst PAGEREF _186}{\fldrslt 000}}}}\hyphpar0\par\pard\li1920\sl220\fi-480 {\field{\*\fldinst HYPERLINK \\l ID_UPGRADING}{\fldrslt Upgrading from Earlier Versions}}\tqr\tldot\tx8400\tab {\field{\*\fldinst HYPERLINK \\l ID_UPGRADING}{\fldrslt {\field\flddirty{\*\fldinst PAGEREF ID_UPGRADING}{\fldrslt 000}}}}\hyphpar0\par\pard\li1920\sl220\fi-480 {\field{\*\fldinst HYPERLINK \\l ID_STARTSTOP}{\fldrslt Starting and Stopping IPTraf}}\tqr\tldot\tx8400\tab {\field{\*\fldinst HYPERLINK \\l ID_STARTSTOP}{\fldrslt {\field\flddirty{\*\fldinst PAGEREF ID_STARTSTOP}{\fldrslt 000}}}}\hyphpar0\par\pard\li1920\sl220\fi-480 {\field{\*\fldinst HYPERLINK \\l ID_CMDLINE}{\fldrslt Command-line Options}}\tqr\tldot\tx8400\tab {\field{\*\fldinst HYPERLINK \\l ID_CMDLINE}{\fldrslt {\field\flddirty{\*\fldinst PAGEREF ID_CMDLINE}{\fldrslt 000}}}}\hyphpar0\par\pard\li1920\sl220\fi-480 {\field{\*\fldinst HYPERLINK \\l ID_MENUS}{\fldrslt Using the Menus}}\tqr\tldot\tx8400\tab {\field{\*\fldinst HYPERLINK \\l ID_MENUS}{\fldrslt {\field\flddirty{\*\fldinst PAGEREF ID_MENUS}{\fldrslt 000}}}}\hyphpar0\par\pard\li1920\sl220\fi-480 {\field{\*\fldinst HYPERLINK \\l ID_EXITING}{\fldrslt Exiting IPTraf}}\tqr\tldot\tx8400\tab {\field{\*\fldinst HYPERLINK \\l ID_EXITING}{\fldrslt {\field\flddirty{\*\fldinst PAGEREF ID_EXITING}{\fldrslt 000}}}}\hyphpar0\par\pard\sb48\li1440\sl220\fi-480 {\field{\*\fldinst HYPERLINK \\l ID_PREPARINGTOUSE}{\fldrslt \b 2. Preparing to Use IPTraf}}\b \tqr\tldot\tx8400\tab {\field{\*\fldinst HYPERLINK \\l ID_PREPARINGTOUSE}{\fldrslt {\field\flddirty{\*\fldinst PAGEREF ID_PREPARINGTOUSE}{\fldrslt 000}}}}\hyphpar0\par\pard\sb48\li1920\sl220\fi-480 {\field{\*\fldinst HYPERLINK \\l ID_NUMBERS}{\fldrslt \b0 Number Display Notations}}\b0 \tqr\tldot\tx8400\tab {\field{\*\fldinst HYPERLINK \\l ID_NUMBERS}{\fldrslt {\field\flddirty{\*\fldinst PAGEREF ID_NUMBERS}{\fldrslt 000}}}}\hyphpar0\par\pard\li1920\sl220\fi-480 {\field{\*\fldinst HYPERLINK \\l ID_INSTANCES}{\fldrslt Instances and Logging}}\tqr\tldot\tx8400\tab {\field{\*\fldinst HYPERLINK \\l ID_INSTANCES}{\fldrslt {\field\flddirty{\*\fldinst PAGEREF ID_INSTANCES}{\fldrslt 000}}}}\hyphpar0\par\pard\li1920\sl220\fi-480 {\field{\*\fldinst HYPERLINK \\l ID_UPDATES}{\fldrslt Screen Update Delays}}\tqr\tldot\tx8400\tab {\field{\*\fldinst HYPERLINK \\l ID_UPDATES}{\fldrslt {\field\flddirty{\*\fldinst PAGEREF ID_UPDATES}{\fldrslt 000}}}}\hyphpar0\par\pard\li1920\sl220\fi-480 {\field{\*\fldinst HYPERLINK \\l ID_IFACES}{\fldrslt Supported Network Interfaces}}\tqr\tldot\tx8400\tab {\field{\*\fldinst HYPERLINK \\l ID_IFACES}{\fldrslt {\field\flddirty{\*\fldinst PAGEREF ID_IFACES}{\fldrslt 000}}}}\hyphpar0\par\pard\sb48\li1440\sl220\fi-480 {\field{\*\fldinst HYPERLINK \\l ID_ITRAFMON}{\fldrslt \b 3. The IP Traffic Monitor}}\b \tqr\tldot\tx8400\tab {\field{\*\fldinst HYPERLINK \\l ID_ITRAFMON}{\fldrslt {\field\flddirty{\*\fldinst PAGEREF ID_ITRAFMON}{\fldrslt 000}}}}\hyphpar0\par\pard\sb48\li1920\sl220\fi-480 {\field{\*\fldinst HYPERLINK \\l ID_UPPERWIN}{\fldrslt \b0 The Upper Window}}\b0 \tqr\tldot\tx8400\tab {\field{\*\fldinst HYPERLINK \\l ID_UPPERWIN}{\fldrslt {\field\flddirty{\*\fldinst PAGEREF ID_UPPERWIN}{\fldrslt 000}}}}\hyphpar0\par\pard\li2400\sl220\fi-480 {\field{\*\fldinst HYPERLINK \\l _725 }{\fldrslt Closed/Idle/Timed Out Connections}}\tqr\tldot\tx8400\tab {\field{\*\fldinst HYPERLINK \\l _725 }{\fldrslt {\field\flddirty{\*\fldinst PAGEREF _725}{\fldrslt 000}}}}\hyphpar0\par\pard\li2400\sl220\fi-480 {\field{\*\fldinst HYPERLINK \\l _736 }{\fldrslt Sorting TCP Entries}}\tqr\tldot\tx8400\tab {\field{\*\fldinst HYPERLINK \\l _736 }{\fldrslt {\field\flddirty{\*\fldinst PAGEREF _736}{\fldrslt 000}}}}\hyphpar0\par\pard\li1920\sl220\fi-480 {\field{\*\fldinst HYPERLINK \\l ID_LOWERWIN}{\fldrslt Lower Window}}\tqr\tldot\tx8400\tab {\field{\*\fldinst HYPERLINK \\l ID_LOWERWIN}{\fldrslt {\field\flddirty{\*\fldinst PAGEREF ID_LOWERWIN}{\fldrslt 000}}}}\hyphpar0\par\pard\li2400\sl220\fi-480 {\field{\*\fldinst HYPERLINK \\l _835 }{\fldrslt Entry Details}}\tqr\tldot\tx8400\tab {\field{\*\fldinst HYPERLINK \\l _835 }{\fldrslt {\field\flddirty{\*\fldinst PAGEREF _835}{\fldrslt 000}}}}\hyphpar0\par\pard\li1920\sl220\fi-480 {\field{\*\fldinst HYPERLINK \\l _1076 }{\fldrslt Additional Information}}\tqr\tldot\tx8400\tab {\field{\*\fldinst HYPERLINK \\l _1076 }{\fldrslt {\field\flddirty{\*\fldinst PAGEREF _1076}{\fldrslt 000}}}}\hyphpar0\par\pard\sb48\li1440\sl220\fi-480 {\field{\*\fldinst HYPERLINK \\l ID_NETSTATS}{\fldrslt \b 4. Network Interface Statistics}}\b \tqr\tldot\tx8400\tab {\field{\*\fldinst HYPERLINK \\l ID_NETSTATS}{\fldrslt {\field\flddirty{\*\fldinst PAGEREF ID_NETSTATS}{\fldrslt 000}}}}\hyphpar0\par\pard\sb48\li1920\sl220\fi-480 {\field{\*\fldinst HYPERLINK \\l ID_GENSTATS}{\fldrslt \b0 General Interface Statistics}}\b0 \tqr\tldot\tx8400\tab {\field{\*\fldinst HYPERLINK \\l ID_GENSTATS}{\fldrslt {\field\flddirty{\*\fldinst PAGEREF ID_GENSTATS}{\fldrslt 000}}}}\hyphpar0\par\pard\li1920\sl220\fi-480 {\field{\*\fldinst HYPERLINK \\l ID_DETSTATS}{\fldrslt Detailed Interface Statistics}}\tqr\tldot\tx8400\tab {\field{\*\fldinst HYPERLINK \\l ID_DETSTATS}{\fldrslt {\field\flddirty{\*\fldinst PAGEREF ID_DETSTATS}{\fldrslt 000}}}}\hyphpar0\par\pard\sb48\li1440\sl220\fi-480 {\field{\*\fldinst HYPERLINK \\l ID_STATBREAKDOWNS}{\fldrslt \b 5. Statistical Breakdowns}}\b \tqr\tldot\tx8400\tab {\field{\*\fldinst HYPERLINK \\l ID_STATBREAKDOWNS}{\fldrslt {\field\flddirty{\*\fldinst PAGEREF ID_STATBREAKDOWNS}{\fldrslt 000}}}}\hyphpar0\par\pard\sb48\li1920\sl220\fi-480 {\field{\*\fldinst HYPERLINK \\l ID_PKTSIZE}{\fldrslt \b0 Packet Sizes}}\b0 \tqr\tldot\tx8400\tab {\field{\*\fldinst HYPERLINK \\l ID_PKTSIZE}{\fldrslt {\field\flddirty{\*\fldinst PAGEREF ID_PKTSIZE}{\fldrslt 000}}}}\hyphpar0\par\pard\li1920\sl220\fi-480 {\field{\*\fldinst HYPERLINK \\l ID_SERVMON}{\fldrslt TCP and UDP Traffic Statistics}}\tqr\tldot\tx8400\tab {\field{\*\fldinst HYPERLINK \\l ID_SERVMON}{\fldrslt {\field\flddirty{\*\fldinst PAGEREF ID_SERVMON}{\fldrslt 000}}}}\hyphpar0\par\pard\li2400\sl220\fi-480 {\field{\*\fldinst HYPERLINK \\l _1222 }{\fldrslt Sorting TCP/UDP Entries}}\tqr\tldot\tx8400\tab {\field{\*\fldinst HYPERLINK \\l _1222 }{\fldrslt {\field\flddirty{\*\fldinst PAGEREF _1222}{\fldrslt 000}}}}\hyphpar0\par\pard\li2400\sl220\fi-480 {\field{\*\fldinst HYPERLINK \\l _1230 }{\fldrslt Additional Information}}\tqr\tldot\tx8400\tab {\field{\*\fldinst HYPERLINK \\l _1230 }{\fldrslt {\field\flddirty{\*\fldinst PAGEREF _1230}{\fldrslt 000}}}}\hyphpar0\par\pard\sb48\li1440\sl220\fi-480 {\field{\*\fldinst HYPERLINK \\l ID_HOSTMON}{\fldrslt \b 6. LAN Station Statistics}}\b \tqr\tldot\tx8400\tab {\field{\*\fldinst HYPERLINK \\l ID_HOSTMON}{\fldrslt {\field\flddirty{\*\fldinst PAGEREF ID_HOSTMON}{\fldrslt 000}}}}\hyphpar0\par\pard\sb48\li1920\sl220\fi-480 {\field{\*\fldinst HYPERLINK \\l ID_SORTINGLAN}{\fldrslt \b0 Sorting the LAN Station Monitor Entries}}\b0 \tqr\tldot\tx8400\tab {\field{\*\fldinst HYPERLINK \\l ID_SORTINGLAN}{\fldrslt {\field\flddirty{\*\fldinst PAGEREF ID_SORTINGLAN}{\fldrslt 000}}}}\hyphpar0\par\pard\li1920\sl220\fi-480 {\field{\*\fldinst HYPERLINK \\l ID_MORELANMONINFO}{\fldrslt Additional Information}}\tqr\tldot\tx8400\tab {\field{\*\fldinst HYPERLINK \\l ID_MORELANMONINFO}{\fldrslt {\field\flddirty{\*\fldinst PAGEREF ID_MORELANMONINFO}{\fldrslt 000}}}}\hyphpar0\par\pard\sb48\li1440\sl220\fi-480 {\field{\*\fldinst HYPERLINK \\l ID_FILTERS}{\fldrslt \b 7. Filters}}\b \tqr\tldot\tx8400\tab {\field{\*\fldinst HYPERLINK \\l ID_FILTERS}{\fldrslt {\field\flddirty{\*\fldinst PAGEREF ID_FILTERS}{\fldrslt 000}}}}\hyphpar0\par\pard\sb48\li1920\sl220\fi-480 {\field{\*\fldinst HYPERLINK \\l ID_IPFILTERS}{\fldrslt \b0 IP Filters}}\b0 \tqr\tldot\tx8400\tab {\field{\*\fldinst HYPERLINK \\l ID_IPFILTERS}{\fldrslt {\field\flddirty{\*\fldinst PAGEREF ID_IPFILTERS}{\fldrslt 000}}}}\hyphpar0\par\pard\li2400\sl220\fi-480 {\field{\*\fldinst HYPERLINK \\l _1304 }{\fldrslt Defining a New Filter}}\tqr\tldot\tx8400\tab {\field{\*\fldinst HYPERLINK \\l _1304 }{\fldrslt {\field\flddirty{\*\fldinst PAGEREF _1304}{\fldrslt 000}}}}\hyphpar0\par\pard\li2400\sl220\fi-480 {\field{\*\fldinst HYPERLINK \\l _1902 }{\fldrslt Applying a Filter}}\tqr\tldot\tx8400\tab {\field{\*\fldinst HYPERLINK \\l _1902 }{\fldrslt {\field\flddirty{\*\fldinst PAGEREF _1902}{\fldrslt 000}}}}\hyphpar0\par\pard\li2400\sl220\fi-480 {\field{\*\fldinst HYPERLINK \\l _1907 }{\fldrslt Editing a Defined Filter}}\tqr\tldot\tx8400\tab {\field{\*\fldinst HYPERLINK \\l _1907 }{\fldrslt {\field\flddirty{\*\fldinst PAGEREF _1907}{\fldrslt 000}}}}\hyphpar0\par\pard\li2400\sl220\fi-480 {\field{\*\fldinst HYPERLINK \\l _1922 }{\fldrslt Deleting a Defined Filter}}\tqr\tldot\tx8400\tab {\field{\*\fldinst HYPERLINK \\l _1922 }{\fldrslt {\field\flddirty{\*\fldinst PAGEREF _1922}{\fldrslt 000}}}}\hyphpar0\par\pard\li2400\sl220\fi-480 {\field{\*\fldinst HYPERLINK \\l _1926 }{\fldrslt Detaching a Filter}}\tqr\tldot\tx8400\tab {\field{\*\fldinst HYPERLINK \\l _1926 }{\fldrslt {\field\flddirty{\*\fldinst PAGEREF _1926}{\fldrslt 000}}}}\hyphpar0\par\pard\li1920\sl220\fi-480 {\field{\*\fldinst HYPERLINK \\l ID_NONIPFILTERS}{\fldrslt ARP, RARP, and other Non-IP Packet Filters}}\tqr\tldot\tx8400\tab {\field{\*\fldinst HYPERLINK \\l ID_NONIPFILTERS}{\fldrslt {\field\flddirty{\*\fldinst PAGEREF ID_NONIPFILTERS}{\fldrslt 000}}}}\hyphpar0\par\pard\sb48\li1440\sl220\fi-480 {\field{\*\fldinst HYPERLINK \\l ID_CONFIG}{\fldrslt \b 8. Configuring IPTraf}}\b \tqr\tldot\tx8400\tab {\field{\*\fldinst HYPERLINK \\l ID_CONFIG}{\fldrslt {\field\flddirty{\*\fldinst PAGEREF ID_CONFIG}{\fldrslt 000}}}}\hyphpar0\par\pard\sb48\li1920\sl220\fi-480 {\field{\*\fldinst HYPERLINK \\l ID_TOGGLES}{\fldrslt \b0 Toggles}}\b0 \tqr\tldot\tx8400\tab {\field{\*\fldinst HYPERLINK \\l ID_TOGGLES}{\fldrslt {\field\flddirty{\*\fldinst PAGEREF ID_TOGGLES}{\fldrslt 000}}}}\hyphpar0\par\pard\li2400\sl220\fi-480 {\field{\*\fldinst HYPERLINK \\l _1946 }{\fldrslt Reverse DNS Lookups}}\tqr\tldot\tx8400\tab {\field{\*\fldinst HYPERLINK \\l _1946 }{\fldrslt {\field\flddirty{\*\fldinst PAGEREF _1946}{\fldrslt 000}}}}\hyphpar0\par\pard\li2400\sl220\fi-480 {\field{\*\fldinst HYPERLINK \\l _1950 }{\fldrslt TCP/UDP Service Names}}\tqr\tldot\tx8400\tab {\field{\*\fldinst HYPERLINK \\l _1950 }{\fldrslt {\field\flddirty{\*\fldinst PAGEREF _1950}{\fldrslt 000}}}}\hyphpar0\par\pard\li2400\sl220\fi-480 {\field{\*\fldinst HYPERLINK \\l _1961 }{\fldrslt Force promiscuous}}\tqr\tldot\tx8400\tab {\field{\*\fldinst HYPERLINK \\l _1961 }{\fldrslt {\field\flddirty{\*\fldinst PAGEREF _1961}{\fldrslt 000}}}}\hyphpar0\par\pard\li2400\sl220\fi-480 {\field{\*\fldinst HYPERLINK \\l _1971 }{\fldrslt Color}}\tqr\tldot\tx8400\tab {\field{\*\fldinst HYPERLINK \\l _1971 }{\fldrslt {\field\flddirty{\*\fldinst PAGEREF _1971}{\fldrslt 000}}}}\hyphpar0\par\pard\li2400\sl220\fi-480 {\field{\*\fldinst HYPERLINK \\l _1975 }{\fldrslt Logging}}\tqr\tldot\tx8400\tab {\field{\*\fldinst HYPERLINK \\l _1975 }{\fldrslt {\field\flddirty{\*\fldinst PAGEREF _1975}{\fldrslt 000}}}}\hyphpar0\par\pard\li2400\sl220\fi-480 {\field{\*\fldinst HYPERLINK \\l _2012 }{\fldrslt Activity mode}}\tqr\tldot\tx8400\tab {\field{\*\fldinst HYPERLINK \\l _2012 }{\fldrslt {\field\flddirty{\*\fldinst PAGEREF _2012}{\fldrslt 000}}}}\hyphpar0\par\pard\li2400\sl220\fi-480 {\field{\*\fldinst HYPERLINK \\l _2016 }{\fldrslt Source MAC addrs in traffic monitor}}\tqr\tldot\tx8400\tab {\field{\*\fldinst HYPERLINK \\l _2016 }{\fldrslt {\field\flddirty{\*\fldinst PAGEREF _2016}{\fldrslt 000}}}}\hyphpar0\par\pard\li1920\sl220\fi-480 {\field{\*\fldinst HYPERLINK \\l ID_TIMERS}{\fldrslt Timers}}\tqr\tldot\tx8400\tab {\field{\*\fldinst HYPERLINK \\l ID_TIMERS}{\fldrslt {\field\flddirty{\*\fldinst PAGEREF ID_TIMERS}{\fldrslt 000}}}}\hyphpar0\par\pard\li2400\sl220\fi-480 {\field{\*\fldinst HYPERLINK \\l _2029 }{\fldrslt TCP Timeout}}\tqr\tldot\tx8400\tab {\field{\*\fldinst HYPERLINK \\l _2029 }{\fldrslt {\field\flddirty{\*\fldinst PAGEREF _2029}{\fldrslt 000}}}}\hyphpar0\par\pard\li2400\sl220\fi-480 {\field{\*\fldinst HYPERLINK \\l _2032 }{\fldrslt Log Interval}}\tqr\tldot\tx8400\tab {\field{\*\fldinst HYPERLINK \\l _2032 }{\fldrslt {\field\flddirty{\*\fldinst PAGEREF _2032}{\fldrslt 000}}}}\hyphpar0\par\pard\li2400\sl220\fi-480 {\field{\*\fldinst HYPERLINK \\l _2037 }{\fldrslt Screen Update Interval}}\tqr\tldot\tx8400\tab {\field{\*\fldinst HYPERLINK \\l _2037 }{\fldrslt {\field\flddirty{\*\fldinst PAGEREF _2037}{\fldrslt 000}}}}\hyphpar0\par\pard\li2400\sl220\fi-480 {\field{\*\fldinst HYPERLINK \\l _2047 }{\fldrslt TCP closed/idle persistence}}\tqr\tldot\tx8400\tab {\field{\*\fldinst HYPERLINK \\l _2047 }{\fldrslt {\field\flddirty{\*\fldinst PAGEREF _2047}{\fldrslt 000}}}}\hyphpar0\par\pard\li1920\sl220\fi-480 {\field{\*\fldinst HYPERLINK \\l ID_CUSTOMPORTS}{\fldrslt Custom Information}}\tqr\tldot\tx8400\tab {\field{\*\fldinst HYPERLINK \\l ID_CUSTOMPORTS}{\fldrslt {\field\flddirty{\*\fldinst PAGEREF ID_CUSTOMPORTS}{\fldrslt 000}}}}\hyphpar0\par\pard\li2400\sl220\fi-480 {\field{\*\fldinst HYPERLINK \\l _2060 }{\fldrslt Additional ports}}\tqr\tldot\tx8400\tab {\field{\*\fldinst HYPERLINK \\l _2060 }{\fldrslt {\field\flddirty{\*\fldinst PAGEREF _2060}{\fldrslt 000}}}}\hyphpar0\par\pard\li2400\sl220\fi-480 {\field{\*\fldinst HYPERLINK \\l _2065 }{\fldrslt Delete port/range}}\tqr\tldot\tx8400\tab {\field{\*\fldinst HYPERLINK \\l _2065 }{\fldrslt {\field\flddirty{\*\fldinst PAGEREF _2065}{\fldrslt 000}}}}\hyphpar0\par\pard\li2400\sl220\fi-480 {\field{\*\fldinst HYPERLINK \\l _2069 }{\fldrslt LAN Station Identifiers}}\tqr\tldot\tx8400\tab {\field{\*\fldinst HYPERLINK \\l _2069 }{\fldrslt {\field\flddirty{\*\fldinst PAGEREF _2069}{\fldrslt 000}}}}\hyphpar0\par\pard\sb48\li1440\sl220\fi-480 {\field{\*\fldinst HYPERLINK \\l ID_BACKOP}{\fldrslt \b 9. Background Operation}}\b \tqr\tldot\tx8400\tab {\field{\*\fldinst HYPERLINK \\l ID_BACKOP}{\fldrslt {\field\flddirty{\*\fldinst PAGEREF ID_BACKOP}{\fldrslt 000}}}}\hyphpar0\par\pard\sb48\li1440\sl220\fi-480 {\field{\*\fldinst HYPERLINK \\l ID_MESSAGES}{\fldrslt A. Messages}}\tqr\tldot\tx8400\tab {\field{\*\fldinst HYPERLINK \\l ID_MESSAGES}{\fldrslt {\field\flddirty{\*\fldinst PAGEREF ID_MESSAGES}{\fldrslt 000}}}}\hyphpar0\par\pard\sb48\li1920\sl220\fi-480 {\field{\*\fldinst HYPERLINK \\l ID_IPTRAFMESSAGES}{\fldrslt \b0 IPTraf Messages}}\b0 \tqr\tldot\tx8400\tab {\field{\*\fldinst HYPERLINK \\l ID_IPTRAFMESSAGES}{\fldrslt {\field\flddirty{\*\fldinst PAGEREF ID_IPTRAFMESSAGES}{\fldrslt 000}}}}\hyphpar0\par\pard\li1920\sl220\fi-480 {\field{\*\fldinst HYPERLINK \\l ID_RVNAMEDMESSAGES}{\fldrslt rvnamed Messages}}\tqr\tldot\tx8400\tab {\field{\*\fldinst HYPERLINK \\l ID_RVNAMEDMESSAGES}{\fldrslt {\field\flddirty{\*\fldinst PAGEREF ID_RVNAMEDMESSAGES}{\fldrslt 000}}}}\hyphpar0\par\pard\sb48\li1440\sl220\fi-480 {\field{\*\fldinst HYPERLINK \\l ID_GFDL}{\fldrslt \b B. GNU Free Documentation License}}\b \tqr\tldot\tx8400\tab {\field{\*\fldinst HYPERLINK \\l ID_GFDL}{\fldrslt {\field\flddirty{\*\fldinst PAGEREF ID_GFDL}{\fldrslt 000}}}}\hyphpar0\par\pard\sb48\li1920\sl220\fi-480 {\field{\*\fldinst HYPERLINK \\l ID_GFDL_45_0}{\fldrslt \b0 PREAMBLE}}\b0 \tqr\tldot\tx8400\tab {\field{\*\fldinst HYPERLINK \\l ID_GFDL_45_0}{\fldrslt {\field\flddirty{\*\fldinst PAGEREF ID_GFDL_45_0}{\fldrslt 000}}}}\hyphpar0\par\pard\li1920\sl220\fi-480 {\field{\*\fldinst HYPERLINK \\l ID_GFDL_45_1}{\fldrslt APPLICABILITY AND DEFINITIONS}}\tqr\tldot\tx8400\tab {\field{\*\fldinst HYPERLINK \\l ID_GFDL_45_1}{\fldrslt {\field\flddirty{\*\fldinst PAGEREF ID_GFDL_45_1}{\fldrslt 000}}}}\hyphpar0\par\pard\li1920\sl220\fi-480 {\field{\*\fldinst HYPERLINK \\l ID_GFDL_45_2}{\fldrslt VERBATIM COPYING}}\tqr\tldot\tx8400\tab {\field{\*\fldinst HYPERLINK \\l ID_GFDL_45_2}{\fldrslt {\field\flddirty{\*\fldinst PAGEREF ID_GFDL_45_2}{\fldrslt 000}}}}\hyphpar0\par\pard\li1920\sl220\fi-480 {\field{\*\fldinst HYPERLINK \\l ID_GFDL_45_3}{\fldrslt COPYING IN QUANTITY}}\tqr\tldot\tx8400\tab {\field{\*\fldinst HYPERLINK \\l ID_GFDL_45_3}{\fldrslt {\field\flddirty{\*\fldinst PAGEREF ID_GFDL_45_3}{\fldrslt 000}}}}\hyphpar0\par\pard\li1920\sl220\fi-480 {\field{\*\fldinst HYPERLINK \\l ID_GFDL_45_4}{\fldrslt MODIFICATIONS}}\tqr\tldot\tx8400\tab {\field{\*\fldinst HYPERLINK \\l ID_GFDL_45_4}{\fldrslt {\field\flddirty{\*\fldinst PAGEREF ID_GFDL_45_4}{\fldrslt 000}}}}\hyphpar0\par\pard\li1920\sl220\fi-480 {\field{\*\fldinst HYPERLINK \\l ID_GFDL_45_5}{\fldrslt COMBINING DOCUMENTS}}\tqr\tldot\tx8400\tab {\field{\*\fldinst HYPERLINK \\l ID_GFDL_45_5}{\fldrslt {\field\flddirty{\*\fldinst PAGEREF ID_GFDL_45_5}{\fldrslt 000}}}}\hyphpar0\par\pard\li1920\sl220\fi-480 {\field{\*\fldinst HYPERLINK \\l ID_GFDL_45_6}{\fldrslt COLLECTIONS OF DOCUMENTS}}\tqr\tldot\tx8400\tab {\field{\*\fldinst HYPERLINK \\l ID_GFDL_45_6}{\fldrslt {\field\flddirty{\*\fldinst PAGEREF ID_GFDL_45_6}{\fldrslt 000}}}}\hyphpar0\par\pard\li1920\sl220\fi-480 {\field{\*\fldinst HYPERLINK \\l ID_GFDL_45_7}{\fldrslt AGGREGATION WITH INDEPENDENT WORKS}}\tqr\tldot\tx8400\tab {\field{\*\fldinst HYPERLINK \\l ID_GFDL_45_7}{\fldrslt {\field\flddirty{\*\fldinst PAGEREF ID_GFDL_45_7}{\fldrslt 000}}}}\hyphpar0\par\pard\li1920\sl220\fi-480 {\field{\*\fldinst HYPERLINK \\l ID_GFDL_45_8}{\fldrslt TRANSLATION}}\tqr\tldot\tx8400\tab {\field{\*\fldinst HYPERLINK \\l ID_GFDL_45_8}{\fldrslt {\field\flddirty{\*\fldinst PAGEREF ID_GFDL_45_8}{\fldrslt 000}}}}\hyphpar0\par\pard\li1920\sl220\fi-480 {\field{\*\fldinst HYPERLINK \\l ID_GFDL_45_9}{\fldrslt TERMINATION}}\tqr\tldot\tx8400\tab {\field{\*\fldinst HYPERLINK \\l ID_GFDL_45_9}{\fldrslt {\field\flddirty{\*\fldinst PAGEREF ID_GFDL_45_9}{\fldrslt 000}}}}\hyphpar0\par\pard\li1920\sl220\fi-480 {\field{\*\fldinst HYPERLINK \\l ID_GFDL_45_10}{\fldrslt FUTURE REVISIONS OF THIS LICENSE}}\tqr\tldot\tx8400\tab {\field{\*\fldinst HYPERLINK \\l ID_GFDL_45_10}{\fldrslt {\field\flddirty{\*\fldinst PAGEREF ID_GFDL_45_10}{\fldrslt 000}}}}\hyphpar0\par\pard\li1920\sl220\fi-480 {\field{\*\fldinst HYPERLINK \\l ID_GFDL_45_11}{\fldrslt How to use this License for your documents}}\tqr\tldot\tx8400\tab {\field{\*\fldinst HYPERLINK \\l ID_GFDL_45_11}{\fldrslt {\field\flddirty{\*\fldinst PAGEREF ID_GFDL_45_11}{\fldrslt 000}}}}\hyphpar0\par\sect\sectd\plain\pgwsxn12240\pghsxn15840\marglsxn1920\margrsxn1920\margtsxn960\margbsxn480\headery0\footery0\pgnlcrm\pgnrestart\titlepg{\headerf\pard\sl-240\sb770\sa-50\plain\tqc\tx4200\tqr\tx8400 {}\tab {}\tab {}\par}{\footerf\pard\sl-240\sb-670\sa910\plain\tqc\tx4200\tqr\tx8400 {}\tab {}\tab {\i\fs20\f1 \chpgn }\par}{\headerl\pard\sl-240\sb770\sa-50\plain\tqc\tx4200\tqr\tx8400 {\i\fs20\f1 About This Document}\tab {}\tab {}\par}{\footerl\pard\sl-240\sb-670\sa910\plain\tqc\tx4200\tqr\tx8400 {\i\fs20\f1 \chpgn }\tab {}\tab {}\par}{\headerr\pard\sl-240\sb770\sa-50\plain\tqc\tx4200\tqr\tx8400 {}\tab {}\tab {\i\fs20\f1 About This Document}\par}{\footerr\pard\sl-240\sb-670\sa910\plain\tqc\tx4200\tqr\tx8400 {}\tab {}\tab {\i\fs20\f1 \chpgn }\par}\pard\sb220\s1\sl322 {\*\bkmkstart ID_PREFACE}{\*\bkmkend ID_PREFACE}\b\fs29\f2 About This Document\keepn\hyphpar0\par\pard\sb146\li960\sl220\qj \b0\fs20\lang1033\f1 This document contains the instructions on how to use the IPTraf network monitoring software version 3.0. This manual details the different statistical facilities, the user interface, and the important features of the software.\hyphpar0\par\pard\sb200\s2\sl293 {\*\bkmkstart ID_ADDINFO}{\*\bkmkend ID_ADDINFO}\b\fs26\lang1024\f2 For Additional Information\keepn\hyphpar0\par\pard\sb133\li960\sl220\qj \b0\fs20\lang1033\f1 See the included README file for summarized and late-breaking information. Also read the RELEASE-NOTES file for important new information about this new version. The CHANGES file contains a record of the changes made to the software since 1.0.0. README.rvnamed contains information on the rvnamed reverse resolution program. See the other README files for support and development information.\hyphpar0\par\pard\sb200\s2\sl293 {\*\bkmkstart ID_CONVENTIONS}{\*\bkmkend ID_CONVENTIONS}\b\fs26\lang1024\f2 Document Conventions\keepn\hyphpar0\par\pard\sb133\li960\sl220\qj \b0\fs20\lang1033\f1 The following symbols and typefaces are used throughout this manual:\hyphpar0\par\pard\sb200\li960\sl220\qj \fs18\lang1024\f3 [ ]\keepn\hyphpar0\par\pard\sb100\li1360\sl220\fi-400\qj \tx1360 \fs20\f1 \~\tab items in brackets are optional. Brackets also denote items that may or may not be displayed onscreen depending on settings or conditions.\hyphpar0\par\pard\sb200\li960\sl220\qj \fs18\f3 \{ \}\keepn\hyphpar0\par\pard\sb100\li1360\sl220\fi-400\qj \tx1360 \fs20\f1 \~\tab curly braces enclose items you choose from\hyphpar0\par\pard\sb200\li960\sl220\qj \fs18\f3 |\keepn\hyphpar0\par\pard\sb100\li1360\sl220\fi-400\qj \tx1360 \fs20\f1 \~\tab the vertical bar separates choices in curly braces\hyphpar0\par\pard\sb200\li960\sl220\qj \fs18\f3 normal monospace\keepn\hyphpar0\par\pard\sb100\li1360\sl220\fi-400\qj \tx1360 \fs20\f1 \~\tab normal monospace text in syntax specifications should be typed in exactly as presented. Because UNIX and variants are case-sensitive, case must be preserved. Monospace is also used in presenting items that appear on the screen.\hyphpar0\par\pard\sb200\li960\sl220\qj \i\fs18\f3 monospace italics\keepn\hyphpar0\par\pard\sb100\li1360\sl220\fi-400\qj \tx1360 \i0\fs20\f1 \~\tab italics in syntax specifications indicate items that are to be replaced with an actual item (e.g. \i\f3 interface\i0\f1 should be replaced with an actual interface name, like \fs18\f3 eth0\fs20\f1 ). \hyphpar0\par\pard\sb100\li960\sl220\qj \lang1033 Additional information appears distinctively set apart from the main text. This information includes Notes, Tips, or Technical Notes.\hyphpar0\par\pard\sb100\li960\sl220\qj \i Notes\i0 are additional pieces of information that may be useful or may clarify the preceeding paragraphs of the manual.\hyphpar0\par\pard\sb100\li960\sl220\qj \i Tips\i0 provide shortcuts, clarify tasks that may not be immediately obvious, or provide references to additional sources of information.\hyphpar0\par\pard\sb100\li960\sl220\qj \i Technical notes\i0 are explanations of a more technical nature and may be of more use to programmers and advanced users.\hyphpar0\par\sect\sectd\plain\pgwsxn12240\pghsxn15840\marglsxn1920\margrsxn1920\margtsxn960\margbsxn480\headery0\footery0\pgndec\pgnrestart\titlepg{\headerf\pard\sl-240\sb770\sa-50\plain\tqc\tx4200\tqr\tx8400 {}\tab {}\tab {}\par}{\footerf\pard\sl-240\sb-670\sa910\plain\tqc\tx4200\tqr\tx8400 {}\tab {}\tab {\i\fs20\f1 \chpgn }\par}{\headerl\pard\sl-240\sb770\sa-50\plain\tqc\tx4200\tqr\tx8400 {\i\fs20\f1 Chapter 1. Getting Started}\tab {}\tab {}\par}{\footerl\pard\sl-240\sb-670\sa910\plain\tqc\tx4200\tqr\tx8400 {\i\fs20\f1 \chpgn }\tab {}\tab {}\par}{\headerr\pard\sl-240\sb770\sa-50\plain\tqc\tx4200\tqr\tx8400 {}\tab {}\tab {\i\fs20\f1 Chapter 1. Getting Started}\par}{\footerr\pard\sl-240\sb-670\sa910\plain\tqc\tx4200\tqr\tx8400 {}\tab {}\tab {\i\fs20\f1 \chpgn }\par}\pard\sb220\s1\sl322 {\*\bkmkstart ID_GETTINGSTARTED}{\*\bkmkend ID_GETTINGSTARTED}\b\fs29\f2 Chapter 1. Getting Started\keepn\hyphpar0\par\pard\sb200\s2\sl293 {\*\bkmkstart _65}{\*\bkmkend _65}\fs26 About IPTraf\keepn\hyphpar0\par\pard\sb133\li960\sl220\qj \b0\fs20\lang1033\f1 IPTraf is a network monitoring utility and traffic analyzer for IP networks. It intercepts packets and returns data about captured the network traffic in various statistical facilities.\hyphpar0\par\pard\sb100\li960\sl220\qj IPTraf comes with these major features:\hyphpar0\par\pard\sb100\li1160\sl220\fi-200\qj \tx1160 \fs16\lang1024 \'95\tab \fs20 An IP traffic monitor that shows TCP connection information (hosts, packet/byte counts, flags, window sizes), and color-coded information about other IP packets\hyphpar0\par\pard\li1160\sl220\fi-200\qj \tx1160 \fs16 \'95\tab \fs20 Statistics (counts and load rates) for network interfaces in general and detailed views\hyphpar0\par\pard\li1160\sl220\fi-200\qj \tx1160 \fs16 \'95\tab \fs20 Statistics per TCP/UDP port\hyphpar0\par\pard\li1160\sl220\fi-200\qj \tx1160 \fs16 \'95\tab \fs20 Statistical breakdown according to packet sizes\hyphpar0\par\pard\li1160\sl220\fi-200\qj \tx1160 \fs16 \'95\tab \fs20 A LAN host monitor that returns counts and loads per detected MAC address\hyphpar0\par\pard\li1160\sl220\fi-200\qj \tx1160 \fs16 \'95\tab \fs20 A powerful filtering system for users to view only interesting traffic\hyphpar0\par\pard\li1160\sl220\fi-200\qj \tx1160 \fs16 \'95\tab \fs20 Logging\hyphpar0\par\pard\li1160\sl220\fi-200\qj \tx1160 \fs16 \'95\tab \fs20 An asynchronous DNS resolver for the IP traffic monitor\hyphpar0\par\pard\li1160\sl220\fi-200\qj \tx1160 \fs16 \'95\tab \fs20 A text-based, full-color, menu-driven user interface suitable for use on all Linux systems with terminals, especially Linux consoles and color xterms\hyphpar0\par\pard\li1160\sl220\fi-200\qj \tx1160 \fs16 \'95\tab \fs20 Easy configuration\hyphpar0\par\pard\li1160\sl220\fi-200\qj \tx1160 \fs16 \'95\tab \fs20 Fully software-based. No additional hardware required\hyphpar0\par\pard\sb100\li960\sl220\qj \lang1033 Basic knowledge of the important TCP/IP protocols (IP, TCP, UDP, ICMP, etc.) is necessary for you to best understand the information generated by the program.\hyphpar0\par\pard\sb200\s2\sl293 {\*\bkmkstart ID_INSTALLATION}{\*\bkmkend ID_INSTALLATION}\b\fs26\lang1024\f2 Installation\keepn\hyphpar0\par\pard\sb133\li960\sl220\qj \b0\fs20\lang1033\f1 IPTraf is most readily available on the Internet, but some may receive it on a diskette. Here are the instructions for both types of distributions.\hyphpar0\par\pard\sb200\s3\sl266 {\*\bkmkstart _96}{\*\bkmkend _96}\b\fs24\lang1024\f2 System Requirements\keepn\hyphpar0\par\pard\sb121\li960\sl220\qj \b0\fs20\lang1033\f1 IPTraf requires:\hyphpar0\par\pard\sb200\s4\li960\sl242 \b\fs22\lang1024\f2 Hardware Requirements\keepn\hyphpar0\par\pard\sb110\li1160\sl220\fi-200\qj \tx1160 \b0\fs16\f1 \'95\tab \fs20 16 megabytes of physical RAM (more recommended, at least 64 MB for very busy networks)\hyphpar0\par\pard\li1160\sl220\fi-200\qj \tx1160 \fs16 \'95\tab \fs20 2 megabytes of free disk space for installation (more will be needed if you log high amounts of traffic over time)\hyphpar0\par\pard\li1160\sl220\fi-200\qj \tx1160 \fs16 \'95\tab \fs20 Pentium-class processor or higher (Pentium-II 200 MHz or higher recommended) or equivalent.\hyphpar0\par\pard\li1160\sl220\fi-200\qj \tx1160 \fs16 \'95\tab \fs20 One or more of the supported network interfaces.\hyphpar0\par\pard\sb200\s4\li960\sl242 \b\fs22\f2 Operating System Requirements\keepn\hyphpar0\par\pard\sb110\li1160\sl220\fi-200\qj \tx1160 \b0\fs16\f1 \'95\tab \fs20 Linux kernel 2.2.0 or higher\hyphpar0\par\pard\li1160\sl220\fi-200\qj \tx1160 \fs16 \'95\tab \fs20 GNU C Library 2.1 or later\hyphpar0\par\pard\li1160\sl220\fi-200\qj \tx1160 \fs16 \'95\tab \fs20 ncurses 4.2 or later with the complete terminfo database in \fs18\f3 /usr/share/terminfo\fs20\f1 . Support for \fs18\f3 linux\fs20\f1 , \fs18\f3 vt100\fs20\f1 , \fs18\f3 xterm\fs20\f1 , \fs18\f3 xterm-color\fs20\f1 recommended. \hyphpar0\par\pard\sb200\s4\li960\sl242 \b\fs22\f2 Compilation Requirements\keepn\hyphpar0\par\pard\sb110\li960\sl220\qj \b0\fs20\lang1033\f1 The following components are required when compiling IPTraf from the source code.\hyphpar0\par\pard\sb100\li1160\sl220\fi-200\qj \tx1160 \fs16\lang1024 \'95\tab \fs20 gcc 2.7.2.3 or later\hyphpar0\par\pard\li1160\sl220\fi-200\qj \tx1160 \fs16 \'95\tab \fs20 GNU C (glibc) development library 2.1 or later\hyphpar0\par\pard\li1160\sl220\fi-200\qj \tx1160 \fs16 \'95\tab \fs20 ncurses development libraries 4.2 or later\hyphpar0\par\pard\sb200\s3\sl266 {\*\bkmkstart _134}{\*\bkmkend _134}\b\fs24\f2 Availability\keepn\hyphpar0\par\pard\sb121\li960\sl220\qj \b0\fs20\lang1033\f1 IPTraf can be downloaded from the Internet from the official FTP site at ftp://iptraf.seul.org/pub/iptraf/\up8\fs12 1\up0\fs20 .\hyphpar0\par\pard\sb100\li960\sl220\qj The software is available in source form in compressed \fs18\f3 .tar.gz\fs20\f1 files named \fs18\f3 iptraf-\i x.y.z\i0 .tar.gz\fs20\f1 where \i\fs18\f3 x.y.z\i0\fs20\f1 is the version number. Precompiled ready-to-run software is available in the \fs18\f3 iptraf-\i x.y.z.machinetype\i0 .bin.tar.gz\fs20\f1 files. (\i\fs18\f3 machinetype\i0\fs20\f1 indicates what platform the precompiled binaries run on. The official distribution will only be for the Intel x86 architecture indicated as \fs18\f3 i386\fs20\f1 .)\hyphpar0\par\pard\sb200\s3\sl266 {\*\bkmkstart _149}{\*\bkmkend _149}\b\fs24\lang1024\f2 Installing Downloaded Packages\keepn\hyphpar0\par\pard\sb121\li960\sl220\qj \b0\fs20\lang1033\f1 You will need to have GNU tar and GNU zip installed. All modern Linux installations already have these utilities ready.\hyphpar0\par\pard\sb100\li1440\sl220\fi-480\qj \tqr\tx1390\tx1440\tab \lang1024 1.\tab Decompress the \fs18\f3 .tar.gz\fs20\f1 file by entering\hyphpar0\par\pard\sb100\li1440\sl198\qj \fs18\f3 tar zxvf iptraf-\i x.y.z\i0 .tar.gz\hyphpar0\par\pard\sb100\li1440\sl220\qj \fs20\lang1033\f1 for the source code or\hyphpar0\par\pard\sb100\li1440\sl198\qj \fs18\lang1024\f3 tar zxvf iptraf-\i x.y.z\i0 .i386.bin.tar.gz\hyphpar0\par\pard\sb100\li1440\sl220\qj \fs20\lang1033\f1 for the precompiled x86 programs.\hyphpar0\par\pard\sb100\li1440\sl220\qj If your tar doesn't support the z option, you can separately decompress the \fs18\f3 .tar.gz\fs20\f1 file then extract the resulting \fs18\f3 .tar\fs20\f1 archive.\hyphpar0\par\pard\sb100\li1440\sl198\qj \fs18\lang1024\f3 gunzip iptraf-\i x.y.z\i0 .tar.gz\sa0\par\fi0\sb0 tar xvf iptraf-\i x.y.z\i0 .tar\hyphpar0\par\pard\sb100\li1440\sl220\qj \fs20\lang1033\f1 This will decompress the sources into a directory called \fs18\f3 iptraf-\i x.y.z\i0\fs20\f1 (source code) or \fs18\f3 iptraf-\i x.y.z\i0 .bin\fs20\f1 (precompiled). (\i\f3 x.y.z\i0\f1 here should be the IPTraf version number you're installing, like \fs18\f3 3.0.0\fs20\f1 ).\hyphpar0\par\pard\sb100\li1440\sl220\fi-480\qj \tqr\tx1390\tx1440\tab \lang1024 2.\tab Change to the created top level directory.\hyphpar0\par\pard\sb100\li1440\sl220\fi-480\qj \tqr\tx1390\tx1440\tab 3.\tab To compile and install the software, run the Setup program by entering\hyphpar0\par\pard\sb100\li1440\sl198\qj \fs18\f3 ./Setup\hyphpar0\par\pard\sb100\li1440\sl220\qj \fs20\lang1033\f1 while you are logged in as root. The Setup script will recognize the source distribution and compile the software before installing. It will immediately install a precompiled distribution.\hyphpar0\par\pard\sb100\li960\sl220\qj The resulting binaries will be placed in the \fs18\f3 /usr/local/bin\fs20\f1 directory. All needed directories will also be created.\hyphpar0\par\pard\sb100\li960\sl220\qj After installation, you will be asked if you want to read the \fs18\f3 RELEASE-NOTES\fs20\f1 file. It is recommended that you do so at that point, since the \fs18\f3 RELEASE-NOTES\fs20\f1 file contains important information about the new version.\hyphpar0\par\pard\sb200\s3\sl266 {\*\bkmkstart _186}{\*\bkmkend _186}\b\fs24\lang1024\f2 Installing a Floppy Distribution\keepn\hyphpar0\par\pard\sb121\li960\sl220\qj \b0\fs20\lang1033\f1 If you received IPTraf on a diskette, the sources are already decompressed. The diskette is in Second Extended filesystem format. Perform the following steps to install the software. \hyphpar0\par\pard\sb100\li1440\sl220\fi-480\qj \tqr\tx1390\tx1440\tab \lang1024 1.\tab Insert the floppy in the drive.\hyphpar0\par\pard\sb100\li1440\sl220\fi-480\qj \tqr\tx1390\tx1440\tab 2.\tab Mount the floppy on an empty directory. For example, to mount the floppy in the first floppy drive under a directory called \fs18\f3 /mnt\fs20\f1 , enter\hyphpar0\par\pard\sb100\li1440\sl198\qj \fs18\f3 mount -t ext2 /dev/fd0 /mnt\hyphpar0\par\pard\sb100\li1440\sl220\qj \fs20\lang1033\f1 This assumes your floppy is in \fs18\f3 /dev/fd0\fs20\f1 . You can use any empty directory in place of \fs18\f3 /mnt\fs20\f1 . With most Linux installations, this will work fine.\hyphpar0\par\pard\sb100\li1440\sl220\fi-480\qj \tqr\tx1390\tx1440\tab \lang1024 3.\tab After mounting, change to the \fs18\f3 /mnt\fs20\f1 (or whatever) directory.\hyphpar0\par\pard\sb100\li1440\sl220\fi-480\qj \tqr\tx1390\tx1440\tab 4.\tab Enter\hyphpar0\par\pard\sb100\li1440\sl198\qj \fs18\f3 ./Setup\hyphpar0\par\pard\sb100\li1440\sl220\qj \fs20\lang1033\f1 while logged in as root. Setup will determine whether the diskette contains a source code distribution or ready-to-run precompiled software. This will copy the binaries to \fs18\f3 /usr/local/bin\fs20\f1 , and create the necessary working directories.\hyphpar0\par\pard\sb100\li1440\sl220\fi-480\qj \tqr\tx1390\tx1440\tab \lang1024 5.\tab Unmount the diskette by typing\hyphpar0\par\pard\sb100\li1440\sl198\qj \fs18\f3 umount /mnt\hyphpar0\par\pard\sb100\li1440\sl220\qj \fs20\lang1033\f1 (That's \i u\i0 mount, not \i un\i0 mount.)\hyphpar0\par\pard\sb100\li1440\sl220\qj You can then eject the diskette. Store it in a safe place.\hyphpar0\par\pard\sb100\li1440\sl220\qj You will also be asked if you want to view the \fs18\f3 RELEASE-NOTES\fs20\f1 file. It is recommended that you do so at that point.\hyphpar0\par\pard\sb100\li1440\sl220\qj In both cases (downloaded and floppy), the installation will store the program in \fs18\f3 /usr/local/bin\fs20\f1 with the binaries owned by user root, readable, writable, and executable by the owner, no permissions for the group, no permissions for all others. (700 octal, or \fs18\f3 -rwx------\fs20\f1 ).\hyphpar0\par\pard\sb200\li1840\sl198\qj \b\fs18\lang1024\f2 Note: \b0\f4 You must be \fs16\f3 root\fs18\f4 to do the installation. The old style of installation (\b cd src;make install\b0 ) is still supported.\hyphpar0\par\pard\sb200\li960\sl220\qj \fs20\lang1033\f1 Be sure \fs18\f3 /usr/local/bin\fs20\f1 is included in your environment's PATH variable. You can edit the appropriate command in your login customization file (\fs18\f3 .profile\fs20\f1 for the Bourne-type shells, \fs18\f3 .cshrc\fs20\f1 for the C shell and its relatives).\hyphpar0\par\pard\sb200\s2\sl293 {\*\bkmkstart ID_UPGRADING}{\*\bkmkend ID_UPGRADING}\b\fs26\lang1024\f2 Upgrading from Earlier Versions\keepn\hyphpar0\par\pard\sb133\li960\sl220\qj \b0\fs20\lang1033\f1 IPTraf 3.0 is a major revision from IPTraf 2.7. The filter subsystem has been completely redesigned and as such, is incompatible with previous filter formats. Therefore old IPTraf filters can no longer be used. The installation procedure for IPTraf 3.0 will rename the filter list files but not delete them.\hyphpar0\par\pard\sb100\li960\sl220\qj If you install a distribution package (e.g. RPM, dpkg), old filters may still appear in the filter selection list but the new IPTraf version will be unable to load them.\hyphpar0\par\pard\sb200\s2\sl293 {\*\bkmkstart ID_STARTSTOP}{\*\bkmkend ID_STARTSTOP}\b\fs26\lang1024\f2 Starting and Stopping IPTraf\keepn\hyphpar0\par\pard\sb133\li960\sl220\qj \b0\fs20\lang1033\f1 After installation, you can start the program by simply entering\hyphpar0\par\pard\sb200\li960\sl198\qj \fs18\lang1024\f3 iptraf\hyphpar0\par\pard\sb200\li960\sl220\qj \fs20\lang1033\f1 at the shell prompt. You will see a copyright notice, with an instruction to press any key to get started. Just press any character key, and you will be immediately taken to the main menu. All major functions of the program are found there.\hyphpar0\par\pard\sb100\li960\sl220\qj Entering the IPTraf command without any command-line parameters brings up the program's main menu. From there, you can select the facilities you want.\hyphpar0\par\pard\sb100\li960\sl220\qj IPTraf determines and makes use of the maximum number of lines and columns on the terminal.\hyphpar0\par\pard\sb200\li1360\sl198\qj \b\fs18\lang1024\f2 Note: \b0\f4 IPTraf does not have a SIGWINCH handler; it does not adjust itself when an xterm or some other X terminal is resized.\hyphpar0\par\pard\sb200\li1360\sl198\qj \b\f2 Technical note: \b0\f4 IPTraf needs to refer to the terminfo database in \fs16\f3 /usr/share/terminfo\fs18\f4 . If the supplied executable program fails with \fs16\f3 Error opening terminal\fs18\f4 , your terminfo database may be located somewhere else. You can control the terminfo search path by using the TERMINFO environment variable. For example, if you're using the \b sh\b0 or \b bash\b0 shell, and your terminfo database is in \fs16\f3 /usr/lib/terminfo\fs18\f4 (typical for Slackware distributions), you can use the commands:\hyphpar0\par\pard\sb200\li1360\sl178\qj \fs16\f3 TERMINFO=/usr/lib/terminfo\sa0\par\fi0\sb0 export TERMINFO\hyphpar0\par\pard\sb200\li1360\sl198\qj \fs18\f4 You can place these commands in your \fs16\f3 ~/.profile\fs18\f4 or the systemwide \fs16\f3 /etc/profile\fs18\f4 startup files.\hyphpar0\par\pard\sb100\li1360\sl198\qj You can also create a symbolic link named \fs16\f3 /usr/share/terminfo\fs18\f4 to let it point to your existing terminfo (assuming again your terminfo is in \fs16\f3 /usr/lib/terminfo\fs18\f4 ):\hyphpar0\par\pard\sb200\li1360\sl178\qj \fs16\f3 ln -s /usr/lib/terminfo /usr/share/terminfo\hyphpar0\par\pard\sb200\li1360\sl198\qj \fs18\f4 Or you can recompile your program to use your existing ncurses library installation. If you do this, make sure you have ncurses 4.2 or later.\hyphpar0\par\pard\sb200\s2\sl293 {\*\bkmkstart ID_CMDLINE}{\*\bkmkend ID_CMDLINE}\b\fs26\f2 Command-line Options\keepn\hyphpar0\par\pard\sb133\li960\sl220\qj \b0\fs20\lang1033\f1 IPTraf has a few optional command-line parameters. As with most UNIX commands, IPTraf command-line parameters are case-sensitive (\fs18\f3 -l\fs20\f1 is NOT the same as \fs18\f3 -L\fs20\f1 ).\hyphpar0\par\pard\sb100\li960\sl220\qj The following command-line parameters can be supplied to the \b iptraf\b0 command:\hyphpar0\par\pard\sb200\li960\sl220\qj \fs18\lang1024\f3 -i \i iface\keepn\hyphpar0\par\pard\sb100\li1360\sl220\fi-400\qj \tx1360 \i0\fs20\f1 \~\tab causes the IP traffic monitor to start immediately on the specified interface. If -i all is specified, all interfaces are monitored.\hyphpar0\par\pard\sb200\li960\sl220\qj \fs18\f3 -g\keepn\hyphpar0\par\pard\sb100\li1360\sl220\fi-400\qj \tx1360 \fs20\f1 \~\tab starts the general interface statistics\hyphpar0\par\pard\sb200\li960\sl220\qj \fs18\f3 -d \i iface\keepn\hyphpar0\par\pard\sb100\li1360\sl220\fi-400\qj \tx1360 \i0\fs20\f1 \~\tab shows detailed statistics for the specified interface\hyphpar0\par\pard\sb200\li960\sl220\qj \fs18\f3 -s \i iface\keepn\hyphpar0\par\pard\sb100\li1360\sl220\fi-400\qj \tx1360 \i0\fs20\f1 \~\tab starts the TCP/UDP traffic monitor for the specified interface\hyphpar0\par\pard\sb200\li960\sl220\qj \fs18\f3 -z \i iface\keepn\hyphpar0\par\pard\sb100\li1360\sl220\fi-400\qj \tx1360 \i0\fs20\f1 \~\tab starts the packet size breakdown for the specified interface\hyphpar0\par\pard\sb200\li960\sl220\qj \fs18\f3 -l \i iface\keepn\hyphpar0\par\pard\sb100\li1360\sl220\fi-400\qj \tx1360 \i0\fs20\f1 \~\tab starts the LAN station monitor on the specified interface. If \fs18\f3 -l all\fs20\f1 is specified, all LAN interfaces are monitored.\hyphpar0\par\pard\sb200\li960\sl220\qj \fs18\f3 -t \i timeout\keepn\hyphpar0\par\pard\sb100\li1360\sl220\fi-400\qj \tx1360 \i0\fs20\f1 \~\tab The \fs18\f3 -t\fs20\f1 parameter, when used with one of the other parameters that specify a facility to start, tells IPTraf to run the indicated facility for only timeout minutes, after which the facility exits. The \fs18\f3 -t\fs20\f1 parameter is ignored in menu mode.\hyphpar0\par\pard\sb100\li1360\sl220\qj \lang1033 If this parameter is not specified, the facility runs until the exit keystroke is pressed.\hyphpar0\par\pard\sb200\li960\sl220\qj \fs18\lang1024\f3 -B\keepn\hyphpar0\par\pard\sb100\li1360\sl220\fi-400\qj \tx1360 \fs20\f1 \~\tab Redirects all terminal output to the "bit bucket" \fs18\f3 /dev/null\fs20\f1 , closes standard input, and places the program in the background. This parameter can be used only with one of the \fs18\f3 -i\fs20\f1 , \fs18\f3 -g\fs20\f1 , \fs18\f3 -d\fs20\f1 , \fs18\f3 -s\fs20\f1 , \fs18\f3 -z\fs20\f1 , or \fs18\f3 -l\fs20\f1 parameters. See {\field{\*\fldinst HYPERLINK \\l ID_BACKOP}{\fldrslt Background Operation}} in Chapter 9. \fs18\f3 -B\fs20\f1 is ignored in menu mode.\hyphpar0\par\pard\sb200\li960\sl220\qj \fs18\f3 -L \i filename\keepn\hyphpar0\par\pard\sb100\li1360\sl220\fi-400\qj \tx1360 \i0\fs20\f1 \~\tab Allows you to specify an alternate log file name when the any facility is directly started from the command line, whether in foreground or background mode. If specified in foreground mode, the log filename prompt is bypassed, even when logging is turned on in the \i Configure...\i0 menu. If this parameter is omitted in background mode, the default log filename is used.\hyphpar0\par\pard\sb100\li1360\sl220\qj \lang1033 This parameter always turns on logging.\hyphpar0\par\pard\sb100\li1360\sl220\qj If an absolute path is not specified, the log file will be created in the default log file directory\hyphpar0\par\pard\sb200\li960\sl220\qj \fs18\lang1024\f3 -I \i interval\keepn\hyphpar0\par\pard\sb100\li1360\sl220\fi-400\qj \tx1360 \i0\fs20\f1 \~\tab Sets the logging interval (in minutes) when the \fs18\f3 -L\fs20\f1 parameter is used. This overrides the \i Log interval...\i0 setting in the \i Configure...\i0 menu. If omitted, the configured value is used. This parameter is ignored when the \fs18\f3 -L\fs20\f1 parameter is omitted and logging is disabled.\hyphpar0\par\pard\sb100\li1360\sl220\qj \lang1033 The value specified here will affect all facilities except for the IP traffic monitor.\hyphpar0\par\pard\sb200\li960\sl220\qj \fs18\lang1024\f3 -q\keepn\hyphpar0\par\pard\sb100\li1360\sl220\fi-400\qj \tx1360 \fs20\f1 \~\tab Previously used to suppress the warning screen when IPTraf is run on kernels with IP masquerading. Since the masquerading code now processes packets in a way better suited to raw capture, this parameter is no longer needed and is retained only for compatibility.\hyphpar0\par\pard\sb200\li960\sl220\qj \fs18\f3 -f\keepn\hyphpar0\par\pard\sb100\li1360\sl220\fi-400\qj \tx1360 \fs20\f1 \~\tab Forces IPTraf to clear all lock files and reset all instance counters to zero before running any facilities. IPTraf will then think it's the first instance of itself.\hyphpar0\par\pard\sb100\li1360\sl220\qj \lang1033 The \fs18\f3 -f\fs20\f1 parameter overrides the existing locks and counters imposed by the IPTraf process and by the various facilities, causing this instance to think it is the first and that there are no other facilities running. Use this parameter with great caution. A common use for this parameter is to recover from abrupt or abnormal terminations which may leave stale locks and counters still lying around.\hyphpar0\par\pard\sb100\li1360\sl220\qj The \fs18\f3 -f\fs20\f1 parameter may be used together with the others.\hyphpar0\par\pard\sb200\li960\sl220\qj \fs18\lang1024\f3 iptraf -h\keepn\hyphpar0\par\pard\sb100\li1360\sl220\fi-400\qj \tx1360 \fs20\f1 \~\tab displays a short help screen\hyphpar0\par\pard\sb100\li960\sl220\qj \lang1033 While the command-line options are case-sensitive, interactive keystroke at the IPTraf full-screen interface are not.\hyphpar0\par\pard\sb200\s2\sl293 {\*\bkmkstart ID_MENUS}{\*\bkmkend ID_MENUS}\b\fs26\lang1024\f2 Using the Menus\keepn\hyphpar0\par\pard\sb133\li960\sl220\qj \b0\fs20\lang1033\f1 Menu items with a trailing ellipsis (\fs18\f3 ...\fs20\f1 ) either pop up a submenu with further items, or require additional information before it can complete the task and return to the menu. Menu items without an ellipsis execute immediately.\hyphpar0\par\pard\sb100\li960\sl220\qj Use the Up and Down arrow keys on your keyboard to move the selection bar. Press Enter to execute the selected item. Alternatively, you can also directly press the highlighted letter of the item you want. This will immediately execute the option.\hyphpar0\par\pard\sb200\li960{\field\flddirty{\*\fldinst INCLUDEPICTURE "iptraf-mmenu.eps" }{\fldrslt }}\keepn\par\pard\sb200\li960\sl220\qj \b\lang1024 Figure 1-1. The IPTraf Main Menu\hyphpar0\par\pard\sb200\s2\sl293 {\*\bkmkstart ID_EXITING}{\*\bkmkend ID_EXITING}\fs26\f2 Exiting IPTraf\keepn\hyphpar0\par\pard\sb133\li960\sl220\qj \b0\fs20\lang1033\f1 You can exit IPTraf with the Exit command in the main menu.\hyphpar0\par\pard\sb100\li960\sl220\qj When started with one of the command-line options to directly start a statistical facility, pressing X or Q will exit the facility directly, without any confirmation. The \fs18\f3 -t\fs20\f1 command-line parameter will automatically exit the facility after the specified length of time without any confirmation as well. Daemon facilities started with the \fs18\f3 -B\fs20\f1 parameter will immediately terminate after being sent a USR2 signal. See {\field{\*\fldinst HYPERLINK \\l ID_BACKOP}{\fldrslt background operation}} in chapter 9 for more information.\hyphpar0\par\pard\sb200\sl293 \b\fs26\lang1024\f2 Notes\keepn\hyphpar0\par\pard\sb133\li1280\sl220\fi-320\qj \tx1280 \b0\fs20\f1 1. \tab ftp://iptraf.seul.org/pub/iptraf/\hyphpar0\par\sect\sectd\plain\pgwsxn12240\pghsxn15840\marglsxn1920\margrsxn1920\margtsxn960\margbsxn480\headery0\footery0\pgndec\titlepg{\headerf\pard\sl-240\sb770\sa-50\plain\tqc\tx4200\tqr\tx8400 {}\tab {}\tab {}\par}{\footerf\pard\sl-240\sb-670\sa910\plain\tqc\tx4200\tqr\tx8400 {}\tab {}\tab {\i\fs20\f1 \chpgn }\par}{\headerl\pard\sl-240\sb770\sa-50\plain\tqc\tx4200\tqr\tx8400 {\i\fs20\f1 Chapter 2. Preparing to Use IPTraf}\tab {}\tab {}\par}{\footerl\pard\sl-240\sb-670\sa910\plain\tqc\tx4200\tqr\tx8400 {\i\fs20\f1 \chpgn }\tab {}\tab {}\par}{\headerr\pard\sl-240\sb770\sa-50\plain\tqc\tx4200\tqr\tx8400 {}\tab {}\tab {\i\fs20\f1 Chapter 2. Preparing to Use IPTraf}\par}{\footerr\pard\sl-240\sb-670\sa910\plain\tqc\tx4200\tqr\tx8400 {}\tab {}\tab {\i\fs20\f1 \chpgn }\par}\pard\sb220\s1\sl322 {\*\bkmkstart ID_PREPARINGTOUSE}{\*\bkmkend ID_PREPARINGTOUSE}\b\fs29\f2 Chapter 2. Preparing to Use IPTraf\keepn\hyphpar0\par\pard\sb146\li960\sl220\qj \b0\fs20\lang1033\f1 This chapter provides information applicable to all of IPTraf's statistical monitors.\hyphpar0\par\pard\sb200\s2\sl293 {\*\bkmkstart ID_NUMBERS}{\*\bkmkend ID_NUMBERS}\b\fs26\lang1024\f2 Number Display Notations\keepn\hyphpar0\par\pard\sb133\li960\sl220\qj \b0\fs20\lang1033\f1 IPTraf initially returns exact counts of bytes and packets. However, as they grow larger, IPTraf begins displaying them in increasingly higher denominations.\hyphpar0\par\pard\sb100\li960\sl220\qj A number standing alone with no suffix represents an exact count. A number with a K following is a kilo (thousand) figure. An M, G, and T suffix represents mega (million), giga (billion), and tera (trillion) respectively. The following table shows examples.\hyphpar0\par\pard\sb200\li960\sl220\qj \b\lang1024 Table 2-1. Numeric Display Notations\sa100\keepn\par\trowd\trleft960 \clvertalt\clbrdrt\brdrs\brdrw20\clbrdrl\brdrs\brdrw20\cellx4680\clvertalt\clbrdrt\brdrs\brdrw20\clbrdrr\brdrs\brdrw20\cellx8400 \plain \pard\intbl\sb60\li40\ri100\sl220 \fs20\f1 1024067\sa60\cell \plain \pard\intbl\sb60\li40\ri100\sl220 \fs20\f1 exactly 1024067\sa60\cell \row \trowd\trleft960 \clvertalt\clbrdrl\brdrs\brdrw20\cellx4680\clvertalt\clbrdrr\brdrs\brdrw20\cellx8400 \plain \pard\intbl\sb60\li40\ri100\sl220 \fs20\f1 1024K\sa60\cell \plain \pard\intbl\sb60\li40\ri100\sl220 \fs20\f1 approximately 1024000\sa60\cell \row \trowd\trleft960 \clvertalt\clbrdrl\brdrs\brdrw20\cellx4680\clvertalt\clbrdrr\brdrs\brdrw20\cellx8400 \plain \pard\intbl\sb60\li40\ri100\sl220 \fs20\f1 1024M\sa60\cell \plain \pard\intbl\sb60\li40\ri100\sl220 \fs20\f1 approximately 1024000000\sa60\cell \row \trowd\trleft960 \clvertalt\clbrdrl\brdrs\brdrw20\cellx4680\clvertalt\clbrdrr\brdrs\brdrw20\cellx8400 \plain \pard\intbl\sb60\li40\ri100\sl220 \fs20\f1 1024G\sa60\cell \plain \pard\intbl\sb60\li40\ri100\sl220 \fs20\f1 approximately 1024000000000\sa60\cell \row \trowd\trleft960 \clvertalt\clbrdrb\brdrs\brdrw20\clbrdrl\brdrs\brdrw20\cellx4680\clvertalt\clbrdrb\brdrs\brdrw20\clbrdrr\brdrs\brdrw20\cellx8400 \plain \pard\intbl\sb60\li40\ri100\sl220 \fs20\f1 1024T\sa60\cell \plain \pard\intbl\sb60\li40\ri100\sl220 \fs20\f1 approximately 1024000000000000\sa60\cell \row \pard\plain\sl-1\hyphpar0\par\pard\sb200\li960\sl220\qj \fs20\lang1033\f1 These notations apply to both packet and byte counts.\hyphpar0\par\pard\sb200\s2\sl293 {\*\bkmkstart ID_INSTANCES}{\*\bkmkend ID_INSTANCES}\b\fs26\lang1024\f2 Instances and Logging\keepn\hyphpar0\par\pard\sb133\li960\sl220\qj \b0\fs20\lang1033\f1 Since version 2.4, IPTraf allows multiple instances of the facilities at the same time in different processes (for example, you can now run two or more IP Traffic Monitors at the same time). However only one can listen on a specific interface or all interfaces at once. The only exception is the general interface statistics, which is still restricted to only one instance at a time.\hyphpar0\par\pard\sb100\li960\sl220\qj Because of this relaxation, each instance now generates log files with unique names for instances, depending on either their instance or the interface they're listening on. If the \i Logging\i0 option is turned on (see the {\field{\*\fldinst HYPERLINK \\l ID_CONFIG}{\fldrslt Configuration}} chapter), IPTraf will prompt you for a log file name while presenting a default. You may accept this default or change it. Press Enter to accept, or Ctrl+X to cancel. Canceling will turn logging off for that particular session.\hyphpar0\par\pard\sb100\li960\sl220\qj If you don't specify an absolute path, the log file will be placed in \fs18\f3 /var/log/iptraf\fs20\f1 .\hyphpar0\par\pard\sb200\li960{\field\flddirty{\*\fldinst INCLUDEPICTURE "iptraf-logprompt.eps" }{\fldrslt }}\keepn\par\pard\sb200\li960\sl220\qj \b\lang1024 Figure 2-1. The logfile prompt dialog\hyphpar0\par\pard\sb200\li960\sl220\qj \b0\lang1033 See the Logging section in the {\field{\*\fldinst HYPERLINK \\l ID_CONFIG}{\fldrslt Configuration}} chapter for detailed information on logging. See also the documentation on each statistical facility for the default log file names.\hyphpar0\par\pard\sb100\li960\sl220\qj The default log file names will also be used if the \fs18\f3 -B\fs20\f1 parameter is used to run IPTraf in the background. You can override the defaults with the \fs18\f3 -L\fs20\f1 parameter. See {\field{\*\fldinst HYPERLINK \\l ID_BACKOP}{\fldrslt Background Operation}} in Chapter 9.\hyphpar0\par\pard\sb200\s2\sl293 {\*\bkmkstart ID_UPDATES}{\*\bkmkend ID_UPDATES}\b\fs26\lang1024\f2 Screen Update Delays\keepn\hyphpar0\par\pard\sb133\li960\sl220\qj \b0\fs20\lang1033\f1 Older versions of IPTraf updated the screen as soon as a packet was received. However, screen update is one of the slowest operations the program performs. Since version 1.3, a configuration option has been available to control screen update speed.\hyphpar0\par\pard\sb100\li960\sl220\qj See the \i Screen update interval...\i0 configuration option under the {\field{\*\fldinst HYPERLINK \\l ID_CONFIG}{\fldrslt Configuration}} chapter of this manual.\hyphpar0\par\pard\sb200\s2\sl293 {\*\bkmkstart ID_IFACES}{\*\bkmkend ID_IFACES}\b\fs26\lang1024\f2 Supported Network Interfaces\keepn\hyphpar0\par\pard\sb133\li960\sl220\qj \b0\fs20\lang1033\f1 IPTraf currently supports the following network interface types and names.\hyphpar0\par\pard\sb200\li960\sl220\qj \fs18\lang1024\f3 lo\keepn\hyphpar0\par\pard\sb100\li1360\sl220\fi-400\qj \tx1360 \fs20\f1 \~\tab The loopback interface. Every machine has one, and has an IP address of 127.0.0.1. \fs18\f3 lo\fs20\f1 is also indicated if data is detected on the \fs18\f3 dummy\i n\i0\fs20\f1 interface(s).\hyphpar0\par\pard\sb200\li960\sl220\qj \fs18\f3 eth\i n\keepn\hyphpar0\par\pard\sb100\li1360\sl220\fi-400\qj \tx1360 \i0\fs20\f1 \~\tab An Ethernet interface. \i\f3 n\i0\f1 starts from 0. Therefore, \fs18\f3 eth0\fs20\f1 refers to the first Ethernet interface, \fs18\f3 eth1\fs20\f1 to the second, and so on. Most machines only have one.\hyphpar0\par\pard\sb200\li960\sl220\qj \fs18\f3 fddi\i n\keepn\hyphpar0\par\pard\sb100\li1360\sl220\fi-400\qj \tx1360 \i0\fs20\f1 \~\tab An FDDI interface. \i\f3 n\i0\f1 starts from 0.\hyphpar0\par\pard\sb200\li960\sl220\qj \fs18\f3 tr\i n\keepn\hyphpar0\par\pard\sb100\li1360\sl220\fi-400\qj \tx1360 \i0\fs20\f1 \~\tab A Token Ring interface, where \i\f3 n\i0\f1 starts from 0.\hyphpar0\par\pard\sb200\li960\sl220\qj \fs18\f3 ppp\i n\keepn\hyphpar0\par\pard\sb100\li1360\sl220\fi-400\qj \tx1360 \i0\fs20\f1 \~\tab A PPP interface. \i\f3 n\i0\f1 starts from 0.\hyphpar0\par\pard\sb200\li960\sl220\qj \fs18\f3 sli\i n\keepn\hyphpar0\par\pard\sb100\li1360\sl220\fi-400\qj \tx1360 \i0\fs20\f1 \~\tab A SLIP interface. \i\f3 n\i0\f1 starts from 0.\hyphpar0\par\pard\sb200\li960\sl220\qj \fs18\f3 ippp\i n\keepn\hyphpar0\par\pard\sb100\li1360\sl220\fi-400\qj \tx1360 \i0\fs20\f1 \~\tab A synchronous PPP interface using ISDN. \i\f3 n\i0\f1 starts from 0.\hyphpar0\par\pard\sb200\li960\sl220\qj \fs18\f3 isdn\i n\keepn\hyphpar0\par\pard\sb100\li1360\sl220\fi-400\qj \tx1360 \i0\fs20\f1 \~\tab ISDN interfaces can be given arbitrary names, but for them to work with IPTraf, they must be named \fs18\f3 isdn\i n\i0\fs20\f1 . IPTraf supports synchronous PPP (the \fs18\f3 ippp\i n\i0\fs20\f1 interfaces above), raw IP, and Cisco-HDLC encapsulation.\hyphpar0\par\pard\sb200\li960\sl220\qj \fs18\f3 plip\i n\keepn\hyphpar0\par\pard\sb100\li1360\sl220\fi-400\qj \tx1360 \i0\fs20\f1 \~\tab PLIP interfaces. These are point-to-point IP connections using the PC parallel port.\hyphpar0\par\pard\sb200\li960\sl220\qj \fs18\f3 ipsec\i n\keepn\hyphpar0\par\pard\sb100\li1360\sl220\fi-400\qj \tx1360 \i0\fs20\f1 \~\tab This refers to Free s/WAN (and possibly other) logical VPN interfaces.\hyphpar0\par\pard\sb200\li960\sl220\qj \fs18\f3 sbni\i n\keepn\hyphpar0\par\pard\sb100\li1360\sl220\fi-400\qj \tx1360 \i0\fs20\f1 \~\tab SBNI long-range modem interfaces\hyphpar0\par\pard\sb200\li960\sl220\qj \fs18\f3 dvb\i n\i0\fs20\f1 , \fs18\f3 sm200\fs20\f1 , \fs18\f3 sm300\keepn\hyphpar0\par\pard\sb100\li1360\sl220\fi-400\qj \tx1360 \fs20\f1 \~\tab DVB satellite-receive interfaces\hyphpar0\par\pard\sb200\li960\sl220\qj \fs18\f3 wlan\i n\i0\fs20\f1 , \fs18\f3 wvlan\i n\keepn\hyphpar0\par\pard\sb100\li1360\sl220\fi-400\qj \tx1360 \i0\fs20\f1 \~\tab Wireless LAN interfaces\hyphpar0\par\pard\sb200\li960\sl220\qj \fs18\f3 tun\i n\keepn\hyphpar0\par\pard\sb100\li1360\sl220\fi-400\qj \tx1360 \i0\fs20\f1 \~\tab general logical tunnel interfaces\hyphpar0\par\pard\sb200\li960\sl220\qj \fs18\f3 brg\i n\keepn\hyphpar0\par\pard\sb100\li1360\sl220\fi-400\qj \tx1360 \i0\fs20\f1 \~\tab general logical bridge interfaces\hyphpar0\par\pard\sb200\li960\sl220\qj \fs18\f3 hdlc\i n\keepn\hyphpar0\par\pard\sb100\li1360\sl220\fi-400\qj \tx1360 \i0\fs20\f1 \~\tab Frame Relay base (FRAD) interfaces (non-PVC)\hyphpar0\par\pard\sb200\li960\sl220\qj \fs18\f3 pvc\i n\keepn\hyphpar0\par\pard\sb100\li1360\sl220\fi-400\qj \tx1360 \i0\fs20\f1 \~\tab Frame Relay Permanent Virtual Circuit interfaces\hyphpar0\par\pard\sb100\li960\sl220\qj \lang1033 Your system's network interfaces must be named according to the schemes specified above.\hyphpar0\par\sect\sectd\plain\pgwsxn12240\pghsxn15840\marglsxn1920\margrsxn1920\margtsxn960\margbsxn480\headery0\footery0\pgndec\titlepg{\headerf\pard\sl-240\sb770\sa-50\plain\tqc\tx4200\tqr\tx8400 {}\tab {}\tab {}\par}{\footerf\pard\sl-240\sb-670\sa910\plain\tqc\tx4200\tqr\tx8400 {}\tab {}\tab {\i\fs20\f1 \chpgn }\par}{\headerl\pard\sl-240\sb770\sa-50\plain\tqc\tx4200\tqr\tx8400 {\i\fs20\f1 Chapter 3. The IP Traffic Monitor}\tab {}\tab {}\par}{\footerl\pard\sl-240\sb-670\sa910\plain\tqc\tx4200\tqr\tx8400 {\i\fs20\f1 \chpgn }\tab {}\tab {}\par}{\headerr\pard\sl-240\sb770\sa-50\plain\tqc\tx4200\tqr\tx8400 {}\tab {}\tab {\i\fs20\f1 Chapter 3. The IP Traffic Monitor}\par}{\footerr\pard\sl-240\sb-670\sa910\plain\tqc\tx4200\tqr\tx8400 {}\tab {}\tab {\i\fs20\f1 \chpgn }\par}\pard\sb220\s1\sl322 {\*\bkmkstart ID_ITRAFMON}{\*\bkmkend ID_ITRAFMON}\b\fs29\f2 Chapter 3. The IP Traffic Monitor\keepn\hyphpar0\par\pard\sb146\li960\sl220\qj \b0\fs20\lang1033\f1 Executing the first menu item or specifying \fs18\f3 -i\fs20\f1 to the \b iptraf\b0 command takes you to the IP traffic monitor. The traffic monitor is a real-time monitoring system that intercepts all packets on all detected network interfaces, decodes the IP information on all IP packets and displays the appropriate information, most notably the source and destination addresses. It also determines the encapsulated protocol within the IP packet, and displays some important information about that as well.\hyphpar0\par\pard\sb100\li960\sl220\qj There are two windows in the traffic monitor, both of which can be scrolled with the Up and Down cursor keys. Just press W to move the \fs18\f3 Active\fs20\f1 indicator to the window you want to control.\hyphpar0\par\pard\sb200\li960{\field\flddirty{\*\fldinst INCLUDEPICTURE "iptraf-iptm1.eps" }{\fldrslt }}\keepn\par\pard\sb200\li960\sl220\qj \b\lang1024 Figure 3-1. The IP traffic monitor\hyphpar0\par\pard\sb200\s2\sl293 {\*\bkmkstart ID_UPPERWIN}{\*\bkmkend ID_UPPERWIN}\fs26\f2 The Upper Window\keepn\hyphpar0\par\pard\sb133\li960\sl220\qj \b0\fs20\lang1033\f1 The upper window of the traffic monitor displays the currently detected TCP connections. Information about TCP packets are displayed here. The window contains these pieces of information:\hyphpar0\par\pard\sb100\li1160\sl220\fi-200\qj \tx1160 \fs16\lang1024 \'95\tab \fs20 Source address and port\hyphpar0\par\pard\li1160\sl220\fi-200\qj \tx1160 \fs16 \'95\tab \fs20 Packet count\hyphpar0\par\pard\li1160\sl220\fi-200\qj \tx1160 \fs16 \'95\tab \fs20 Byte count\hyphpar0\par\pard\li1160\sl220\fi-200\qj \tx1160 \fs16 \'95\tab \fs20 Source MAC address\hyphpar0\par\pard\li1160\sl220\fi-200\qj \tx1160 \fs16 \'95\tab \fs20 Packet Size\hyphpar0\par\pard\li1160\sl220\fi-200\qj \tx1160 \fs16 \'95\tab \fs20 Window Size\hyphpar0\par\pard\li1160\sl220\fi-200\qj \tx1160 \fs16 \'95\tab \fs20 TCP flag statuses\hyphpar0\par\pard\li1160\sl220\fi-200\qj \tx1160 \fs16 \'95\tab \fs20 Interface\hyphpar0\par\pard\sb200\li1360\sl198\qj \b\fs18\f2 Note: \b0\f4 Previous versions of IPTraf showed both the source and destination addresses on each line. IPTraf 2 and higher show only the \i\fs16\f3 source host\i0 :\i port\i0\fs18\f4 combination to save on screen real estate. TCP connection endpoints are still indicated with the green brackets (on color terminals) along the left edge of the screen.\hyphpar0\par\pard\sb200\li960\sl220\qj \fs20\lang1033\f1 The Up and Down cursor keys move an indicator bar between entries in the TCP monitor, scrolling the window if necessary. The PgUp and PgDn keys display the previous and next screenfuls of entries respectively.\hyphpar0\par\pard\sb100\li960\sl220\qj The IP traffic monitor computes the data flow rate of the currently highlighted TCP flow and displays it on the lower-right corner of the screen. The flow rate is in kilobits or kilobytes per second depending on the \i Activity mode\i0 switch in the {\field{\*\fldinst HYPERLINK \\l ID_CONFIG}{\fldrslt \i Configure...}} menu.\hyphpar0\par\pard\sb100\li960\sl220\qj Because this monitoring system relies solely on packet information, it does not determine which endpoint initiated the connection. In other words, it does not know which endpoints are the client and server. This is necessary because it can operate in promiscuous mode, and as such cannot determine the socket statuses for other machines on the LAN. However, a little knowledge of the well-known TCP port numbers can give a good idea about which address is that of the server.\hyphpar0\par\pard\sb100\li960\sl220\qj The system therefore displays two entries for each connection, one for each direction of the TCP connection. To make it easier to determine the direction pairs of each connection, a bracket is used to "join" both together. This bracket appears at the leftmost part of each entry.\hyphpar0\par\pard\sb100\li960\sl220\qj Just because a host entry appears at the upper end of a connection bracket doesn't mean it was the initiator of the connection.\hyphpar0\par\pard\sb100\li960\sl220\qj Each entry in the window contains these fields:\hyphpar0\par\pard\sb200\li960\sl220\qj \i\lang1024 Source address and port\keepn\hyphpar0\par\pard\sb100\li1360\sl220\fi-400\qj \tx1360 \i0 \~\tab The source address and port indicator is in \i\f3 address\i0\f1 :\i\f3 port\i0\f1 format. This indicates the source machine and TCP port on that machine from which this data is coming.\hyphpar0\par\pard\sb100\li1360\sl220\qj \lang1033 The destination is the host:port at the other end of the bracket.\hyphpar0\par\pard\sb200\li960\sl220\qj \i\lang1024 Packet count\keepn\hyphpar0\par\pard\sb100\li1360\sl220\fi-400\qj \tx1360 \i0 \~\tab The number of packets received for this direction of the TCP connection\hyphpar0\par\pard\sb200\li960\sl220\qj \i Byte count\keepn\hyphpar0\par\pard\sb100\li1360\sl220\fi-400\qj \tx1360 \i0 \~\tab The number of bytes received for this direction of the TCP connection. These bytes include total IP and TCP header information, in addition to the actual data. Data link header (e.g. Ethernet and FDDI) data are not included.\hyphpar0\par\pard\sb200\li960\sl220\qj \i Source MAC address\keepn\hyphpar0\par\pard\sb100\li1360\sl220\fi-400\qj \tx1360 \i0 \~\tab The address of the host on your local LAN that delivered this packet. This can be viewed by pressing M once if \i Source MAC addrs\i0 in traffic monitor is enabled in the {\field{\*\fldinst HYPERLINK \\l ID_CONFIG}{\fldrslt \i Configure...}} menu.\hyphpar0\par\pard\sb200\li960\sl220\qj \i Packet Size\keepn\hyphpar0\par\pard\sb100\li1360\sl220\fi-400\qj \tx1360 \i0 \~\tab The size of the most recently received packet. This item is visible if you press M for more TCP information. This is the size of the IP datagram only, not including the data link header.\hyphpar0\par\pard\sb200\li960\sl220\qj \i Window Size\keepn\hyphpar0\par\pard\sb100\li1360\sl220\fi-400\qj \tx1360 \i0 \~\tab The advertised window size of the most recently received packet. This item is visible if you press M for more TCP information.\hyphpar0\par\pard\sb200\li960\sl220\qj \i Flag statuses\keepn\hyphpar0\par\pard\sb100\li1360\sl220\fi-400\qj \tx1360 \i0 \~\tab The flags of the most recently received packet. \hyphpar0\par\pard\sb200\li1360\sl220\qj \fs18\f3 S\keepn\hyphpar0\par\pard\sb100\li1760\sl220\fi-400\qj \tx1760 \fs20\f1 \~\tab SYN. A synchronization is taking place in preparation for connection establishment. If only an \fs18\f3 S\fs20\f1 is present (\fs18\f3 S---\fs20\f1 ) the source is trying to initiate a connection. If an \fs18\f3 A\fs20\f1 is also present (\fs18\f3 S-A-\fs20\f1 ), this is an acknowledgment of a previous connection request, and is responding.\hyphpar0\par\pard\sb200\li1360\sl220\qj \fs18\f3 A\keepn\hyphpar0\par\pard\sb100\li1760\sl220\fi-400\qj \tx1760 \fs20\f1 \~\tab ACK. This is an acknowledgment of a previously received packet\hyphpar0\par\pard\sb200\li1360\sl220\qj \fs18\f3 P\keepn\hyphpar0\par\pard\sb100\li1760\sl220\fi-400\qj \tx1760 \fs20\f1 \~\tab PSH. A request to push all data to the top of the receiving queue\hyphpar0\par\pard\sb200\li1360\sl220\qj \fs18\f3 U\keepn\hyphpar0\par\pard\sb100\li1760\sl220\fi-400\qj \tx1760 \fs20\f1 \~\tab URG. This packet contains urgent data\hyphpar0\par\pard\sb200\li1360\sl220\qj \fs18\f3 RESET\keepn\hyphpar0\par\pard\sb100\li1760\sl220\fi-400\qj \tx1760 \fs20\f1 \~\tab RST. The source machine indicated in this direction reset the entire connection. The direction entries for reset connections become available for new connections.\hyphpar0\par\pard\sb200\li1360\sl220\qj \fs18\f3 DONE\keepn\hyphpar0\par\pard\sb100\li1760\sl220\fi-400\qj \tx1760 \fs20\f1 \~\tab The connection is done sending data in this direction, and has sent a FIN (finished) packet, but has not yet been acknowledged by the other host.\hyphpar0\par\pard\sb200\li1360\sl220\qj \fs18\f3 CLOSED\keepn\hyphpar0\par\pard\sb100\li1760\sl220\fi-400\qj \tx1760 \fs20\f1 \~\tab The FIN has been acknowledged by the other host. When both directions of a connection are marked CLOSED, the entries they occupy become available for new connection entries.\hyphpar0\par\pard\sb200\li1360\sl220\qj \fs18\f3 -\keepn\hyphpar0\par\pard\sb100\li1760\sl220\fi-400\qj \tx1760 \fs20\f1 \~\tab The flag is not set\hyphpar0\par\pard\sb100\li960\sl220\qj \lang1033 Some other pieces of information can be viewed as well. The M key displays more TCP information. Pressing M once displays the MAC addresses of the LAN hosts that delivered the packets (if the \i Source MAC addrs in traffic monitor\i0 option is enabled in the {\field{\*\fldinst HYPERLINK \\l ID_CONFIG}{\fldrslt \i Configure...}} menu). \fs18\f3 N/A\fs20\f1 is displayed if no packets have been received from the source yet, or if the interface doesn't support MAC addresses (such as PPP interfaces).\hyphpar0\par\pard\sb100\li960\sl220\qj If the \i Source MAC addrs in traffic monitor\i0 option is not enabled, pressing M simply toggles between the counts and the packet and window sizes.\hyphpar0\par\pard\sb100\li960\sl220\qj By default, only IP addresses are displayed, but if you have access to a name server or host table, you may enable reverse lookup for the IP addresses. Just enable reverse lookup in the {\field{\*\fldinst HYPERLINK \\l ID_CONFIG}{\fldrslt \i Configure...}} menu.\hyphpar0\par\pard\sb100\brdrt\brdrs\brdrw20\brsp200\li1000\ri40\brdrl\brdrs\brdrw20\brsp40\li1000\ri40\brdrb\brdrs\brdrw20\brsp0\li1000\ri40\brdrr\brdrs\brdrw20\brsp40\li1000\ri40\sl220\qj \b\lang1024 The rvnamed Process\keepn\hyphpar0\par\pard\sb100\brdrt\brdrs\brdrw20\brsp200\li1000\ri40\brdrl\brdrs\brdrw20\brsp40\li1000\ri40\brdrb\brdrs\brdrw20\brsp0\li1000\ri40\brdrr\brdrs\brdrw20\brsp40\li1000\ri40\sl220\qj \b0\lang1033 The IP traffic monitor starts a daemon called \b rvnamed\b0 to help speed up reverse lookups without sacrificing too much keyboard control and accuracy of the counts. While reverse lookup is being conducted in the background, IP addresses will be used until the resolution is complete.\hyphpar0\par\pard\sb100\brdrt\brdrs\brdrw20\brsp200\li1000\ri40\brdrl\brdrs\brdrw20\brsp40\li1000\ri40\brdrb\brdrs\brdrw20\brsp0\li1000\ri40\brdrr\brdrs\brdrw20\brsp40\li1000\ri40\sl220\qj If for some reason \b rvnamed\b0 cannot start (probably due to improper installation or lack of memory), and you are on the Internet, and you enable reverse lookup, your keyboard control can become very slow. This is because the standard lookup functions do not return until they have completed their tasks, and it can take several seconds for a name resolution in the foreground to complete.\hyphpar0\par\pard\sb100\brdrt\brdrs\brdrw20\brsp200\li1000\ri40\brdrl\brdrs\brdrw20\brsp40\li1000\ri40\brdrb\brdrs\brdrw20\brsp0\li1000\ri40\brdrr\brdrs\brdrw20\brsp40\li1000\ri40\sl220\qj \b rvnamed\b0 will spawn up to 200 children to process reverse DNS queries.\keepn\hyphpar0\par\pard\brdrt\brdrs\brdrw20\brsp200\li1000\ri40\brdrl\brdrs\brdrw20\brsp40\li1000\ri40\brdrb\brdrs\brdrw20\brsp0\li1000\ri40\brdrr\brdrs\brdrw20\brsp40\li1000\ri40\sl-200\keepn\par\pard\sl-1\par\pard\sb200\li1360\sl198\qj \b\fs18\lang1024\f2 Tip: \b0\f4 If you notice unusual SYN activity (too many initial (\fs16\f3 S---\fs18\f4 ) but frozen SYN entries, or rapidly increasing initial SYN packets for a single connection), you may be under a SYN flooding attack or TCP port scan. Apply appropriate measures, or the targeted machines may begin denying network services.\hyphpar0\par\pard\sb200\li960\sl220\qj \fs20\lang1033\f1 Entries not updated within a user-configurable amount of time may get replaced with new connections. The default time is 15 minutes. This is regardless of whether the connection is closed or not. (Some unclosed connections may be due to extremely slow links or crashes at either end of the connection.) This figure can be changed at the {\field{\*\fldinst HYPERLINK \\l ID_CONFIG}{\fldrslt \i Configure...}} menu.\hyphpar0\par\pard\sb100\li960\sl220\qj Some early entries may have a > symbol in front of its packet count. This means the connection was already established when the monitor started. In other words, the figures indicated do not reflect the counts since the start of the TCP connection, but rather, since the start of the traffic monitor. Eventually, these > entries will close (or time out) and disappear. TCP entries without the > were initiated after the traffic monitor started, and the counts indicate the totals of the connection itself. Just consider entries with > partial.\hyphpar0\par\pard\sb100\li960\sl220\qj Some > entries may go idle if the traffic monitor was started when these connections were already half-closed (FIN sent by one host, but data still being sent by the other). This is because the traffic monitor cannot determine if a connection was already half-closed when it started. These entries will eventually time out. (To minimize these entries, an entry is not added by the monitor until a packet with data or a SYN packet is received.)\hyphpar0\par\pard\sb100\li960\sl220\qj Direction entries also become available for reuse if an ICMP Destination Unreachable message is received for the connection.\hyphpar0\par\pard\sb100\li960\sl220\qj The lower part of the screen contains a summary line showing the IP, TCP, UDP, ICMP, and non-IP byte counts since the start of the monitor. The IP, TCP, UDP, and ICMP counts include only the IP datagram header and data, not the data-link headers. The non-IP count includes the data-link headers.\hyphpar0\par\pard\sb200\li1360\sl198\qj \b\fs18\lang1024\f2 Technical note: IP Forwarding and Masquerading: \b0\f4 Previous versions of IPTraf issued a warning if the kernel had IP masquerading enabled due to the way the kernel masqueraded and translated the IP addresses. The new kernels no longer do it as before and IPTraf now gives output properly on masquerading machines. The \fs16\f3 -q\fs18\f4 parameter is no longer required to suppress the warning screen.\hyphpar0\par\pard\sb100\li1360\sl198\qj On forwarding (non-masquerading) machines packets and TCP connections simply appear twice, one each for the incoming and outgoing interfaces if all interafaces are being monitored.\hyphpar0\par\pard\sb100\li1360\sl198\qj On masquerading machines, packets and connections from the internal network to the external network also appear twice, one for the internal and external interface. Packets coming from the internal network will be indicated as coming from the internal IP address that sourced them, and also as coming from the IP address of the external interface on your masquerading machine. In much the same way, packets coming in from the external network will look like they're destined for the external interface's IP address, and again as destined for the final host on the internal network.\hyphpar0\par\pard\sb200\s3\sl266 {\*\bkmkstart _725}{\*\bkmkend _725}\b\fs24\f2 Closed/Idle/Timed Out Connections\keepn\hyphpar0\par\pard\sb121\li960\sl220\qj \b0\fs20\lang1033\f1 A TCP connection entry that closes, gets reset, or stays idle too long normally gets replaced with new connections. However, if there are too many of these, active connections may become interspersed among closed, reset, or idle entries.\hyphpar0\par\pard\sb100\li960\sl220\qj IPTraf can be set to automatically remove all closed, reset, and idle entries with the \i TCP closed/idle persistence...\i0 configuration option. You can also press the F key to immediately clear them at any time.\hyphpar0\par\pard\sb200\li1360\sl198\qj \b\fs18\lang1024\f2 Note: \b0\f4 The \i TCP timeout...\i0 option only tells IPTraf how long it should take before a connection should be considered idle and open to replacement by new connections. This does not determine how long it remains on-screen. The \i TCP closed/idle persistence...\i0 parameter flushes entries that have been idle for the number of minutes defined by the \i TCP timeout...\i0 option.\hyphpar0\par\pard\sb200\s3\sl266 {\*\bkmkstart _736}{\*\bkmkend _736}\b\fs24\f2 Sorting TCP Entries\keepn\hyphpar0\par\pard\sb121\li960\sl220\qj \b0\fs20\lang1033\f1 The TCP connection entries can be sorted by pressing the S key, then by selecting a sort criterion. Pressing S will display a box showing the available sort criteria. Press P to sort by packet count, B to sort by byte count. Pressing any other key cancels the sort.\hyphpar0\par\pard\sb100\li960\sl220\qj The sort operation compares the larger values in each connection entry pair and sorts the counts in descending order.\hyphpar0\par\pard\sb100\li960\sl220\qj Over time, the entries will go out of order as counts proceed at varying rates. Sorting is not done automatically so as not to degrade performance and accuracy.\hyphpar0\par\pard\sb200\li960{\field\flddirty{\*\fldinst INCLUDEPICTURE "iptraf-iptmsort.eps" }{\fldrslt }}\keepn\par\pard\sb200\li960\sl220\qj \b\lang1024 Figure 3-2. The IP traffic monitor sort criteria\hyphpar0\par\pard\sb200\s2\sl293 {\*\bkmkstart ID_LOWERWIN}{\*\bkmkend ID_LOWERWIN}\fs26\f2 Lower Window\keepn\hyphpar0\par\pard\sb133\li960\sl220\qj \b0\fs20\lang1033\f1 The lower window displays information about the other types of traffic on your network. The following protocols are detected internally:\hyphpar0\par\pard\sb100\li1160\sl220\fi-200\qj \tx1160 \fs16\lang1024 \'95\tab \fs20 User Datagram Protocol (UDP)\hyphpar0\par\pard\li1160\sl220\fi-200\qj \tx1160 \fs16 \'95\tab \fs20 Internet Control Message Protocol (ICMP)\hyphpar0\par\pard\li1160\sl220\fi-200\qj \tx1160 \fs16 \'95\tab \fs20 Open Shortest-Path First (OSPF)\hyphpar0\par\pard\li1160\sl220\fi-200\qj \tx1160 \fs16 \'95\tab \fs20 Interior Gateway Routing Protocol (IGRP)\hyphpar0\par\pard\li1160\sl220\fi-200\qj \tx1160 \fs16 \'95\tab \fs20 Interior Gateway Protocol (IGP)\hyphpar0\par\pard\li1160\sl220\fi-200\qj \tx1160 \fs16 \'95\tab \fs20 Internet Group Management Protocol (IGMP)\hyphpar0\par\pard\li1160\sl220\fi-200\qj \tx1160 \fs16 \'95\tab \fs20 General Routing Encapsulation (GRE)\hyphpar0\par\pard\li1160\sl220\fi-200\qj \tx1160 \fs16 \'95\tab \fs20 Layer 2 Tunneling Protocol (L2TP)\hyphpar0\par\pard\li1160\sl220\fi-200\qj \tx1160 \fs16 \'95\tab \fs20 IPSec AH and ESP protocols (IPSec AH and IPSec ESP)\hyphpar0\par\pard\li1160\sl220\fi-200\qj \tx1160 \fs16 \'95\tab \fs20 Address Resolution Protocol (ARP)\hyphpar0\par\pard\li1160\sl220\fi-200\qj \tx1160 \fs16 \'95\tab \fs20 Reverse Address Resolution Protocol (RARP)\hyphpar0\par\pard\sb100\li960\sl220\qj \lang1033 Other IP protocols are looked up from the \fs18\f3 /etc/services\fs20\f1 file. If \fs18\f3 /etc/services\fs20\f1 doesn't contain information about that protocol, the protocol number is indicated.\hyphpar0\par\pard\sb100\li960\sl220\qj Non-IP packets are indicated as \fs18\f3 Non-IP\fs20\f1 in the lower window.\hyphpar0\par\pard\sb200\li1360\sl198\qj \b\fs18\lang1024\f2 Note: \b0\f4 The source and destination addresses for ARP and RARP entries are MAC addresses.\hyphpar0\par\pard\sb100\li1360\sl198\qj Strictly speaking, ARP and RARP packets aren't IP packets, since they are not encapsulated in an IP datagram. They're just indicated because they are integral to proper IP operation on LANs.\hyphpar0\par\pard\sb200\li960\sl220\qj \fs20\lang1033\f1 For all packets in the lower window, only the first IP fragment is indicated (since that contains the header of the IP-encapsulated protocol) but with no further information from the encapsulated protocol.\hyphpar0\par\pard\sb100\li960\sl220\qj UDP packets are also displayed in \i\fs18\f3 address\i0 :\i port\i0\fs20\f1 format while ICMP entries also contain the ICMP message type. For easier location, each type of protocol is color-coded (only on color terminals such as the Linux console).\hyphpar0\par\pard\sb200\li960\sl220\qj \lang1024 UDP\keepn\hyphpar0\par\pard\sb100\li1360\sl220\fi-400\qj \tx1360 \~\tab Red on White\hyphpar0\par\pard\sb200\li960\sl220\qj ICMP\keepn\hyphpar0\par\pard\sb100\li1360\sl220\fi-400\qj \tx1360 \~\tab Yellow on Blue\hyphpar0\par\pard\sb200\li960\sl220\qj OSPF\keepn\hyphpar0\par\pard\sb100\li1360\sl220\fi-400\qj \tx1360 \~\tab Black on Cyan\hyphpar0\par\pard\sb200\li960\sl220\qj IGRP\keepn\hyphpar0\par\pard\sb100\li1360\sl220\fi-400\qj \tx1360 \~\tab Bright white on Cyan\hyphpar0\par\pard\sb200\li960\sl220\qj IGP\keepn\hyphpar0\par\pard\sb100\li1360\sl220\fi-400\qj \tx1360 \~\tab Red on Cyan\hyphpar0\par\pard\sb200\li960\sl220\qj IGMP\keepn\hyphpar0\par\pard\sb100\li1360\sl220\fi-400\qj \tx1360 \~\tab Bright green on Blue\hyphpar0\par\pard\sb200\li960\sl220\qj GRE\keepn\hyphpar0\par\pard\sb100\li1360\sl220\fi-400\qj \tx1360 \~\tab Blue on white\hyphpar0\par\pard\sb200\li960\sl220\qj ARP\keepn\hyphpar0\par\pard\sb100\li1360\sl220\fi-400\qj \tx1360 \~\tab Bright white on Red\hyphpar0\par\pard\sb200\li960\sl220\qj RARP\keepn\hyphpar0\par\pard\sb100\li1360\sl220\fi-400\qj \tx1360 \~\tab Bright white on Red\hyphpar0\par\pard\sb200\li960\sl220\qj Other IP\keepn\hyphpar0\par\pard\sb100\li1360\sl220\fi-400\qj \tx1360 \~\tab Yellow on red\hyphpar0\par\pard\sb200\li960\sl220\qj Non-IP\keepn\hyphpar0\par\pard\sb100\li1360\sl220\fi-400\qj \tx1360 \~\tab Yellow on Red\hyphpar0\par\pard\sb100\li960\sl220\qj \lang1033 The lower window can hold up to 512 entries. You can scroll the lower window by using the W key to move the Active indicator to it, and by using the Up and Down cursor keys. The lower window automatically scrolls every time a new entry is added, and either the first entry or last entry is visible. Upon reaching 512 entries, old entries are thrown out as new entries are added.\hyphpar0\par\pard\sb100\li960\sl220\qj Some entries may be too long to completely fit in a screen line. You can use the Left and Right cursor keys to vertically scroll the lower window when it is marked \fs18\f3 Active\fs20\f1 . If your terminal can be resized (e.g. xterm), you may do so before starting IPTraf.\hyphpar0\par\pard\sb100\li960\sl220\qj Entries for packets received on LAN interfaces also include the source MAC address of the LAN host which delivered it. This behavior is enabled by turning on the Source MAC addrs in traffic monitor toggle in the {\field{\*\fldinst HYPERLINK \\l ID_CONFIG}{\fldrslt \i Configure...}} menu.\hyphpar0\par\pard\sb200\s3\sl266 {\*\bkmkstart _835}{\*\bkmkend _835}\b\fs24\lang1024\f2 Entry Details\keepn\hyphpar0\par\pard\sb121\li960\sl220\qj \b0\fs20\lang1033\f1 In general, the entries in the lower window indicate the protocol, the IP datagram size (full frame size for non-IP, including ARP and RARP), the source address, the destination address, and the network interface the packet was detected on. However, some protocols have a little more information.\hyphpar0\par\pard\sb200\s4\li960\sl242 \b\fs22\lang1024\f2 ICMP\keepn\hyphpar0\par\pard\sb110\li960\sl220\qj \b0\fs20\lang1033\f1 ICMP entries are displayed in this format:\hyphpar0\par\pard\sb200\li960\sl198\qj \fs18\lang1024\f3 ICMP \i type\i0 [(\i subtype\i0 )] (\i size\i0 bytes) from \i source\i0 to \i destination\i0 \sa0\par\fi0\sb0 [(src HWaddr \i srcMACaddress\i0 )] on \i interface\hyphpar0\par\pard\sb200\li960\sl220\qj \i0\fs20\lang1033\f1 where type could be any of the following:\hyphpar0\par\pard\sb200\li960\sl220\qj \fs18\lang1024\f3 echo req, echo rply\keepn\hyphpar0\par\pard\sb100\li1360\sl220\fi-400\qj \tx1360 \fs20\f1 \~\tab ICMP echo request and reply. Usually used by the ping program and other network monitoring and diagnostic program. \hyphpar0\par\pard\sb200\li960\sl220\qj \fs18\f3 dest unrch\keepn\hyphpar0\par\pard\sb100\li1360\sl220\fi-400\qj \tx1360 \fs20\f1 \~\tab ICMP destination unreachable. Something failed to reach its target. The dest unreach type is supplemented with a further indicator of the problem. Destination unreachable messages for TCP traffic causes the corresponding TCP entry in the upper window to be made available for reuse by new connections. \hyphpar0\par\pard\sb200\li960\sl220\qj \fs18\f3 redirct\keepn\hyphpar0\par\pard\sb100\li1360\sl220\fi-400\qj \tx1360 \fs20\f1 \~\tab ICMP redirect. Usually generated by a router to tell a host that a better gateway is available. \hyphpar0\par\pard\sb200\li960\sl220\qj \fs18\f3 src qnch\keepn\hyphpar0\par\pard\sb100\li1360\sl220\fi-400\qj \tx1360 \fs20\f1 \~\tab The ICMP source quench is used to stop a host from transmitting. It's a flow control mechanism for IP. \hyphpar0\par\pard\sb200\li960\sl220\qj \fs18\f3 time excd\keepn\hyphpar0\par\pard\sb100\li1360\sl220\fi-400\qj \tx1360 \fs20\f1 \~\tab Indicates a packet's time-to-live value expired before it got to its destination. Mostly happens if a destination is too far away. Also used by the traceroute program.\hyphpar0\par\pard\sb200\li960\sl220\qj \fs18\f3 router adv\keepn\hyphpar0\par\pard\sb100\li1360\sl220\fi-400\qj \tx1360 \fs20\f1 \~\tab ICMP router advertisement \hyphpar0\par\pard\sb200\li960\sl220\qj \fs18\f3 router sol\keepn\hyphpar0\par\pard\sb100\li1360\sl220\fi-400\qj \tx1360 \fs20\f1 \~\tab ICMP router solicitation \hyphpar0\par\pard\sb200\li960\sl220\qj \fs18\f3 timestmp req\keepn\hyphpar0\par\pard\sb100\li1360\sl220\fi-400\qj \tx1360 \fs20\f1 \~\tab ICMP timestamp request\hyphpar0\par\pard\sb200\li960\sl220\qj \fs18\f3 timestmp rep\keepn\hyphpar0\par\pard\sb100\li1360\sl220\fi-400\qj \tx1360 \fs20\f1 \~\tab ICMP timestamp reply \hyphpar0\par\pard\sb200\li960\sl220\qj \fs18\f3 info req\keepn\hyphpar0\par\pard\sb100\li1360\sl220\fi-400\qj \tx1360 \fs20\f1 \~\tab ICMP information request \hyphpar0\par\pard\sb200\li960\sl220\qj \fs18\f3 info rep\keepn\hyphpar0\par\pard\sb100\li1360\sl220\fi-400\qj \tx1360 \fs20\f1 \~\tab ICMP information reply \hyphpar0\par\pard\sb200\li960\sl220\qj \fs18\f3 addr mask req\keepn\hyphpar0\par\pard\sb100\li1360\sl220\fi-400\qj \tx1360 \fs20\f1 \~\tab ICMP address mask request \hyphpar0\par\pard\sb200\li960\sl220\qj \fs18\f3 addr mask rep\keepn\hyphpar0\par\pard\sb100\li1360\sl220\fi-400\qj \tx1360 \fs20\f1 \~\tab ICMP address mask reply \hyphpar0\par\pard\sb200\li960\sl220\qj \fs18\f3 param prob\keepn\hyphpar0\par\pard\sb100\li1360\sl220\fi-400\qj \tx1360 \fs20\f1 \~\tab ICMP parameter problem \hyphpar0\par\pard\sb200\li960\sl220\qj \fs18\f3 bad/unknown\keepn\hyphpar0\par\pard\sb100\li1360\sl220\fi-400\qj \tx1360 \fs20\f1 \~\tab An unrecognized ICMP packet was received, or the packet is corrupted.\hyphpar0\par\pard\sb100\li960\sl220\qj \lang1033 The destination unreachable message also includes information on the type of error encountered. Here are the destination unreachable codes:\hyphpar0\par\pard\sb200\li960\sl220\qj \fs18\lang1024\f3 ntwk\keepn\hyphpar0\par\pard\sb100\li1360\sl220\fi-400\qj \tx1360 \fs20\f1 \~\tab network unreachable \hyphpar0\par\pard\sb200\li960\sl220\qj \fs18\f3 host\keepn\hyphpar0\par\pard\sb100\li1360\sl220\fi-400\qj \tx1360 \fs20\f1 \~\tab host unreachable \hyphpar0\par\pard\sb200\li960\sl220\qj \fs18\f3 proto\keepn\hyphpar0\par\pard\sb100\li1360\sl220\fi-400\qj \tx1360 \fs20\f1 \~\tab protocol unreachable \hyphpar0\par\pard\sb200\li960\sl220\qj \fs18\f3 port\keepn\hyphpar0\par\pard\sb100\li1360\sl220\fi-400\qj \tx1360 \fs20\f1 \~\tab port unreachable \hyphpar0\par\pard\sb200\li960\sl220\qj \fs18\f3 pkt fltrd\keepn\hyphpar0\par\pard\sb100\li1360\sl220\fi-400\qj \tx1360 \fs20\f1 \~\tab packet filtered (normally by an access rule on a router or firewall) \hyphpar0\par\pard\sb200\li960\sl220\qj \fs18\f3 DF set\keepn\hyphpar0\par\pard\sb100\li1360\sl220\fi-400\qj \tx1360 \fs20\f1 \~\tab the packet has to be fragmented somewhere, but its don't fragment (DF) bit is set.\hyphpar0\par\pard\sb200\li960\sl220\qj \fs18\f3 src rte fail\keepn\hyphpar0\par\pard\sb100\li1360\sl220\fi-400\qj \tx1360 \fs20\f1 \~\tab source route failed \hyphpar0\par\pard\sb200\li960\sl220\qj \fs18\f3 src isltd\keepn\hyphpar0\par\pard\sb100\li1360\sl220\fi-400\qj \tx1360 \fs20\f1 \~\tab source isolated (obsolete) \hyphpar0\par\pard\sb200\li960\sl220\qj \fs18\f3 net comm denied\keepn\hyphpar0\par\pard\sb100\li1360\sl220\fi-400\qj \tx1360 \fs20\f1 \~\tab network communication denied \hyphpar0\par\pard\sb200\li960\sl220\qj \fs18\f3 host comm denied\keepn\hyphpar0\par\pard\sb100\li1360\sl220\fi-400\qj \tx1360 \fs20\f1 \~\tab host communication denied \hyphpar0\par\pard\sb200\li960\sl220\qj \fs18\f3 net unrch for TOS\keepn\hyphpar0\par\pard\sb100\li1360\sl220\fi-400\qj \tx1360 \fs20\f1 \~\tab network unreachable for specified IP type-of-service \hyphpar0\par\pard\sb200\li960\sl220\qj \fs18\f3 host unrch for TOS\keepn\hyphpar0\par\pard\sb100\li1360\sl220\fi-400\qj \tx1360 \fs20\f1 \~\tab host unreachable for specified IP type-of-service \hyphpar0\par\pard\sb200\li960\sl220\qj \fs18\f3 prec violtn\keepn\hyphpar0\par\pard\sb100\li1360\sl220\fi-400\qj \tx1360 \fs20\f1 \~\tab precedence violation \hyphpar0\par\pard\sb200\li960\sl220\qj \fs18\f3 prec cutoff\keepn\hyphpar0\par\pard\sb100\li1360\sl220\fi-400\qj \tx1360 \fs20\f1 \~\tab precedence cutoff \hyphpar0\par\pard\sb200\li960\sl220\qj \fs18\f3 dest net unkn\keepn\hyphpar0\par\pard\sb100\li1360\sl220\fi-400\qj \tx1360 \fs20\f1 \~\tab destination network unknown \hyphpar0\par\pard\sb200\li960\sl220\qj \fs18\f3 dest host unkn\keepn\hyphpar0\par\pard\sb100\li1360\sl220\fi-400\qj \tx1360 \fs20\f1 \~\tab destination network unknown\hyphpar0\par\pard\sb100\li960\sl220\qj \lang1033 For more information on ICMP, see RFC 792.\hyphpar0\par\pard\sb200\s4\li960\sl242 \b\fs22\lang1024\f2 OSPF\keepn\hyphpar0\par\pard\sb110\li960\sl220\qj \b0\fs20\lang1033\f1 OSPF messages also include a little more information. The format of an OSPF message in the window is:\hyphpar0\par\pard\sb200\li960\sl198\qj \fs18\lang1024\f3 OSPF \i type\i0 (a=\i area\i0 r=\i router\i0 ) (\i size\i0 bytes) from \i source\i0 to \i destination\i0 \sa0\par\fi0\sb0 [(src HWaddr \i srcMACaddress\i0 )] on \i interface\hyphpar0\par\pard\sb200\li960\sl220\qj \i0\fs20\lang1033\f1 The type can be one of the following:\hyphpar0\par\pard\sb200\li960\sl220\qj \fs18\lang1024\f3 hlo\keepn\hyphpar0\par\pard\sb100\li1360\sl220\fi-400\qj \tx1360 \fs20\f1 \~\tab OSPF hello. Hello messages establish OSPF communications and keep routers informed of each other's presence. \hyphpar0\par\pard\sb200\li960\sl220\qj \fs18\f3 DB desc\keepn\hyphpar0\par\pard\sb100\li1360\sl220\fi-400\qj \tx1360 \fs20\f1 \~\tab OSPF Database Description \hyphpar0\par\pard\sb200\li960\sl220\qj \fs18\f3 LSR\keepn\hyphpar0\par\pard\sb100\li1360\sl220\fi-400\qj \tx1360 \fs20\f1 \~\tab OSPF Link State Request \hyphpar0\par\pard\sb200\li960\sl220\qj \fs18\f3 LSU\keepn\hyphpar0\par\pard\sb100\li1360\sl220\fi-400\qj \tx1360 \fs20\f1 \~\tab OSPF Link State Update. Messages indicating the states of the OSPF network links \hyphpar0\par\pard\sb200\li960\sl220\qj \fs18\f3 LSA\keepn\hyphpar0\par\pard\sb100\li1360\sl220\fi-400\qj \tx1360 \fs20\f1 \~\tab OSPF Link State Acknowledgment\hyphpar0\par\pard\sb100\li960\sl220\qj \lang1033 The entries in parentheses:\hyphpar0\par\pard\sb200\li960\sl220\qj \fs18\lang1024\f3 a=\i area\keepn\hyphpar0\par\pard\sb100\li1360\sl220\fi-400\qj \tx1360 \i0\fs20\f1 \~\tab The area number of the OSPF message\hyphpar0\par\pard\sb200\li960\sl220\qj \fs18\f3 r=\i router\keepn\hyphpar0\par\pard\sb100\li1360\sl220\fi-400\qj \tx1360 \i0\fs20\f1 \~\tab The IP address of the router that generated the message. It is not necessarily the same as the source address of the encapsulating IP packet.\hyphpar0\par\pard\sb100\li960\sl220\qj \lang1033 Many times, the destination addresses for OSPF packets are class D multicast addresses in standard dotted decimal notation or (if reverse lookup is enabled), hosts under the \fs18\f3 MCAST.NET\fs20\f1 domain. Such multicast addresses are defined as follows:\hyphpar0\par\pard\sb200\li960\sl220\qj \fs18\lang1024\f3 224.0.0.5 (OSPF-ALL.MCAST.NET)\keepn\hyphpar0\par\pard\sb100\li1360\sl220\fi-400\qj \tx1360 \fs20\f1 \~\tab OSPF all routers\hyphpar0\par\pard\sb200\li960\sl220\qj \fs18\f3 224.0.0.6 (OSPF-DSIG.MCAST.NET)\keepn\hyphpar0\par\pard\sb100\li1360\sl220\fi-400\qj \tx1360 \fs20\f1 \~\tab OSPF all designated routers\hyphpar0\par\pard\sb100\li960\sl220\qj \lang1033 See RFC 1247 for details on the OSPF protocol.\hyphpar0\par\pard\sb200\s2\sl293 {\*\bkmkstart _1076}{\*\bkmkend _1076}\b\fs26\lang1024\f2 Additional Information\keepn\hyphpar0\par\pard\sb133\li960\sl220\qj \b0\fs20\lang1033\f1 When started from the main menu and logging is enabled, the IP traffic monitor prompts you for a log file name. The default name is \fs18\f3 ip_traffic-\i n\i0 .log (where \i n\i0\fs20\f1 is what instance of the traffic monitor this is (1, 2, 3, and so on). (e.g. if this is the first instance, the default file name will be \fs18\f3 ip_traffic-1.log\fs20\f1 .)\hyphpar0\par\pard\sb100\li960\sl220\qj When started with the \fs18\f3 -i\fs20\f1 parameter, the log filename can be specified with the \fs18\f3 -L\fs20\f1 parameter. See the {\field{\*\fldinst HYPERLINK \\l ID_CMDLINE}{\fldrslt Command-line Parameters}} section above for more information.\hyphpar0\par\pard\sb100\li960\sl220\qj On busy networks, the display may become cluttered with traffic you're not interested in. To control the traffic monitor's output, you can apply a \i filter\i0 . See Chapter 7, {\field{\*\fldinst HYPERLINK \\l ID_FILTERS}{\fldrslt Filters}} for more information on IPTraf's filters.\hyphpar0\par\pard\sb100\li960\sl220\qj At any time, you can press X or Q to return to the main menu (or back to the shell if the monitor was started with \b iptraf -i\b0 ).\hyphpar0\par\sect\sectd\plain\pgwsxn12240\pghsxn15840\marglsxn1920\margrsxn1920\margtsxn960\margbsxn480\headery0\footery0\pgndec\titlepg{\headerf\pard\sl-240\sb770\sa-50\plain\tqc\tx4200\tqr\tx8400 {}\tab {}\tab {}\par}{\footerf\pard\sl-240\sb-670\sa910\plain\tqc\tx4200\tqr\tx8400 {}\tab {}\tab {\i\fs20\f1 \chpgn }\par}{\headerl\pard\sl-240\sb770\sa-50\plain\tqc\tx4200\tqr\tx8400 {\i\fs20\f1 Chapter 4. Network Interface Statistics}\tab {}\tab {}\par}{\footerl\pard\sl-240\sb-670\sa910\plain\tqc\tx4200\tqr\tx8400 {\i\fs20\f1 \chpgn }\tab {}\tab {}\par}{\headerr\pard\sl-240\sb770\sa-50\plain\tqc\tx4200\tqr\tx8400 {}\tab {}\tab {\i\fs20\f1 Chapter 4. Network Interface Statistics}\par}{\footerr\pard\sl-240\sb-670\sa910\plain\tqc\tx4200\tqr\tx8400 {}\tab {}\tab {\i\fs20\f1 \chpgn }\par}\pard\sb220\s1\sl322 {\*\bkmkstart ID_NETSTATS}{\*\bkmkend ID_NETSTATS}\b\fs29\f2 Chapter 4. Network Interface Statistics\keepn\hyphpar0\par\pard\sb146\li960\sl220\qj \b0\fs20\lang1033\f1 There are two network interface statistics facilities: the general interface statistics, which displays a statistical summary of all attached interfaces, and the detailed interface statistics, which shows more statistical and load information about a single selected interface.\hyphpar0\par\pard\sb200\s2\sl293 {\*\bkmkstart ID_GENSTATS}{\*\bkmkend ID_GENSTATS}\b\fs26\lang1024\f2 General Interface Statistics\keepn\hyphpar0\par\pard\sb133\li960\sl220\qj \b0\fs20\lang1033\f1 The second menu option displays a list of attached network interfaces, and some general packet counts. Specifically, it displays counts of IP, non-IP, and bad IP packets (packets with IP checksum errors). It also includes an activity indicator, which shows the number of kilobits and packets the interface sees per second. All figures are for incoming and outgoing packets. (Again, considering promiscuous mode for LAN interfaces, which simply causes the machine to intercept all packets). This is useful for general monitoring of all attached interfaces. If byte counts and additional information are needed for a specific interface, the \i Detailed interface statistics\i0 option is also available.\hyphpar0\par\pard\sb100\li960\sl220\qj The activity indicators can be toggled between kbits/s and kbytes/s with the \i Activity mode\i0 configuration option.\hyphpar0\par\pard\sb100\li960\sl220\qj The general statistics window will dynamically add new entries as packets from newly-created interfaces (e.g. new PPP interfaces) are intercepted. Long lists can be scrolled with the Up, Down, PgUp, and PgDn keys.\hyphpar0\par\pard\sb100\li960\sl220\qj This monitor is affected by IPTraf's {\field{\*\fldinst HYPERLINK \\l ID_FILTERS}{\fldrslt filters}} as described in Chapter 7.\hyphpar0\par\pard\sb100\li960\sl220\qj Copies of the statistics are written to the log file \fs18\f3 iface_stats_general.log\fs20\f1 at regular intervals if logging is enabled. See the \i Logging\i0 option int the {\field{\*\fldinst HYPERLINK \\l ID_CONFIG}{\fldrslt Configuration}} chapter.\hyphpar0\par\pard\sb100\li960\sl220\qj This facility can be started directly from the command line with the \b -g\b0 option to the \b iptraf\b0 command. When started from the command line, the log filename and log interval can be specified with the \fs18\f3 -L\fs20\f1 and \fs18\f3 -I\fs20\f1 parameters respectively. See the {\field{\*\fldinst HYPERLINK \\l ID_CMDLINE}{\fldrslt Command-line Parameters}} section above for more information.\hyphpar0\par\pard\sb200\li960{\field\flddirty{\*\fldinst INCLUDEPICTURE "iptraf-gstat1.eps" }{\fldrslt }}\keepn\par\pard\sb200\li960\sl220\qj \b\lang1024 Figure 4-1. The general interface statistics screen\hyphpar0\par\pard\sb200\li960\sl220\qj \b0\lang1033 You can press X or Q to return to the main menu. \hyphpar0\par\pard\sb200\s2\sl293 {\*\bkmkstart ID_DETSTATS}{\*\bkmkend ID_DETSTATS}\b\fs26\lang1024\f2 Detailed Interface Statistics\keepn\hyphpar0\par\pard\sb133\li960\sl220\qj \b0\fs20\lang1033\f1 The third menu option displays packet statistics for any selected interface. It provides basically the same information as the \i General interface statistics\i0 option, with additional details. This facility provides the following information:\hyphpar0\par\pard\sb100\li1160\sl220\fi-200\qj \tx1160 \fs16\lang1024 \'95\tab \fs20 Total packet and byte counts\hyphpar0\par\pard\li1160\sl220\fi-200\qj \tx1160 \fs16 \'95\tab \fs20 IP packet and byte counts\hyphpar0\par\pard\li1160\sl220\fi-200\qj \tx1160 \fs16 \'95\tab \fs20 TCP packet and byte counts\hyphpar0\par\pard\li1160\sl220\fi-200\qj \tx1160 \fs16 \'95\tab \fs20 UDP packet and byte count\hyphpar0\par\pard\li1160\sl220\fi-200\qj \tx1160 \fs16 \'95\tab \fs20 ICMP packet and byte counts\hyphpar0\par\pard\li1160\sl220\fi-200\qj \tx1160 \fs16 \'95\tab \fs20 Other IP-type packet and byte counts\hyphpar0\par\pard\li1160\sl220\fi-200\qj \tx1160 \fs16 \'95\tab \fs20 Non-IP packet and byte counts\hyphpar0\par\pard\li1160\sl220\fi-200\qj \tx1160 \fs16 \'95\tab \fs20 Checksum error count\hyphpar0\par\pard\li1160\sl220\fi-200\qj \tx1160 \fs16 \'95\tab \fs20 Interface activity\hyphpar0\par\pard\li1160\sl220\fi-200\qj \tx1160 \fs16 \'95\tab \fs20 Broadcast packet and byte counts\hyphpar0\par\pard\sb100\li960\sl220\qj \lang1033 All IP byte counts (IP, TCP, UDP, ICMP, other IP) include IP header data and payload. The data link header is not included. The full frame length (including data-link header) is included in the non-IP and Total byte count. All data-link headers are also included in the Total byte counts.\hyphpar0\par\pard\sb200\li960{\field\flddirty{\*\fldinst INCLUDEPICTURE "iptraf-dstat1.eps" }{\fldrslt }}\keepn\par\pard\sb200\li960\sl220\qj \b\lang1024 Figure 4-2. The detailed interface statistics screen\hyphpar0\par\pard\sb200\li960\sl220\qj \b0\lang1033 The upper portion of the screen contains the packet and byte counts for all IP and non-IP packets intercepted on the interface. The lower portion contains the total, incoming, and outgoing interface data rates.\hyphpar0\par\pard\sb100\li960\sl220\qj This facility also displays incoming and outgoing counts and data rates. The packet size breakdown in versions prior to 2.0.0 has been moved to its own facility under \i Statistical breakdowns.../By packet size\i0 as described in {\field{\*\fldinst HYPERLINK \\l ID_PKTSIZE}{\fldrslt Chapter 5}}.\hyphpar0\par\pard\sb100\li960\sl220\qj An outgoing packet is one that exits your interface, regardless of whether it originated from your machine or came from another machine and was routed through yours. An incoming packet is one that enters your interface, either addressed to you directly, broadcast, multicast, or captured promiscuously.\hyphpar0\par\pard\sb100\li960\sl220\qj The rate indicators can be set to display kbits/s or kbytes/s with the \i Activity mode\i0 configuration option.\hyphpar0\par\pard\sb200\li1360\sl198\qj \b\fs18\lang1024\f2 Note: \b0\f4 Buffering and some other factors may affect the data rates, notably the outgoing rate, causing it to reflect a higher figure than the actual rate at which the interface is sending.\hyphpar0\par\pard\sb200\li960\sl220\qj \fs20\lang1033\f1 The figures are logged at regular intervals if logging is enabled. The default log file name at the prompt is \fs18\f3 iface_stats_detailed-\i iface\i0 .log\fs20\f1 where iface is the selected interface for this session (for example, \fs18\f3 iface_stats_detailed-eth0.log\fs20\f1 ).\hyphpar0\par\pard\sb100\li960\sl220\qj If you wish to start this facility directly from the command line, you can specify the \fs18\f3 -d\fs20\f1 parameter and an interface to monitor. For example,\hyphpar0\par\pard\sb200\li960\sl198\qj \fs18\lang1024\f3 iptraf -d eth0\hyphpar0\par\pard\sb200\li960\sl220\qj \fs20\lang1033\f1 starts the statistics for \fs18\f3 eth0\fs20\f1 . The interface must be specified, or IPTraf will not start the facility.\hyphpar0\par\pard\sb100\li960\sl220\qj When started from the command line, the log filename and log interval can be specified with the \fs18\f3 -L\fs20\f1 and \fs18\f3 -I\fs20\f1 parameters respectively. See the {\field{\*\fldinst HYPERLINK \\l ID_CMDLINE}{\fldrslt Command-line Parameters}} section above for more information.\hyphpar0\par\pard\sb200\li1360\sl198\qj \b\fs18\lang1024\f2 Note: \b0\f4 In both the general and detailed statistics screens, as well as in the IP traffic monitor, the packet counts are for actual network packets (layer 2), not the logical IP packets (layer 3) that may be reconstructed after fragmentation. That means, if a packet was fragmented into four pieces, and these four fragments pass over your interface, the packet counts will indicate four separate packets.\hyphpar0\par\pard\sb200\li960\sl220\qj \fs20\lang1033\f1 The figure for the IP checksum errors is a packet count only, because the corrupted IP header cannot be relied upon to give a correct IP packet length value.\hyphpar0\par\pard\sb100\li960\sl220\qj This facility's output is also affected by IPTraf's {\field{\*\fldinst HYPERLINK \\l ID_FILTERS}{\fldrslt filters}}. See Chapter 7 for more information on filters.\hyphpar0\par\pard\sb100\li960\sl220\qj Pressing X or Q takes you back to the main menu (if this facility was started with the command-line option, X or Q drops you back to the shell).\hyphpar0\par\sect\sectd\plain\pgwsxn12240\pghsxn15840\marglsxn1920\margrsxn1920\margtsxn960\margbsxn480\headery0\footery0\pgndec\titlepg{\headerf\pard\sl-240\sb770\sa-50\plain\tqc\tx4200\tqr\tx8400 {}\tab {}\tab {}\par}{\footerf\pard\sl-240\sb-670\sa910\plain\tqc\tx4200\tqr\tx8400 {}\tab {}\tab {\i\fs20\f1 \chpgn }\par}{\headerl\pard\sl-240\sb770\sa-50\plain\tqc\tx4200\tqr\tx8400 {\i\fs20\f1 Chapter 5. Statistical Breakdowns}\tab {}\tab {}\par}{\footerl\pard\sl-240\sb-670\sa910\plain\tqc\tx4200\tqr\tx8400 {\i\fs20\f1 \chpgn }\tab {}\tab {}\par}{\headerr\pard\sl-240\sb770\sa-50\plain\tqc\tx4200\tqr\tx8400 {}\tab {}\tab {\i\fs20\f1 Chapter 5. Statistical Breakdowns}\par}{\footerr\pard\sl-240\sb-670\sa910\plain\tqc\tx4200\tqr\tx8400 {}\tab {}\tab {\i\fs20\f1 \chpgn }\par}\pard\sb220\s1\sl322 {\*\bkmkstart ID_STATBREAKDOWNS}{\*\bkmkend ID_STATBREAKDOWNS}\b\fs29\f2 Chapter 5. Statistical Breakdowns\keepn\hyphpar0\par\pard\sb146\li960\sl220\qj \b0\fs20\lang1033\f1 Statistical breakdowns contain two facilities that break down traffic counts by either packet size or TCP/UDP port.\hyphpar0\par\pard\sb200\s2\sl293 {\*\bkmkstart ID_PKTSIZE}{\*\bkmkend ID_PKTSIZE}\b\fs26\lang1024\f2 Packet Sizes\keepn\hyphpar0\par\pard\sb133\li960\sl220\qj \b0\fs20\lang1033\f1 The packet size breakdown facility used to be incorporated into the detailed interface statistics. It has since been moved to its own facility. It is entered by selecting \i Statistical Breakdowns/By packet size\i0 .\hyphpar0\par\pard\sb100\li960\sl220\qj The packet size breakdown takes the interface's Maximum Transmission Unit (MTU) size and divides it into 20 brackets, each bracket containing a range of sizes. As a packet is captured, its size is determined and the appropriate bracket is incremented.\hyphpar0\par\pard\sb100\li960\sl220\qj This facility provides an idea as to the packet sizes passing over your network, and can aid in network (re)design decisions.\hyphpar0\par\pard\sb200\li960{\field\flddirty{\*\fldinst INCLUDEPICTURE "iptraf-pktsize.eps" }{\fldrslt }}\keepn\par\pard\sb200\li960\sl220\qj \b\lang1024 Figure 5-1. The packet size statistical breakdown\hyphpar0\par\pard\sb200\li960\sl220\qj \b0\lang1033 If logging is enabled, copies of the statistics are written at regular intervals to a log file. The default log file name is \fs18\f3 packet_size-\i iface\i0 .log\fs20\f1 where \i\f3 iface\i0\f1 is the selected interface for this session (for example, \fs18\f3 packet_size-eth0.log\fs20\f1 ).\hyphpar0\par\pard\sb100\li960\sl220\qj IPTraf's filters do not affect this facility.\hyphpar0\par\pard\sb100\li960\sl220\qj The packet size breakdown can also be invoked straight from the command line by specifying the \fs18\f3 -z\fs20\f1 iface parameter. The interface parameter is required. For example, this command runs the facility on interface \fs18\f3 eth0\fs20\f1 .\hyphpar0\par\pard\sb200\li960\sl198\qj \fs18\lang1024\f3 iptraf -z eth0\hyphpar0\par\pard\sb200\li960\sl220\qj \fs20\lang1033\f1 When started from the command line, the log filename and log interval can be specified with the \fs18\f3 -L\fs20\f1 and \fs18\f3 -I\fs20\f1 parameters respectively. See the {\field{\*\fldinst HYPERLINK \\l ID_CMDLINE}{\fldrslt Command-line Parameters}} section above for more information.\hyphpar0\par\pard\sb100\li960\sl220\qj To exit, press X or Ctrl+X.\hyphpar0\par\pard\sb200\s2\sl293 {\*\bkmkstart ID_SERVMON}{\*\bkmkend ID_SERVMON}\b\fs26\lang1024\f2 TCP and UDP Traffic Statistics\keepn\hyphpar0\par\pard\sb133\li960\sl220\qj \b0\fs20\lang1033\f1 IPTraf also includes a facility that generates statistics on TCP and UDP traffic. This facility displays counts of all TCP and UDP packets with source or destination ports numbered less than 1024. Ports 1 to 1023 are reserved for the TCP/IP application protocols (well-known ports).\hyphpar0\par\pard\sb200\li960{\field\flddirty{\*\fldinst INCLUDEPICTURE "iptraf-tcpudp.eps" }{\fldrslt }}\keepn\par\pard\sb200\li960\sl220\qj \b\lang1024 Figure 5-2. The TCP/UDP service monitor\hyphpar0\par\pard\sb200\li960\sl220\qj \b0\lang1033 The statistics window indicates the protocol (TCP or UDP), the port number, the total packets and bytes counted for this particular protocol/port combination, the packets and bytes destined for that protocol and port, and the packets and bytes coming from that protocol and port.\hyphpar0\par\pard\sb100\li960\sl220\qj Byte counts include the IP header and payload only. The data link header is not included.\hyphpar0\par\pard\sb100\li960\sl220\qj The protocol/port indicators are color-coded for easier identification on color terminals. TCP indicators are in yellow, UDP in bright green.\hyphpar0\par\pard\sb100\li960\sl220\qj Some network applications or protocols may use port numbers higher than 1023. Examples of these include application proxy servers (HTTP proxy servers typically use values like 8000, 8080, 8888, and the like), and IRC (IRC servers commonly accept connections on ports 6660 to 6669). These ports are by default not included in the counts. If you do want to include a higher-numbered port in the statistics, you can add them yourself from the {\field{\*\fldinst HYPERLINK \\l ID_CONFIG}{\fldrslt \i Configure...}}\i /Additional ports...\i0 menu item. See the section below.\hyphpar0\par\pard\sb100\li960\sl220\qj If logging is enabled, The statistics are also written to a log file (the default name is \fs18\f3 tcp_udp_services-\i iface\i0 .log\fs20\f1 , where iface is the selected interface (for example, \fs18\f3 tcp_udp_services-eth0.log\fs20\f1 ).\hyphpar0\par\pard\sb100\li960\sl220\qj IPTraf computes the total, incoming, outgoing, and data rates of the protocol currently indicated by the facility's highlight bar. The data rates are indicated at the bottom of the screen. If logging is enabled, the average data rates since the start of the facility are placed in the log file.\hyphpar0\par\pard\sb100\li960\sl220\qj The Up and Down cursor keys move the highlight bar. Pressing X or Ctrl+X exits and returns to the main menu (or the shell if it was started from the command line).\hyphpar0\par\pard\sb200\s3\sl266 {\*\bkmkstart _1222}{\*\bkmkend _1222}\b\fs24\lang1024\f2 Sorting TCP/UDP Entries\keepn\hyphpar0\par\pard\sb121\li960\sl220\qj \b0\fs20\lang1033\f1 Pressing the S key brings up a window which allows you to select the field by which the entries will be sorted. You can press R to sort by port, P to sort by total packets, B to sort by total bytes, T to sort by incoming packets (packets to), O to sort by incoming bytes (bytes to), F to sort by outgoing packets (packets from) and M to sort by outgoing bytes (bytes from). Pressing any other key cancels the sort.\hyphpar0\par\pard\sb100\li960\sl220\qj Port numbers are sorted in ascending order (least first) but statistics are sorted in descending order (largest counts first).\hyphpar0\par\pard\sb100\li960\sl220\qj As with the IP traffic monitor, sorting is performed only with this sequence. Automatic sorting is not performed so as not to affect performance.\hyphpar0\par\pard\sb200\li960{\field\flddirty{\*\fldinst INCLUDEPICTURE "iptraf-tcpudpsort.eps" }{\fldrslt }}\keepn\par\pard\sb200\li960\sl220\qj \b\lang1024 Figure 5-3. The TCP/UDP monitor's sort criteria\hyphpar0\par\pard\sb200\s3\sl266 {\*\bkmkstart _1230}{\*\bkmkend _1230}\fs24\f2 Additional Information\keepn\hyphpar0\par\pard\sb121\li960\sl220\qj \b0\fs20\lang1033\f1 IPTraf's filters affect the output of this facility. See Chapter 7, {\field{\*\fldinst HYPERLINK \\l ID_FILTERS}{\fldrslt Filters}} for more information about filters.\hyphpar0\par\pard\sb100\li960\sl220\qj If you wish to start this facility from the command line, you can use the \fs18\f3 -s\fs20\f1 option followed by an interface to monitor. For example,\hyphpar0\par\pard\sb200\li960\sl198\qj \fs18\lang1024\f3 iptraf -s eth0\hyphpar0\par\pard\sb200\li960\sl220\qj \fs20\lang1033\f1 brings up this module for traffic on \fs18\f3 eth0\fs20\f1 . The interface must be specified, or IPTraf will drop back to the shell.\hyphpar0\par\pard\sb100\li960\sl220\qj When started from the command line, the log filename and log interval can be specified with the \fs18\f3 -L\fs20\f1 and \fs18\f3 -I\fs20\f1 parameters respectively. See the {\field{\*\fldinst HYPERLINK \\l ID_CMDLINE}{\fldrslt Command-line Parameters}} section above for more information.\hyphpar0\par\sect\sectd\plain\pgwsxn12240\pghsxn15840\marglsxn1920\margrsxn1920\margtsxn960\margbsxn480\headery0\footery0\pgndec\titlepg{\headerf\pard\sl-240\sb770\sa-50\plain\tqc\tx4200\tqr\tx8400 {}\tab {}\tab {}\par}{\footerf\pard\sl-240\sb-670\sa910\plain\tqc\tx4200\tqr\tx8400 {}\tab {}\tab {\i\fs20\f1 \chpgn }\par}{\headerl\pard\sl-240\sb770\sa-50\plain\tqc\tx4200\tqr\tx8400 {\i\fs20\f1 Chapter 6. LAN Station Statistics}\tab {}\tab {}\par}{\footerl\pard\sl-240\sb-670\sa910\plain\tqc\tx4200\tqr\tx8400 {\i\fs20\f1 \chpgn }\tab {}\tab {}\par}{\headerr\pard\sl-240\sb770\sa-50\plain\tqc\tx4200\tqr\tx8400 {}\tab {}\tab {\i\fs20\f1 Chapter 6. LAN Station Statistics}\par}{\footerr\pard\sl-240\sb-670\sa910\plain\tqc\tx4200\tqr\tx8400 {}\tab {}\tab {\i\fs20\f1 \chpgn }\par}\pard\sb220\s1\sl322 {\*\bkmkstart ID_HOSTMON}{\*\bkmkend ID_HOSTMON}\b\fs29\f2 Chapter 6. LAN Station Statistics\keepn\hyphpar0\par\pard\sb146\li960\sl220\qj \b0\fs20\lang1033\f1 The LAN station monitor (Ethernet station monitor on versions prior to 1.3.0) discovers MAC addresses and displays statistics on the number of incoming, and outgoing packets. It also includes figures for incoming and outgoing kilobits per second for each discovered station.\hyphpar0\par\pard\sb100\li960\sl220\qj The entry above each line of statistics is the station's LAN type (Ethernet, PLIP, Token Ring, or FDDI) and the hardware MAC address. Each statistics line consists of the following information:\hyphpar0\par\pard\sb100\li1160\sl220\fi-200\qj \tx1160 \fs16\lang1024 \'95\tab \fs20 Total packets incoming\hyphpar0\par\pard\li1160\sl220\fi-200\qj \tx1160 \fs16 \'95\tab \fs20 IP packets incoming\hyphpar0\par\pard\li1160\sl220\fi-200\qj \tx1160 \fs16 \'95\tab \fs20 Total bytes incoming\hyphpar0\par\pard\li1160\sl220\fi-200\qj \tx1160 \fs16 \'95\tab \fs20 Incoming rate\hyphpar0\par\pard\li1160\sl220\fi-200\qj \tx1160 \fs16 \'95\tab \fs20 Total packets outgoing\hyphpar0\par\pard\li1160\sl220\fi-200\qj \tx1160 \fs16 \'95\tab \fs20 IP packets outgoing\hyphpar0\par\pard\li1160\sl220\fi-200\qj \tx1160 \fs16 \'95\tab \fs20 Total bytes outgoing\hyphpar0\par\pard\li1160\sl220\fi-200\qj \tx1160 \fs16 \'95\tab \fs20 Outgoing rate\hyphpar0\par\pard\sb100\li960\sl220\qj \lang1033 The byte counts include the data link header. The activity indicators can be set to display kbits/s or kbytes/s with the \i Activity mode\i0 configuration option.\hyphpar0\par\pard\sb100\li960\sl220\qj This facility works only for Ethernet, PLIP, Token Ring, and FDDI frames. Loopback. ISDN, and SLIP/PPP networks are not monitored here.\hyphpar0\par\pard\sb200\li960{\field\flddirty{\*\fldinst INCLUDEPICTURE "iptraf-hw.eps" }{\fldrslt }}\keepn\par\pard\sb200\li960\sl220\qj \b\lang1024 Figure 6-1. The LAN station monitor\hyphpar0\par\pard\sb200\li960\sl220\qj \b0\lang1033 Copies of the statistics are written to a log file at regular intervals if logging is enabled. The default log file name is \fs18\f3 lan_statistics-\i n\i0 .log\fs20\f1 , where n is the instance number of this facility (for example, if this is the first instance, the generated default log file name is \fs18\f3 lan_statistics-1.log\fs20\f1 ).\hyphpar0\par\pard\sb200\s2\sl293 {\*\bkmkstart ID_SORTINGLAN}{\*\bkmkend ID_SORTINGLAN}\b\fs26\lang1024\f2 Sorting the LAN Station Monitor Entries\keepn\hyphpar0\par\pard\sb133\li960\sl220\qj \b0\fs20\lang1033\f1 Press S to sort the entries. A box will pop up and display the keys you can press to select the field by which the entries will be sorted. Press P to sort by total incoming packets, I to sort by incoming IP packets, B to sort by total incoming bytes, K to sort by total outgoing packets, O to sort by outgoing IP packets, and Y to sort by total outgoing bytes. Pressing any other key cancels the sort.\hyphpar0\par\pard\sb200\li960{\field\flddirty{\*\fldinst INCLUDEPICTURE "iptraf-hwsort.eps" }{\fldrslt }}\keepn\par\pard\sb200\li960\sl220\qj \b\lang1024 Figure 6-2. The LAN station monitor's sort criteria\hyphpar0\par\pard\sb200\li960\sl220\qj \b0\lang1033 When started from the command line, the log filename and log interval can be specified with the \fs18\f3 -L\fs20\f1 and \fs18\f3 -I\fs20\f1 parameters respectively. See the {\field{\*\fldinst HYPERLINK \\l ID_CMDLINE}{\fldrslt Command-line Parameters}} section above for more information.\hyphpar0\par\pard\sb200\s2\sl293 {\*\bkmkstart ID_MORELANMONINFO}{\*\bkmkend ID_MORELANMONINFO}\b\fs26\lang1024\f2 Additional Information\keepn\hyphpar0\par\pard\sb133\li960\sl220\qj \b0\fs20\lang1033\f1 The window can be scrolled with the Up and Down cursor keys. Press X or Q to return to the main menu (or the shell if this facility was started with the \fs18\f3 -l\fs20\f1 command-line option).\hyphpar0\par\pard\sb100\li960\sl220\qj The output of this facility is affected by any applied IPTraf filter.\hyphpar0\par\sect\sectd\plain\pgwsxn12240\pghsxn15840\marglsxn1920\margrsxn1920\margtsxn960\margbsxn480\headery0\footery0\pgndec\titlepg{\headerf\pard\sl-240\sb770\sa-50\plain\tqc\tx4200\tqr\tx8400 {}\tab {}\tab {}\par}{\footerf\pard\sl-240\sb-670\sa910\plain\tqc\tx4200\tqr\tx8400 {}\tab {}\tab {\i\fs20\f1 \chpgn }\par}{\headerl\pard\sl-240\sb770\sa-50\plain\tqc\tx4200\tqr\tx8400 {\i\fs20\f1 Chapter 7. Filters}\tab {}\tab {}\par}{\footerl\pard\sl-240\sb-670\sa910\plain\tqc\tx4200\tqr\tx8400 {\i\fs20\f1 \chpgn }\tab {}\tab {}\par}{\headerr\pard\sl-240\sb770\sa-50\plain\tqc\tx4200\tqr\tx8400 {}\tab {}\tab {\i\fs20\f1 Chapter 7. Filters}\par}{\footerr\pard\sl-240\sb-670\sa910\plain\tqc\tx4200\tqr\tx8400 {}\tab {}\tab {\i\fs20\f1 \chpgn }\par}\pard\sb220\s1\sl322 {\*\bkmkstart ID_FILTERS}{\*\bkmkend ID_FILTERS}\b\fs29\f2 Chapter 7. Filters\keepn\hyphpar0\par\pard\sb146\li960\sl220\qj \b0\fs20\lang1033\f1 Filters are used to control the information displayed by all facilities. You may want to view statistics only on particular traffic so you must restrict the information displayed. The filters also apply to logging activity.\hyphpar0\par\pard\sb100\li960\sl220\qj The IPTraf filter management system is accessible through the \i Filters...\i0 submenu.\hyphpar0\par\pard\sb200\li960{\field\flddirty{\*\fldinst INCLUDEPICTURE "iptraf-filtermenu.eps" }{\fldrslt }}\keepn\par\pard\sb200\li960\sl220\qj \b\lang1024 Figure 7-1. The Filters submenu\hyphpar0\par\pard\sb200\s2\sl293 {\*\bkmkstart ID_IPFILTERS}{\*\bkmkend ID_IPFILTERS}\fs26\f2 IP Filters\keepn\hyphpar0\par\pard\sb133\li960\sl220\qj \b0\fs20\lang1033\f1 The \i Filters/IP...\i0 menu option allows you to define a set of rules that determine what IP traffic to pass to the monitors. Selecting this option pops up another menu with the tasks used to define and apply custom IP filters.\hyphpar0\par\pard\sb200\li960{\field\flddirty{\*\fldinst INCLUDEPICTURE "iptraf-ipfltmenu.eps" }{\fldrslt }}\keepn\par\pard\sb200\li960\sl220\qj \b\lang1024 Figure 7-2. The IP filter menu\hyphpar0\par\pard\sb200\s3\sl266 {\*\bkmkstart _1304}{\*\bkmkend _1304}\fs24\f2 Defining a New Filter\keepn\hyphpar0\par\pard\sb121\li960\sl220\qj \b0\fs20\lang1033\f1 A freshly installed program will have no filters defined, so before anything else, you will have to define a filter. You can do this by selecting the \i Define new filter...\i0 option.\hyphpar0\par\pard\sb100\li960\sl220\qj Selecting this option displays a box asking you to enter a short description of the filter you are going to define. Just enter any text that clearly identifies the nature of the filter.\hyphpar0\par\pard\sb200\li960{\field\flddirty{\*\fldinst INCLUDEPICTURE "iptraf-ipfltnamedlg.eps" }{\fldrslt }}\keepn\par\pard\sb200\li960\sl220\qj \b\lang1024 Figure 7-3. The IP filter name dialog\hyphpar0\par\pard\sb200\li960\sl220\qj \b0\lang1033 Press Enter when you're done with that box. As an alternative, you can also press Ctrl+X to cancel the operation.\hyphpar0\par\pard\sb200\s4\li960\sl242 \b\fs22\lang1024\f2 The Filter Rule Selection Screen\keepn\hyphpar0\par\pard\sb110\li960\sl220\qj \b0\fs20\lang1033\f1 After you enter the filter's description, you will be taken to a blank rule selection box. At this screen you manage the various rules you define for this filter. You can opt to insert, append, edit, or delete rules.\hyphpar0\par\pard\sb200\li960{\field\flddirty{\*\fldinst INCLUDEPICTURE "iptraf-ipfltlist.eps" }{\fldrslt }}\keepn\par\pard\sb200\li960\sl220\qj \b\lang1024 Figure 7-4. The filter rule selection screen. Selecting an entry displays that set for editing\hyphpar0\par\pard\sb200\li960\sl220\qj \b0\lang1033 Any rules defined will appear here. You will see the source and destination addresses, masks and ports (long addresses and masks may be truncated) and whether this rule includes or excludes matching packets.\hyphpar0\par\pard\sb100\li960\sl220\qj Between the source and destination parameters is an arrow that indicates whether the rule matches packets (single-headed) only exactly or whether it matches packets flowing in the opposite direction (double-headed).\hyphpar0\par\pard\sb100\li960\sl220\qj At this screen, press I to insert at the current position of the selection bar, A to append a rule to the end of the list, Enter to edit the highlighted rule and D to delete the selected rule. With an empty list, A or I can be used to add the first rule.\hyphpar0\par\pard\sb100\li960\sl220\qj To add the first rule, press A or I. You will then be presented with a dialog box that allows you to enter the rule's parameters.\hyphpar0\par\pard\sb200\s4\li960\sl242 \b\fs22\lang1024\f2 Entering Filter Rules\keepn\hyphpar0\par\pard\sb110\li960\sl220\qj \b0\fs20\lang1033\f1 You can enter addresses of individual hosts, networks, or a catch-all address. The nature of the address will be determined by the wildcard mask.\hyphpar0\par\pard\sb100\li960\sl220\qj You'll notice two sets of fields, marked \fs18\f3 Source\fs20\f1 and \fs18\f3 Destination\fs20\f1 . You fill these out with the information about your source and targets.\hyphpar0\par\pard\sb100\li960\sl220\qj Fill out the host name or IP address of the hosts or networks in the first field marked \fs18\f3 Host name/IP Address\fs20\f1 . Enter it in standard dotted-decimal notation. When done, press Tab to move to the \fs18\f3 Wildcard mask\fs20\f1 field. The wildcard mask is similar but not exactly identical to the standard IP subnet mask. The wildcard mask is used to determine which bits to ignore when processing the filter. In most cases, it will work very closely like a subnet mask. Place ones (1) under the bits you want the filter to recognize, and keep zeros (0) under the bits you want the filter to ignore. For example:\hyphpar0\par\pard\sb100\li960\sl220\qj To recognize the host 207.0.115.44\sa200\par\trowd\trleft960 \clvertalt\cellx4680\clvertalt\cellx8400 \plain \pard\intbl\sb60\li40\ri100\sl220 \fs20\f1 IP address\sa60\cell \plain \pard\intbl\sb60\li40\ri100\sl220 \fs18\f3 207.0.115.44\sa60\cell \row \trowd\trleft960 \clvertalt\cellx4680\clvertalt\cellx8400 \plain \pard\intbl\sb60\li40\ri100\sl220 \fs20\f1 Wildcard mask\sa60\cell \plain \pard\intbl\sb60\li40\ri100\sl220 \fs18\f3 255.255.255.255\sa60\cell \row \pard\plain\sl-1\hyphpar0\par\pard\sb200\li960\sl220\qj \fs20\lang1033\f1 To recognize all hosts belonging to network 202.47.132.\i\f3 x\sa200\par\trowd\trleft960 \clvertalt\cellx4680\clvertalt\cellx8400 \plain \pard\intbl\sb60\li40\ri100\sl220 \fs20\f1 IP address\sa60\cell \plain \pard\intbl\sb60\li40\ri100\sl220 \fs18\f3 202.47.132.0\sa60\cell \row \trowd\trleft960 \clvertalt\cellx4680\clvertalt\cellx8400 \plain \pard\intbl\sb60\li40\ri100\sl220 \fs20\f1 Wildcard mask\sa60\cell \plain \pard\intbl\sb60\li40\ri100\sl220 \fs18\f3 255.255.255.0\sa60\cell \row \pard\plain\sl-1\hyphpar0\par\pard\sb200\li960\sl220\qj \fs20\lang1033\f1 To recognize all hosts with any address:\sa200\par\trowd\trleft960 \clvertalt\cellx4680\clvertalt\cellx8400 \plain \pard\intbl\sb60\li40\ri100\sl220 \fs20\f1 IP address\sa60\cell \plain \pard\intbl\sb60\li40\ri100\sl220 \fs18\f3 0.0.0.0\sa60\cell \row \trowd\trleft960 \clvertalt\cellx4680\clvertalt\cellx8400 \plain \pard\intbl\sb60\li40\ri100\sl220 \fs20\f1 Wildcard mask\sa60\cell \plain \pard\intbl\sb60\li40\ri100\sl220 \fs18\f3 0.0.0.0\sa60\cell \row \pard\plain\sl-1\hyphpar0\par\pard\sb200\li960\sl220\qj \fs20\lang1033\f1 The IP address/wildcard mask mechanism of the display filter doesn't recognize IP address class. It uses a simple bit- pattern matching algorithm.\hyphpar0\par\pard\sb100\li960\sl220\qj The wildcard mask also does not have to end on a byte boundary; you may mask right into a byte itself. For example, 255.255.255.224 masks 27 bits (255 is 11111111, 224 is 11100000 in binary).\hyphpar0\par\pard\sb100\li960\sl220\qj IPTraf also accepts host names in place of the IP addresses. IPTraf will resolve the host name when the filter is loaded. When the filter is interpreted, the wildcard mask will also be applied. This can be useful in cases where a single host name may resolve to several IP addresses.\hyphpar0\par\pard\sb200\li1360\sl198\qj \b\fs18\lang1024\f2 Tip: \b0\f4 See the \i Linux Network Administrator's Guide\i0 if you need more information on IP addresses and subnet masking.\hyphpar0\par\pard\sb200\li1360\sl198\qj \b\f2 Tip: \b0\f4 IPTraf allows you to specify the wildcard mask in Classless Interdomain Routing (CIDR) format. This format allows you to specify the number of 1-bits that mask the address. CIDR notation is the form \i\fs16\f3 address/bits\i0\fs18\f4 where the \i\fs16\f3 address\i0\fs18\f4 is the IP address or host name and \i\fs16\f3 bits\i0\fs18\f4 is the number of 1-bits in the mask. For example, if you want to mask 10.1.1.0 with \fs16\f3 255.255.255.0\fs18\f4 , note that \fs16\f3 255.255.255.0\fs18\f4 has 24 1-bits, so instead of specifying \fs16\f3 255.255.255.0\fs18\f4 in the wildcard mask field, you can just enter \fs16\f3 10.1.1.0/24\fs18\f4 in the address field. IPTraf will translate the mask bits into an appropriate wildcard mask and fill in the mask field the next time you edit the filter rule.\hyphpar0\par\pard\sb100\li1360\sl198\qj If you specify the mask in CIDR notation, leave the wildcard mask fields blank. If you fill them up, the wildcard mask fields will take precedence.\hyphpar0\par\pard\sb200\li960\sl220\qj \fs20\lang1033\f1 The \fs18\f3 Port\fs20\f1 fields should contain a port number or range of any TCP or UDP service you may be interested in. If you want to match only a single port number, fill in the first field, while leaving the second blank or set to zero. Fill in the second field if you want to match a range of ports (e.g. 80 to 90). Leave the first field blank or set to zero to let the filter ignore the ports altogether. You will most likely be interested in target ports rather than source ports (which are usually unpredictable anyway, perhaps with the exception of FTP data).\hyphpar0\par\pard\sb100\li960\sl220\qj Non-TCP and non-UDP packets are not affected by these fields, and these are used only when filtering TCP or UDP packets.\hyphpar0\par\pard\sb100\li960\sl220\qj Fill out the second set of fields with the parameters of the opposite end of the connection.\hyphpar0\par\pard\sb200\li1360\sl198\qj \b\fs18\lang1024\f2 Tip: \b0\f4 Any address or mask fields left blank default to 0.0.0.0 while blank \fs16\f3 Port\fs18\f4 fields default to 0. This makes it easy to define filter rules if you're interested only in either the source or destination, but not the other. For example, you may be interested in traffic originating from network 61.9.88.0, in which case you just enter the source address, mask and port in the \fs16\f3 Source\fs18\f4 fields, while leaving the \fs16\f3 Destination\fs18\f4 fields blank.\hyphpar0\par\pard\sb200\li960\sl220\qj \fs20\lang1033\f1 The next fields let you specify which IP-type protocols you want matched by this filter rule. Any packet whose protocol's corresponding field is marked with a \fs18\f3 Y\fs20\f1 is matched against the filter's defined IP addresses and ports, otherwise they don't pass through this filter rule.\hyphpar0\par\pard\sb100\li960\sl220\qj If you want to evaluate all IP packets just mark with \fs18\f3 Y\fs20\f1 the \fs18\f3 All IP\fs20\f1 field.\hyphpar0\par\pard\sb100\li960\sl220\qj For example, if you want to see only all TCP traffic, mark the \fs18\f3 TCP\fs20\f1 field with \fs18\f3 Y\fs20\f1 .\hyphpar0\par\pard\sb100\li960\sl220\qj The long field marked \fs18\f3 Additional protocols\fs20\f1 allows you to specify other protocols by their IANA number. (You can view the common IP protocol number in the \fs18\f3 /etc/protocols\fs20\f1 file). You can specify a list of protocol numbers or ranges separated by commas, Ranges have the beginning and ending protocol numbers separated with a hyphen.\hyphpar0\par\pard\sb100\li960\sl220\qj For example, to see the RSVP (46), IP mobile (55), and protocols (101 to 104), you use an entry that looks like this:\hyphpar0\par\pard\sb200\li960\sl198\qj \fs18\lang1024\f3 46, 55, 101-104\hyphpar0\par\pard\sb200\li960\sl220\qj \fs20\lang1033\f1 It's certainly possible to specify any of the protocols listed above in this field. Entering \fs18\f3 1-255\fs20\f1 is functionally identical to marking \fs18\f3 All IP\fs20\f1 with a \fs18\f3 Y\fs20\f1 .\hyphpar0\par\pard\sb100\li960\sl220\qj The next field is marked \fs18\f3 Include/Exclude\fs20\f1 . This field allows you to decide whether to include or filter out matching packets. Setting this field to \fs18\f3 I\fs20\f1 causes the filter to pass matching packets, while setting it to \fs18\f3 E\fs20\f1 causes the filter to drop them. This field is set to \fs18\f3 I\fs20\f1 by default.\hyphpar0\par\pard\sb100\li960\sl220\qj The last field in the dialog is labeled \fs18\f3 Match opposite\fs20\f1 . When set to \fs18\f3 Y\fs20\f1 , the filter will match packets flowing in the opposite direction. Previous versions of IPTraf used to match TCP packets flowing in either direction, so the source and destination address/mask/port combinations were actually interchangeable. Starting with IPTraf 3.0, when filters extended to more than just the IP traffic monitor, this behavior is no longer the default throughout IPTraf except in the IP traffic monitor's TCP window.\hyphpar0\par\pard\sb200\li1360\sl198\qj \b\fs18\lang1024\f2 Note: \b0\f4 For TCP packets, this field is used in all facilities except the IP traffic monitor. Because the IP traffic monitor must capture TCP packets in both directions to properly determine a closed connection, the filter automatically matches packets in the opposite direction, regardless of this field's setting. However iin all other facilities, automatic matching of the reverse packets is not performed unless you set this field to \fs16\f3 Y\fs18\f4 .\hyphpar0\par\pard\sb100\li1360\sl198\qj Filters for UDP and other IP protocols do not automatically match packets in the opposite direction unless you set the field to \fs16\f3 Y\fs18\f4 , even in the IP traffic monitor.\hyphpar0\par\pard\sb200\li960\sl220\qj \fs20\lang1033\f1 Press Enter to accept all parameters when done. The parameters will be accepted and you'll be taken back to the rule selection box. You can then add more rules by pressing A or you can insert new rules at any point by pressing I. Should you make a mistake, you can press Enter to edit the selected filter. You may enter as many sets of parameters as you wish. Press Ctrl+X when done.\hyphpar0\par\pard\sb200\li1360\sl198\qj \b\fs18\lang1024\f2 Note: \b0\f4 Because of the major changes in the filtering system since IPTraf 2.7, old filters will no longer work and will have to be redefined.\hyphpar0\par\pard\sb200\li960{\field\flddirty{\*\fldinst INCLUDEPICTURE "iptraf-ipfltdlg.eps" }{\fldrslt }}\keepn\par\pard\sb200\li960\sl220\qj \b\fs20\f1 Figure 7-5. The IP filter parameters dialog\hyphpar0\par\pard\sb200\s4\li960\sl242 \fs22\f2 Examples\keepn\hyphpar0\par\pard\sb110\li960\sl220\qj \b0\fs20\lang1033\f1 To see all traffic to/from host 202.47.132.1 from/to 207.0.115.44, regardless of TCP port\sa200\par\trowd\trleft960 \clvertalt\cellx3440\clvertalt\cellx5920\clvertalt\cellx8400 \plain \pard\intbl\sb60\li40\ri100\sl220 \fs20\f1 Host name/IP Address\sa60\cell \plain \pard\intbl\sb60\li40\ri100\sl220 \fs18\f3 202.47.132.2\sa60\cell \plain \pard\intbl\sb60\li40\ri100\sl220 \fs18\f3 207.0.115.44\sa60\cell \row \trowd\trleft960 \clvertalt\cellx3440\clvertalt\cellx5920\clvertalt\cellx8400 \plain \pard\intbl\sb60\li40\ri100\sl220 \fs20\f1 Wildcard mask\sa60\cell \plain \pard\intbl\sb60\li40\ri100\sl220 \fs18\f3 255.255.255.255\sa60\cell \plain \pard\intbl\sb60\li40\ri100\sl220 \fs18\f3 255.255.255.255\sa60\cell \row \trowd\trleft960 \clvertalt\cellx3440\clvertalt\cellx5920\clvertalt\cellx8400 \plain \pard\intbl\sb60\li40\ri100\sl220 \fs20\f1 Port\sa60\cell \plain \pard\intbl\sb60\li40\ri100\sl220 \fs18\f3 0\sa60\cell \plain \pard\intbl\sb60\li40\ri100\sl220 \fs18\f3 0\sa60\cell \row \trowd\trleft960 \clvertalt\cellx3440\clvertalt\cellx5920\clvertalt\cellx8400 \plain \pard\intbl\sb60\li40\ri100\sl220 \fs20\f1 Protocols\sa60\cell \plain \pard\intbl\sb60\li40\ri100\sl220 \fs18\f3 TCP: Y\sa60\cell \plain \pard\intbl\sl-120\par\cell \row \trowd\trleft960 \clvertalt\cellx3440\clvertalt\cellx5920\clvertalt\cellx8400 \plain \pard\intbl\sb60\li40\ri100\sl220 \fs20\f1 Include/Exclude\sa60\cell \plain \pard\intbl\sb60\li40\ri100\sl220 \fs18\f3 I\sa60\cell \plain \pard\intbl\sl-120\par\cell \row \trowd\trleft960 \clvertalt\cellx3440\clvertalt\cellx5920\clvertalt\cellx8400 \plain \pard\intbl\sb60\li40\ri100\sl220 \fs20\f1 Match opposite\sa60\cell \plain \pard\intbl\sb60\li40\ri100\sl220 \fs18\f3 Y\sa60\cell \plain \pard\intbl\sl-120\par\cell \row \pard\plain\sl-1\hyphpar0\par\pard\sb200\li960\sl220\qj \fs20\lang1033\f1 To see all traffic from host 207.0.115.44 to all hosts on network 202.47.132.x\sa200\par\trowd\trleft960 \clvertalt\cellx3440\clvertalt\cellx5920\clvertalt\cellx8400 \plain \pard\intbl\sb60\li40\ri100\sl220 \fs20\f1 Host name/IP Address\sa60\cell \plain \pard\intbl\sb60\li40\ri100\sl220 \fs18\f3 207.0.115.44\sa60\cell \plain \pard\intbl\sb60\li40\ri100\sl220 \fs18\f3 202.47.132.0\sa60\cell \row \trowd\trleft960 \clvertalt\cellx3440\clvertalt\cellx5920\clvertalt\cellx8400 \plain \pard\intbl\sb60\li40\ri100\sl220 \fs20\f1 Wildcard mask\sa60\cell \plain \pard\intbl\sb60\li40\ri100\sl220 \fs18\f3 255.255.255.255\sa60\cell \plain \pard\intbl\sb60\li40\ri100\sl220 \fs18\f3 255.255.255.0\sa60\cell \row \trowd\trleft960 \clvertalt\cellx3440\clvertalt\cellx5920\clvertalt\cellx8400 \plain \pard\intbl\sb60\li40\ri100\sl220 \fs20\f1 Port\sa60\cell \plain \pard\intbl\sb60\li40\ri100\sl220 \fs18\f3 0\sa60\cell \plain \pard\intbl\sb60\li40\ri100\sl220 \fs18\f3 0\sa60\cell \row \trowd\trleft960 \clvertalt\cellx3440\clvertalt\cellx5920\clvertalt\cellx8400 \plain \pard\intbl\sb60\li40\ri100\sl220 \fs20\f1 Protocols\sa60\cell \plain \pard\intbl\sb60\li40\ri100\sl220 \fs18\f3 All IP: Y\sa60\cell \plain \pard\intbl\sl-120\par\cell \row \trowd\trleft960 \clvertalt\cellx3440\clvertalt\cellx5920\clvertalt\cellx8400 \plain \pard\intbl\sb60\li40\ri100\sl220 \fs20\f1 Include/Exclude\sa60\cell \plain \pard\intbl\sb60\li40\ri100\sl220 \fs18\f3 I\sa60\cell \plain \pard\intbl\sl-120\par\cell \row \trowd\trleft960 \clvertalt\cellx3440\clvertalt\cellx5920\clvertalt\cellx8400 \plain \pard\intbl\sb60\li40\ri100\sl220 \fs20\f1 Match opposite\sa60\cell \plain \pard\intbl\sb60\li40\ri100\sl220 \fs18\f3 N\sa60\cell \plain \pard\intbl\sl-120\par\cell \row \pard\plain\sl-1\hyphpar0\par\pard\sb200\li960\sl220\qj \fs20\lang1033\f1 To see all Web traffic (to and from port 80) regardless of source or destination\sa200\par\trowd\trleft960 \clvertalt\cellx3440\clvertalt\cellx5920\clvertalt\cellx8400 \plain \pard\intbl\sb60\li40\ri100\sl220 \fs20\f1 Host name/IP Address\sa60\cell \plain \pard\intbl\sb60\li40\ri100\sl220 \fs18\f3 0.0.0.0\sa60\cell \plain \pard\intbl\sb60\li40\ri100\sl220 \fs18\f3 0.0.0.0\sa60\cell \row \trowd\trleft960 \clvertalt\cellx3440\clvertalt\cellx5920\clvertalt\cellx8400 \plain \pard\intbl\sb60\li40\ri100\sl220 \fs20\f1 Wildcard mask\sa60\cell \plain \pard\intbl\sb60\li40\ri100\sl220 \fs18\f3 0.0.0.0\sa60\cell \plain \pard\intbl\sb60\li40\ri100\sl220 \fs18\f3 0.0.0.0\sa60\cell \row \trowd\trleft960 \clvertalt\cellx3440\clvertalt\cellx5920\clvertalt\cellx8400 \plain \pard\intbl\sb60\li40\ri100\sl220 \fs20\f1 Port\sa60\cell \plain \pard\intbl\sb60\li40\ri100\sl220 \fs18\f3 80\sa60\cell \plain \pard\intbl\sb60\li40\ri100\sl220 \fs18\f3 0\sa60\cell \row \trowd\trleft960 \clvertalt\cellx3440\clvertalt\cellx5920\clvertalt\cellx8400 \plain \pard\intbl\sb60\li40\ri100\sl220 \fs20\f1 Protocols\sa60\cell \plain \pard\intbl\sb60\li40\ri100\sl220 \fs18\f3 TCP: Y\sa60\cell \plain \pard\intbl\sl-120\par\cell \row \trowd\trleft960 \clvertalt\cellx3440\clvertalt\cellx5920\clvertalt\cellx8400 \plain \pard\intbl\sb60\li40\ri100\sl220 \fs20\f1 Include/Exclude\sa60\cell \plain \pard\intbl\sb60\li40\ri100\sl220 \fs18\f3 I\sa60\cell \plain \pard\intbl\sl-120\par\cell \row \trowd\trleft960 \clvertalt\cellx3440\clvertalt\cellx5920\clvertalt\cellx8400 \plain \pard\intbl\sb60\li40\ri100\sl220 \fs20\f1 Match opposite\sa60\cell \plain \pard\intbl\sb60\li40\ri100\sl220 \fs18\f3 Y\sa60\cell \plain \pard\intbl\sl-120\par\cell \row \pard\plain\sl-1\hyphpar0\par\pard\sb200\li960\sl220\qj \fs20\lang1033\f1 To see all IRC traffic from port 6666 to 6669\sa200\par\trowd\trleft960 \clvertalt\cellx3440\clvertalt\cellx5920\clvertalt\cellx8400 \plain \pard\intbl\sb60\li40\ri100\sl220 \fs20\f1 Host name/IP Address\sa60\cell \plain \pard\intbl\sb60\li40\ri100\sl220 \fs18\f3 0.0.0.0\sa60\cell \plain \pard\intbl\sb60\li40\ri100\sl220 \fs18\f3 0.0.0.0\sa60\cell \row \trowd\trleft960 \clvertalt\cellx3440\clvertalt\cellx5920\clvertalt\cellx8400 \plain \pard\intbl\sb60\li40\ri100\sl220 \fs20\f1 Wildcard mask\sa60\cell \plain \pard\intbl\sb60\li40\ri100\sl220 \fs18\f3 0.0.0.0\sa60\cell \plain \pard\intbl\sb60\li40\ri100\sl220 \fs18\f3 0.0.0.0\sa60\cell \row \trowd\trleft960 \clvertalt\cellx3440\clvertalt\cellx5920\clvertalt\cellx8400 \plain \pard\intbl\sb60\li40\ri100\sl220 \fs20\f1 Port\sa60\cell \plain \pard\intbl\sb60\li40\ri100\sl220 \fs18\f3 0\sa60\cell \plain \pard\intbl\sb60\li40\ri100\sl220 \fs18\f3 6666\fs20\f1 to \fs18\f3 6669\sa60\cell \row \trowd\trleft960 \clvertalt\cellx3440\clvertalt\cellx5920\clvertalt\cellx8400 \plain \pard\intbl\sb60\li40\ri100\sl220 \fs20\f1 Protocols\sa60\cell \plain \pard\intbl\sb60\li40\ri100\sl220 \fs18\f3 TCP: Y\sa60\cell \plain \pard\intbl\sl-120\par\cell \row \trowd\trleft960 \clvertalt\cellx3440\clvertalt\cellx5920\clvertalt\cellx8400 \plain \pard\intbl\sb60\li40\ri100\sl220 \fs20\f1 Include/Exclude\sa60\cell \plain \pard\intbl\sb60\li40\ri100\sl220 \fs18\f3 I\sa60\cell \plain \pard\intbl\sl-120\par\cell \row \trowd\trleft960 \clvertalt\cellx3440\clvertalt\cellx5920\clvertalt\cellx8400 \plain \pard\intbl\sb60\li40\ri100\sl220 \fs20\f1 Match opposite\sa60\cell \plain \pard\intbl\sb60\li40\ri100\sl220 \fs18\f3 Y\sa60\cell \plain \pard\intbl\sl-120\par\cell \row \pard\plain\sl-1\hyphpar0\par\pard\sb200\li960\sl220\qj \fs20\lang1033\f1 To see all DNS traffic, (TCP and UDP, destination port 53) regardless of source or destination\sa200\par\trowd\trleft960 \clvertalt\cellx3440\clvertalt\cellx5920\clvertalt\cellx8400 \plain \pard\intbl\sb60\li40\ri100\sl220 \fs20\f1 Host name/IP Address\sa60\cell \plain \pard\intbl\sb60\li40\ri100\sl220 \fs18\f3 0.0.0.0\sa60\cell \plain \pard\intbl\sb60\li40\ri100\sl220 \fs18\f3 0.0.0.0\sa60\cell \row \trowd\trleft960 \clvertalt\cellx3440\clvertalt\cellx5920\clvertalt\cellx8400 \plain \pard\intbl\sb60\li40\ri100\sl220 \fs20\f1 Wildcard mask\sa60\cell \plain \pard\intbl\sb60\li40\ri100\sl220 \fs18\f3 0.0.0.0\sa60\cell \plain \pard\intbl\sb60\li40\ri100\sl220 \fs18\f3 0.0.0.0\sa60\cell \row \trowd\trleft960 \clvertalt\cellx3440\clvertalt\cellx5920\clvertalt\cellx8400 \plain \pard\intbl\sb60\li40\ri100\sl220 \fs20\f1 Port\sa60\cell \plain \pard\intbl\sb60\li40\ri100\sl220 \fs18\f3 0\sa60\cell \plain \pard\intbl\sb60\li40\ri100\sl220 \fs18\f3 53\sa60\cell \row \trowd\trleft960 \clvertalt\cellx3440\clvertalt\cellx5920\clvertalt\cellx8400 \plain \pard\intbl\sb60\li40\ri100\sl220 \fs20\f1 Protocols\sa60\cell \plain \pard\intbl\sb60\li40\ri100\sl220 \fs18\f3 TCP: Y UDP: Y\sa60\cell \plain \pard\intbl\sl-120\par\cell \row \trowd\trleft960 \clvertalt\cellx3440\clvertalt\cellx5920\clvertalt\cellx8400 \plain \pard\intbl\sb60\li40\ri100\sl220 \fs20\f1 Include/Exclude\sa60\cell \plain \pard\intbl\sb60\li40\ri100\sl220 \fs18\f3 I\sa60\cell \plain \pard\intbl\sl-120\par\cell \row \trowd\trleft960 \clvertalt\cellx3440\clvertalt\cellx5920\clvertalt\cellx8400 \plain \pard\intbl\sb60\li40\ri100\sl220 \fs20\f1 Match opposite\sa60\cell \plain \pard\intbl\sb60\li40\ri100\sl220 \fs18\f3 Y\sa60\cell \plain \pard\intbl\sl-120\par\cell \row \pard\plain\sl-1\hyphpar0\par\pard\sb200\li960\sl220\qj \fs20\lang1033\f1 To see all mail (SMTP) traffic to a single host (202.47.132.2) from anywhere\sa200\par\trowd\trleft960 \clvertalt\cellx3440\clvertalt\cellx5920\clvertalt\cellx8400 \plain \pard\intbl\sb60\li40\ri100\sl220 \fs20\f1 Host name/IP Address\sa60\cell \plain \pard\intbl\sb60\li40\ri100\sl220 \fs18\f3 0.0.0.0\sa60\cell \plain \pard\intbl\sb60\li40\ri100\sl220 \fs18\f3 202.47.132.2\sa60\cell \row \trowd\trleft960 \clvertalt\cellx3440\clvertalt\cellx5920\clvertalt\cellx8400 \plain \pard\intbl\sb60\li40\ri100\sl220 \fs20\f1 Wildcard mask\sa60\cell \plain \pard\intbl\sb60\li40\ri100\sl220 \fs18\f3 0.0.0.0\sa60\cell \plain \pard\intbl\sb60\li40\ri100\sl220 \fs18\f3 255.255.255.255\sa60\cell \row \trowd\trleft960 \clvertalt\cellx3440\clvertalt\cellx5920\clvertalt\cellx8400 \plain \pard\intbl\sb60\li40\ri100\sl220 \fs20\f1 Port\sa60\cell \plain \pard\intbl\sb60\li40\ri100\sl220 \fs18\f3 0\sa60\cell \plain \pard\intbl\sb60\li40\ri100\sl220 \fs18\f3 25\sa60\cell \row \trowd\trleft960 \clvertalt\cellx3440\clvertalt\cellx5920\clvertalt\cellx8400 \plain \pard\intbl\sb60\li40\ri100\sl220 \fs20\f1 Protocols\sa60\cell \plain \pard\intbl\sb60\li40\ri100\sl220 \fs18\f3 TCP: Y\sa60\cell \plain \pard\intbl\sl-120\par\cell \row \trowd\trleft960 \clvertalt\cellx3440\clvertalt\cellx5920\clvertalt\cellx8400 \plain \pard\intbl\sb60\li40\ri100\sl220 \fs20\f1 Include/Exclude\sa60\cell \plain \pard\intbl\sb60\li40\ri100\sl220 \fs18\f3 I\sa60\cell \plain \pard\intbl\sl-120\par\cell \row \trowd\trleft960 \clvertalt\cellx3440\clvertalt\cellx5920\clvertalt\cellx8400 \plain \pard\intbl\sb60\li40\ri100\sl220 \fs20\f1 Match opposite\sa60\cell \plain \pard\intbl\sb60\li40\ri100\sl220 \fs18\f3 N\sa60\cell \plain \pard\intbl\sl-120\par\cell \row \pard\plain\sl-1\hyphpar0\par\pard\sb200\li960\sl220\qj \fs20\lang1033\f1 To see traffic from from/to host sunsite.unc.edu to/from cebu.mozcom.com\sa200\par\trowd\trleft960 \clvertalt\cellx3440\clvertalt\cellx5920\clvertalt\cellx8400 \plain \pard\intbl\sb60\li40\ri100\sl220 \fs20\f1 Host name/IP Address\sa60\cell \plain \pard\intbl\sb60\li40\ri100\sl220 \fs18\f3 sunsite.unc.edu\sa60\cell \plain \pard\intbl\sb60\li40\ri100\sl220 \fs18\f3 cebu.mozcom.com\sa60\cell \row \trowd\trleft960 \clvertalt\cellx3440\clvertalt\cellx5920\clvertalt\cellx8400 \plain \pard\intbl\sb60\li40\ri100\sl220 \fs20\f1 Wildcard mask\sa60\cell \plain \pard\intbl\sb60\li40\ri100\sl220 \fs18\f3 255.255.255.255\sa60\cell \plain \pard\intbl\sb60\li40\ri100\sl220 \fs18\f3 255.255.255.255\sa60\cell \row \trowd\trleft960 \clvertalt\cellx3440\clvertalt\cellx5920\clvertalt\cellx8400 \plain \pard\intbl\sb60\li40\ri100\sl220 \fs20\f1 Port\sa60\cell \plain \pard\intbl\sb60\li40\ri100\sl220 \fs18\f3 0\sa60\cell \plain \pard\intbl\sb60\li40\ri100\sl220 \fs18\f3 0\sa60\cell \row \trowd\trleft960 \clvertalt\cellx3440\clvertalt\cellx5920\clvertalt\cellx8400 \plain \pard\intbl\sb60\li40\ri100\sl220 \fs20\f1 Protocols\sa60\cell \plain \pard\intbl\sb60\li40\ri100\sl220 \fs18\f3 All IP: Y\sa60\cell \plain \pard\intbl\sl-120\par\cell \row \trowd\trleft960 \clvertalt\cellx3440\clvertalt\cellx5920\clvertalt\cellx8400 \plain \pard\intbl\sb60\li40\ri100\sl220 \fs20\f1 Include/Exclude\sa60\cell \plain \pard\intbl\sb60\li40\ri100\sl220 \fs18\f3 I\sa60\cell \plain \pard\intbl\sl-120\par\cell \row \trowd\trleft960 \clvertalt\cellx3440\clvertalt\cellx5920\clvertalt\cellx8400 \plain \pard\intbl\sb60\li40\ri100\sl220 \fs20\f1 Match opposite\sa60\cell \plain \pard\intbl\sb60\li40\ri100\sl220 \fs18\f3 Y\sa60\cell \plain \pard\intbl\sl-120\par\cell \row \pard\plain\sl-1\hyphpar0\par\pard\sb200\li960\sl220\qj \fs20\lang1033\f1 To omit display of traffic to/from 140.66.5.x from/to anywhere\sa200\par\trowd\trleft960 \clvertalt\cellx3440\clvertalt\cellx5920\clvertalt\cellx8400 \plain \pard\intbl\sb60\li40\ri100\sl220 \fs20\f1 Host name/IP Address\sa60\cell \plain \pard\intbl\sb60\li40\ri100\sl220 \fs18\f3 140.66.5.0\sa60\cell \plain \pard\intbl\sb60\li40\ri100\sl220 \fs18\f3 0.0.0.0\sa60\cell \row \trowd\trleft960 \clvertalt\cellx3440\clvertalt\cellx5920\clvertalt\cellx8400 \plain \pard\intbl\sb60\li40\ri100\sl220 \fs20\f1 Wildcard mask\sa60\cell \plain \pard\intbl\sb60\li40\ri100\sl220 \fs18\f3 255.255.255.0\sa60\cell \plain \pard\intbl\sb60\li40\ri100\sl220 \fs18\f3 0.0.0.0\sa60\cell \row \trowd\trleft960 \clvertalt\cellx3440\clvertalt\cellx5920\clvertalt\cellx8400 \plain \pard\intbl\sb60\li40\ri100\sl220 \fs20\f1 Port\sa60\cell \plain \pard\intbl\sb60\li40\ri100\sl220 \fs18\f3 0\sa60\cell \plain \pard\intbl\sb60\li40\ri100\sl220 \fs18\f3 0\sa60\cell \row \trowd\trleft960 \clvertalt\cellx3440\clvertalt\cellx5920\clvertalt\cellx8400 \plain \pard\intbl\sb60\li40\ri100\sl220 \fs20\f1 Protocols\sa60\cell \plain \pard\intbl\sb60\li40\ri100\sl220 \fs18\f3 All IP: Y\sa60\cell \plain \pard\intbl\sl-120\par\cell \row \trowd\trleft960 \clvertalt\cellx3440\clvertalt\cellx5920\clvertalt\cellx8400 \plain \pard\intbl\sb60\li40\ri100\sl220 \fs20\f1 Include/Exclude\sa60\cell \plain \pard\intbl\sb60\li40\ri100\sl220 \fs18\f3 E\sa60\cell \plain \pard\intbl\sl-120\par\cell \row \trowd\trleft960 \clvertalt\cellx3440\clvertalt\cellx5920\clvertalt\cellx8400 \plain \pard\intbl\sb60\li40\ri100\sl220 \fs20\f1 Match opposite\sa60\cell \plain \pard\intbl\sb60\li40\ri100\sl220 \fs18\f3 Y\sa60\cell \plain \pard\intbl\sl-120\par\cell \row \pard\plain\sl-1\hyphpar0\par\pard\sb200\li960\sl220\qj \fs20\lang1033\f1 You can enter as many parameters as you wish. All of them will be interpreted until the first match is found.\hyphpar0\par\pard\sb200\s4\li960\sl242 \b\fs22\lang1024\f2 Excluding Certain Sites\keepn\hyphpar0\par\pard\sb110\li960\sl220\qj \b0\fs20\lang1033\f1 Filters follow an implicit "no-match" policy, that is, only packets matching defined rules will be matched, others will be filtered out. This is similar to the access-list policy "whatever is not explicitly permitted is denied". If you want to show all traffic to/from everywhere, except certain places, you can specify the sites you wish to exclude, mark them with \fs18\f3 E\fs20\f1 in the \fs18\f3 Include/Exclude field\fs20\f1 , and define a general catch-all entry with source address \fs18\f3 0.0.0.0\fs20\f1 , mask \fs18\f3 0.0.0.0\fs20\f1 , port \fs18\f3 0\fs20\f1 , and destination \fs18\f3 0.0.0.0\fs20\f1 , mask \fs18\f3 0.0.0.0\fs20\f1 , port \fs18\f3 0\fs20\f1 , tagged with an \fs18\f3 I\fs20\f1 in the \fs18\f3 Include/Exclude\fs20\f1 field as the last entry.\hyphpar0\par\pard\sb100\li960\sl220\qj For example:\hyphpar0\par\pard\sb100\li960\sl220\qj To see all traffic except all SMTP (both directions), Web (both directions), and traffic (only) from 207.0.115.44\sa200\par\trowd\trleft960 \clvertalt\cellx3440\clvertalt\cellx5920\clvertalt\cellx8400 \plain \pard\intbl\sb60\li40\ri100\sl220 \fs20\f1 Host name/IP address\sa60\cell \plain \pard\intbl\sb60\li40\ri100\sl220 \fs18\f3 0.0.0.0\sa60\cell \plain \pard\intbl\sb60\li40\ri100\sl220 \fs18\f3 0.0.0.0\sa60\cell \row \trowd\trleft960 \clvertalt\cellx3440\clvertalt\cellx5920\clvertalt\cellx8400 \plain \pard\intbl\sb60\li40\ri100\sl220 \fs20\f1 Wildcard mask\sa60\cell \plain \pard\intbl\sb60\li40\ri100\sl220 \fs18\f3 0.0.0.0\sa60\cell \plain \pard\intbl\sb60\li40\ri100\sl220 \fs18\f3 0.0.0.0\sa60\cell \row \trowd\trleft960 \clvertalt\cellx3440\clvertalt\cellx5920\clvertalt\cellx8400 \plain \pard\intbl\sb60\li40\ri100\sl220 \fs20\f1 Port\sa60\cell \plain \pard\intbl\sb60\li40\ri100\sl220 \fs18\f3 25\sa60\cell \plain \pard\intbl\sb60\li40\ri100\sl220 \fs18\f3 0\sa60\cell \row \trowd\trleft960 \clvertalt\cellx3440\clvertalt\cellx5920\clvertalt\cellx8400 \plain \pard\intbl\sb60\li40\ri100\sl220 \fs20\f1 Protocols\sa60\cell \plain \pard\intbl\sb60\li40\ri100\sl220 \fs18\f3 TCP: Y\sa60\cell \plain \pard\intbl\sl-120\par\cell \row \trowd\trleft960 \clvertalt\cellx3440\clvertalt\cellx5920\clvertalt\cellx8400 \plain \pard\intbl\sb60\li40\ri100\sl220 \fs20\f1 Include/Exclude\sa60\cell \plain \pard\intbl\sb60\li40\ri100\sl220 \fs18\f3 E\sa60\cell \plain \pard\intbl\sl-120\par\cell \row \trowd\trleft960 \clvertalt\cellx3440\clvertalt\cellx5920\clvertalt\cellx8400 \plain \pard\intbl\sb60\li40\ri100\sl220 \fs20\f1 Match opposite\sa60\cell \plain \pard\intbl\sb60\li40\ri100\sl220 \fs18\f3 Y\sa60\cell \plain \pard\intbl\sl-120\par\cell \row \trowd\trleft960 \clvertalt\cellx3440\clvertalt\cellx5920\clvertalt\cellx8400 \plain \pard\intbl\sl-120\par\cell \plain \pard\intbl\sl-120\par\cell \plain \pard\intbl\sl-120\par\cell \row \trowd\trleft960 \clvertalt\cellx3440\clvertalt\cellx5920\clvertalt\cellx8400 \plain \pard\intbl\sb60\li40\ri100\sl220 \fs20\f1 Host name/IP address\sa60\cell \plain \pard\intbl\sb60\li40\ri100\sl220 \fs18\f3 0.0.0.0\sa60\cell \plain \pard\intbl\sb60\li40\ri100\sl220 \fs18\f3 0.0.0.0\sa60\cell \row \trowd\trleft960 \clvertalt\cellx3440\clvertalt\cellx5920\clvertalt\cellx8400 \plain \pard\intbl\sb60\li40\ri100\sl220 \fs20\f1 Wildcard mask\sa60\cell \plain \pard\intbl\sb60\li40\ri100\sl220 \fs18\f3 0.0.0.0\sa60\cell \plain \pard\intbl\sb60\li40\ri100\sl220 \fs18\f3 0.0.0.0\sa60\cell \row \trowd\trleft960 \clvertalt\cellx3440\clvertalt\cellx5920\clvertalt\cellx8400 \plain \pard\intbl\sb60\li40\ri100\sl220 \fs20\f1 Port\sa60\cell \plain \pard\intbl\sb60\li40\ri100\sl220 \fs18\f3 80\sa60\cell \plain \pard\intbl\sb60\li40\ri100\sl220 \fs18\f3 0\sa60\cell \row \trowd\trleft960 \clvertalt\cellx3440\clvertalt\cellx5920\clvertalt\cellx8400 \plain \pard\intbl\sb60\li40\ri100\sl220 \fs20\f1 Protocols\sa60\cell \plain \pard\intbl\sb60\li40\ri100\sl220 \fs18\f3 TCP: Y\sa60\cell \plain \pard\intbl\sl-120\par\cell \row \trowd\trleft960 \clvertalt\cellx3440\clvertalt\cellx5920\clvertalt\cellx8400 \plain \pard\intbl\sb60\li40\ri100\sl220 \fs20\f1 Include/Exclude\sa60\cell \plain \pard\intbl\sb60\li40\ri100\sl220 \fs18\f3 E\sa60\cell \plain \pard\intbl\sl-120\par\cell \row \trowd\trleft960 \clvertalt\cellx3440\clvertalt\cellx5920\clvertalt\cellx8400 \plain \pard\intbl\sb60\li40\ri100\sl220 \fs20\f1 Match opposite\sa60\cell \plain \pard\intbl\sb60\li40\ri100\sl220 \fs18\f3 Y\sa60\cell \plain \pard\intbl\sl-120\par\cell \row \trowd\trleft960 \clvertalt\cellx3440\clvertalt\cellx5920\clvertalt\cellx8400 \plain \pard\intbl\sl-120\par\cell \plain \pard\intbl\sl-120\par\cell \plain \pard\intbl\sl-120\par\cell \row \trowd\trleft960 \clvertalt\cellx3440\clvertalt\cellx5920\clvertalt\cellx8400 \plain \pard\intbl\sb60\li40\ri100\sl220 \fs20\f1 Host name/IP address\sa60\cell \plain \pard\intbl\sb60\li40\ri100\sl220 \fs18\f3 207.0.115.44\sa60\cell \plain \pard\intbl\sb60\li40\ri100\sl220 \fs18\f3 0.0.0.0\sa60\cell \row \trowd\trleft960 \clvertalt\cellx3440\clvertalt\cellx5920\clvertalt\cellx8400 \plain \pard\intbl\sb60\li40\ri100\sl220 \fs20\f1 Wildcard mask\sa60\cell \plain \pard\intbl\sb60\li40\ri100\sl220 \fs18\f3 255.255.255.255\sa60\cell \plain \pard\intbl\sb60\li40\ri100\sl220 \fs18\f3 0.0.0.0\sa60\cell \row \trowd\trleft960 \clvertalt\cellx3440\clvertalt\cellx5920\clvertalt\cellx8400 \plain \pard\intbl\sb60\li40\ri100\sl220 \fs20\f1 Port\sa60\cell \plain \pard\intbl\sb60\li40\ri100\sl220 \fs18\f3 0\sa60\cell \plain \pard\intbl\sb60\li40\ri100\sl220 \fs18\f3 0\sa60\cell \row \trowd\trleft960 \clvertalt\cellx3440\clvertalt\cellx5920\clvertalt\cellx8400 \plain \pard\intbl\sb60\li40\ri100\sl220 \fs20\f1 Protocols\sa60\cell \plain \pard\intbl\sb60\li40\ri100\sl220 \fs18\f3 All IP: Y\sa60\cell \plain \pard\intbl\sl-120\par\cell \row \trowd\trleft960 \clvertalt\cellx3440\clvertalt\cellx5920\clvertalt\cellx8400 \plain \pard\intbl\sb60\li40\ri100\sl220 \fs20\f1 Include/Exclude\sa60\cell \plain \pard\intbl\sb60\li40\ri100\sl220 \fs18\f3 E\sa60\cell \plain \pard\intbl\sl-120\par\cell \row \trowd\trleft960 \clvertalt\cellx3440\clvertalt\cellx5920\clvertalt\cellx8400 \plain \pard\intbl\sb60\li40\ri100\sl220 \fs20\f1 Match opposite\sa60\cell \plain \pard\intbl\sb60\li40\ri100\sl220 \fs18\f3 N\sa60\cell \plain \pard\intbl\sl-120\par\cell \row \trowd\trleft960 \clvertalt\cellx3440\clvertalt\cellx5920\clvertalt\cellx8400 \plain \pard\intbl\sl-120\par\cell \plain \pard\intbl\sl-120\par\cell \plain \pard\intbl\sl-120\par\cell \row \trowd\trleft960 \clvertalt\cellx3440\clvertalt\cellx5920\clvertalt\cellx8400 \plain \pard\intbl\sb60\li40\ri100\sl220 \fs20\f1 Host name/IP address\sa60\cell \plain \pard\intbl\sb60\li40\ri100\sl220 \fs18\f3 0.0.0.0\sa60\cell \plain \pard\intbl\sb60\li40\ri100\sl220 \fs18\f3 0.0.0.0\sa60\cell \row \trowd\trleft960 \clvertalt\cellx3440\clvertalt\cellx5920\clvertalt\cellx8400 \plain \pard\intbl\sb60\li40\ri100\sl220 \fs20\f1 Wildcard mask\sa60\cell \plain \pard\intbl\sb60\li40\ri100\sl220 \fs18\f3 0.0.0.0\sa60\cell \plain \pard\intbl\sb60\li40\ri100\sl220 \fs18\f3 0.0.0.0\sa60\cell \row \trowd\trleft960 \clvertalt\cellx3440\clvertalt\cellx5920\clvertalt\cellx8400 \plain \pard\intbl\sb60\li40\ri100\sl220 \fs20\f1 Port\sa60\cell \plain \pard\intbl\sb60\li40\ri100\sl220 \fs18\f3 0\sa60\cell \plain \pard\intbl\sb60\li40\ri100\sl220 \fs18\f3 0\sa60\cell \row \trowd\trleft960 \clvertalt\cellx3440\clvertalt\cellx5920\clvertalt\cellx8400 \plain \pard\intbl\sb60\li40\ri100\sl220 \fs20\f1 Protocols\sa60\cell \plain \pard\intbl\sb60\li40\ri100\sl220 \fs18\f3 All IP: Y\sa60\cell \plain \pard\intbl\sl-120\par\cell \row \trowd\trleft960 \clvertalt\cellx3440\clvertalt\cellx5920\clvertalt\cellx8400 \plain \pard\intbl\sb60\li40\ri100\sl220 \fs20\f1 Include/Exclude\sa60\cell \plain \pard\intbl\sb60\li40\ri100\sl220 \fs18\f3 I\sa60\cell \plain \pard\intbl\sl-120\par\cell \row \trowd\trleft960 \clvertalt\cellx3440\clvertalt\cellx5920\clvertalt\cellx8400 \plain \pard\intbl\sb60\li40\ri100\sl220 \fs20\f1 Match opposite\sa60\cell \plain \pard\intbl\sb60\li40\ri100\sl220 \fs18\f3 N\sa60\cell \plain \pard\intbl\sl-120\par\cell \row \pard\plain\sl-1\hyphpar0\par\pard\sb200\li1360\sl198\qj \b\fs18\f2 Tip: \b0\f4 To filter out all TCP, define a filter with a single entry, with a source of \fs16\f3 0.0.0.0\fs18\f4 mask \fs16\f3 0.0.0.0\fs18\f4 port \fs16\f3 0\fs18\f4 , and a destination of \fs16\f3 0.0.0.0\fs18\f4 mask \fs16\f3 0.0.0.0\fs18\f4 port \fs16\f3 0\fs18\f4 , with the \fs16\f3 Include/Exclude\fs18\f4 field marked \fs16\f3 E\fs18\f4 (exclude). Then apply this filter.\hyphpar0\par\pard\sb200\s3\sl266 {\*\bkmkstart _1902}{\*\bkmkend _1902}\b\fs24\f2 Applying a Filter\keepn\hyphpar0\par\pard\sb121\li960\sl220\qj \b0\fs20\lang1033\f1 The above steps only add the filter to a defined list. To actually apply the filter, you must select \i Apply filter...\i0 from the menu. You will be presented with a list of filters you already defined. Select the one you want to apply, and press Enter.\hyphpar0\par\pard\sb100\li960\sl220\qj The applied filter stays in effect over exits and restarts of the IPTraf program until it is detached.\hyphpar0\par\pard\sb200\s3\sl266 {\*\bkmkstart _1907}{\*\bkmkend _1907}\b\fs24\lang1024\f2 Editing a Defined Filter\keepn\hyphpar0\par\pard\sb121\li960\sl220\qj \b0\fs20\lang1033\f1 Select \i Edit filter...\i0 to modify an existing filter. Once you select this option, you will be presented with the list of defined filters. Select the filter you want to edit by moving the selection bar and press Enter.\hyphpar0\par\pard\sb100\li960\sl220\qj Edit the description if you wish. Pressing Ctrl+X at this point will abort the operation, and the filter will remain unmodified. Press Enter to accept any changes to the filter description.\hyphpar0\par\pard\sb100\li960\sl220\qj After pressing Enter, you will see the filter's rules. To edit an existing filter rule, move the selection bar to the desired entry and press Enter. A prefilled dialog box will appear. Edit its contents as desired. Press Enter to accept the changes or Ctrl+X to discard.\hyphpar0\par\pard\sb100\li960\sl220\qj You can add a new filter rule by pressing I to insert at the selection bar's current position. When you press I, you will be presented with a dialog box asking you to enter the new rule data. Pressing A results in a similar operation, except the rule will be appended as the last entry in the rule list.\hyphpar0\par\pard\sb100\li960\sl220\qj Pressing D deletes the currently pointed entry.\hyphpar0\par\pard\sb100\li960\sl220\qj Press X or Ctrl+X to end the edit and save the changes.\hyphpar0\par\pard\sb200\li1360\sl198\qj \b\fs18\lang1024\f2 Note: \b0\f4 If you're editing the currently applied filter, you will need to re-apply the filter for the changes to take effect.\hyphpar0\par\pard\sb200\li1360\sl198\qj \b\f2 Note: \b0\f4 Be aware that the filter processes the rules in order. In other words, if a packet matches more than one rule, only the first matching rule is followed.\hyphpar0\par\pard\sb200\s3\sl266 {\*\bkmkstart _1922}{\*\bkmkend _1922}\b\fs24\f2 Deleting a Defined Filter\keepn\hyphpar0\par\pard\sb121\li960\sl220\qj \b0\fs20\lang1033\f1 Select \i Delete filter...\i0 from the menu to remove a filter from the list. Just move the selection bar to the filter you want to delete, and press Enter.\hyphpar0\par\pard\sb200\s3\sl266 {\*\bkmkstart _1926}{\*\bkmkend _1926}\b\fs24\lang1024\f2 Detaching a Filter\keepn\hyphpar0\par\pard\sb121\li960\sl220\qj \b0\fs20\lang1033\f1 The \i Detach filter\i0 option deactivates the filter currently in use. Selecting this option causes all TCP traffic to be passed to the monitors.\hyphpar0\par\pard\sb100\li960\sl220\qj When you're done with the menu, just select the Exit menu option.\hyphpar0\par\pard\sb200\s2\sl293 {\*\bkmkstart ID_NONIPFILTERS}{\*\bkmkend ID_NONIPFILTERS}\b\fs26\lang1024\f2 ARP, RARP, and other Non-IP Packet Filters\keepn\hyphpar0\par\pard\sb133\li960\sl220\qj \b0\fs20\lang1033\f1 The \i Non-IP\i0 filter option toggles the display and logging of all non-IP packets, except ARP and RARP, which are toggled separately.\hyphpar0\par\sect\sectd\plain\pgwsxn12240\pghsxn15840\marglsxn1920\margrsxn1920\margtsxn960\margbsxn480\headery0\footery0\pgndec\titlepg{\headerf\pard\sl-240\sb770\sa-50\plain\tqc\tx4200\tqr\tx8400 {}\tab {}\tab {}\par}{\footerf\pard\sl-240\sb-670\sa910\plain\tqc\tx4200\tqr\tx8400 {}\tab {}\tab {\i\fs20\f1 \chpgn }\par}{\headerl\pard\sl-240\sb770\sa-50\plain\tqc\tx4200\tqr\tx8400 {\i\fs20\f1 Chapter 8. Configuring IPTraf}\tab {}\tab {}\par}{\footerl\pard\sl-240\sb-670\sa910\plain\tqc\tx4200\tqr\tx8400 {\i\fs20\f1 \chpgn }\tab {}\tab {}\par}{\headerr\pard\sl-240\sb770\sa-50\plain\tqc\tx4200\tqr\tx8400 {}\tab {}\tab {\i\fs20\f1 Chapter 8. Configuring IPTraf}\par}{\footerr\pard\sl-240\sb-670\sa910\plain\tqc\tx4200\tqr\tx8400 {}\tab {}\tab {\i\fs20\f1 \chpgn }\par}\pard\sb220\s1\sl322 {\*\bkmkstart ID_CONFIG}{\*\bkmkend ID_CONFIG}\b\fs29\f2 Chapter 8. Configuring IPTraf\keepn\hyphpar0\par\pard\sb146\li960\sl220\qj \b0\fs20\lang1033\f1 IPTraf can be easily configured with the {\field{\*\fldinst HYPERLINK \\l ID_CONFIG}{\fldrslt \i Configure...}} item in the main menu. The configuration is stored in the \fs18\f3 /var/local/iptraf/iptraf.cfg\fs20\f1 file. If the file is not found, IPTraf uses the default settings. Any changes to the configuration immediately get stored in the configuration file.\hyphpar0\par\pard\sb200\li960{\field\flddirty{\*\fldinst INCLUDEPICTURE "iptraf-configmenu.eps" }{\fldrslt }}\keepn\par\pard\sb200\li960\sl220\qj \b\lang1024 Figure 8-1. The IPTraf configuration menu\hyphpar0\par\pard\sb200\s2\sl293 {\*\bkmkstart ID_TOGGLES}{\*\bkmkend ID_TOGGLES}\fs26\f2 Toggles\keepn\hyphpar0\par\pard\sb200\s3\sl266 {\*\bkmkstart _1946}{\*\bkmkend _1946}\fs24 Reverse DNS Lookups\keepn\hyphpar0\par\pard\sb121\li960\sl220\qj \b0\fs20\lang1033\f1 Activating reverse lookup causes IPTraf to find out the name of the hosts with the addresses in the IP packets. When this option is enabled, IPTraf's IP traffic monitor starts the rvnamed DNS lookup server to help resolve IP addresses in the background while allowing IPTraf to continue capturing packets.\hyphpar0\par\pard\sb100\li960\sl220\qj This option is off by default.\hyphpar0\par\pard\sb200\s3\sl266 {\*\bkmkstart _1950}{\*\bkmkend _1950}\b\fs24\lang1024\f2 TCP/UDP Service Names\keepn\hyphpar0\par\pard\sb121\li960\sl220\qj \b0\fs20\lang1033\f1 This option, when on, causes IPTraf to display the TCP/UDP service names (\fs18\f3 smtp\fs20\f1 , \fs18\f3 www\fs20\f1 , \fs18\f3 pop3\fs20\f1 , etc.) instead of their numeric ports (25, 80, 110, etc). The number-to-name mappings will depend on the systems services database file (usually \fs18\f3 /etc/services\fs20\f1 ). Should there be no corresponding service name for the port number, the numeric form will still be displayed. \hyphpar0\par\pard\sb100\li960\sl220\qj This setting is off by default.\hyphpar0\par\pard\sb200\li1360\sl198\qj \b\fs18\lang1024\f2 Note: \b0\f4 Reverse lookup and service name lookup take some time and may impact performance and increase the chances of dropped packets. Performance and results are best (albeit more cryptic) with both these settings off.\hyphpar0\par\pard\sb200\s3\sl266 {\*\bkmkstart _1961}{\*\bkmkend _1961}\b\fs24\f2 Force promiscuous\keepn\hyphpar0\par\pard\sb121\li960\sl220\qj \b0\fs20\lang1033\f1 If this option is enabled, your LAN interfaces will capture all packets on your LAN. Using this option enables you to see all TCP connections and packets passing your LAN segment, even if they're not from or for your machine. When this option is active in the statistics windows, the Activity indicators will show a good estimate of the load on your LAN segment.\hyphpar0\par\pard\sb100\li960\sl220\qj When this option is disabled, you'll only receive information about packets coming from and entering your machine.\hyphpar0\par\pard\sb100\li960\sl220\qj The setting of this option affects all LAN ( Ethernet, FDDI, some Token Ring) interfaces on your machine, if you have more than one.\hyphpar0\par\pard\sb100\li960\sl220\qj The interface's promiscuous flag is set only when a facility is started, and turned off when it exits. However, if promiscuous mode was already set when a facility was started, it remains set on exit.\hyphpar0\par\pard\sb100\li960\sl220\qj If multiple instances of IPTraf are started, the promiscuous setting is restored only upon exit of the last facility.\hyphpar0\par\pard\sb200\li1360\sl198\qj \b\fs18\lang1024\f2 Note: \b0\f4 Do not use other programs that change the interface's promiscuous flag at the same time you're using IPTraf. The programs can interfere with each other's expected operations. While IPTraf tries to obtain the initial setting of any promiscuous flags for restoration upon exit, other programs may not be as well-behaved, and they may turn off the promiscuous flags while IPTraf is still monitoring.\hyphpar0\par\pard\sb200\s3\sl266 {\*\bkmkstart _1971}{\*\bkmkend _1971}\b\fs24\f2 Color\keepn\hyphpar0\par\pard\sb121\li960\sl220\qj \b0\fs20\lang1033\f1 Turn this on with color monitors. Turn it off with black-and- white monitors or non-color terminals (like xterms). Changes to this setting will take effect the next time the program is started.\hyphpar0\par\pard\sb100\li960\sl220\qj Color is on by default on consoles and color xterms, off on non-color terminals like xterms and VT100s.\hyphpar0\par\pard\sb200\s3\sl266 {\*\bkmkstart _1975}{\*\bkmkend _1975}\b\fs24\lang1024\f2 Logging\keepn\hyphpar0\par\pard\sb121\li960\sl220\qj \b0\fs20\lang1033\f1 When this option is active, IPTraf will log information to a disk file, which can be examined or analyzed later. Since IPTraf 2.4.0, IPTraf prompts you for the name of the file to which to write the logs. It will provide a default name, which you are free to accept or change. The IP traffic monitor and LAN station monitor will generate a log file name that is based on what instance they are (first, second, and so on). The general interface statistics' default log file name is constant, because it listens to all interfaces at once, and only one instance can run at one time.\hyphpar0\par\pard\sb100\li960\sl220\qj The other facilities generate a log file name based on the interface they're listening on.\hyphpar0\par\pard\sb100\li960\sl220\qj See the descriptions on the facilities above for the default log file names.\hyphpar0\par\pard\sb100\li960\sl220\qj Press Enter to accept the log file name, or Ctrl+X to cancel. Canceling will turn logging off for that session.\hyphpar0\par\pard\sb100\li960\sl220\qj The IP traffic monitor will write the following pieces of information to its log file:\hyphpar0\par\pard\sb100\li1160\sl220\fi-200\qj \tx1160 \fs16\lang1024 \'95\tab \fs20 Start of the traffic monitor\hyphpar0\par\pard\li1160\sl220\fi-200\qj \tx1160 \fs16 \'95\tab \fs20 Receipt of the first TCP packet for a connection. If that packet is a SYN, (SYN) will be indicated in the log entry. (Of course, the traffic monitor may start in the middle of established connections. It will still count those packets. This also explains why some connection entries may become idle if the traffic monitor is started in the middle of a half-closed connection, and miss the first FIN. Such entries time out in a while.)\hyphpar0\par\pard\li1160\sl220\fi-200\qj \tx1160 \fs16 \'95\tab \fs20 Receipt of a FIN (with average flow rate)\hyphpar0\par\pard\li1160\sl220\fi-200\qj \tx1160 \fs16 \'95\tab \fs20 ACK of a FIN\hyphpar0\par\pard\li1160\sl220\fi-200\qj \tx1160 \fs16 \'95\tab \fs20 Timeouts of TCP entries (with average flow rate)\hyphpar0\par\pard\li1160\sl220\fi-200\qj \tx1160 \fs16 \'95\tab \fs20 Reset connections (with average flow rate)\hyphpar0\par\pard\li1160\sl220\fi-200\qj \tx1160 \fs16 \'95\tab \fs20 Everything that appears in the bottom window of the traffic monitor\hyphpar0\par\pard\li1160\sl220\fi-200\qj \tx1160 \fs16 \'95\tab \fs20 Stopping of the traffic monitor\hyphpar0\par\pard\sb100\li960\sl220\qj \lang1033 Each log entry includes the date and time the entry was written. Logging is also affected by the defined filters.\hyphpar0\par\pard\sb100\li960\sl220\qj Log files can grow very fast, so be prepared with plenty of free space and delete unneeded logs. Log write errors are not indicated.\hyphpar0\par\pard\sb100\li960\sl220\qj Copies of the interface statistics, TCP/UDP statistics, packet size statistics, and LAN host statistics are also written to the log files at regular intervals. See \i Log Interval...\i0 in this chapter.\hyphpar0\par\pard\sb100\li960\sl220\qj IPTraf closes and reopens the active log file when it receives a \fs18\f3 USR1\fs20\f1 signal. This is useful in cases where a facility is run for long periods of time but the log files have to be cleared or moved.\hyphpar0\par\pard\sb100\li960\sl220\qj To clear or move an active log file, rename it first. IPTraf will continue to write to the file despite the new name. Then use the UNIX kill command to send the running IPTraf process a \fs18\f3 USR1\fs20\f1 signal. IPTraf will then close the log file and open another with the original name. You can then safely remove or delete the renamed file.\hyphpar0\par\pard\sb100\li960\sl220\qj Do not delete an open log file. Doing so will only result in a file just as large but filled with null characters (ASCII code 0).\hyphpar0\par\pard\sb100\li960\sl220\qj Logging comes disabled by default. The \fs18\f3 USR1\fs20\f1 signal is caught only if logging is enabled, it is ignored otherwise.\hyphpar0\par\pard\sb100\li960\sl220\qj A valid specification of \fs18\f3 -L\fs20\f1 on the command line with automatically enable logging for that particular session. The saved configuration setting is not affected.\hyphpar0\par\pard\sb200\s3\sl266 {\*\bkmkstart _2012}{\*\bkmkend _2012}\b\fs24\lang1024\f2 Activity mode\keepn\hyphpar0\par\pard\sb121\li960\sl220\qj \b0\fs20\lang1033\f1 Toggles activity indicators in the interface and LAN statistics facilities between kilobits per second (kbits/s) or kilobytes per second (kbytes/s).\hyphpar0\par\pard\sb100\li960\sl220\qj The default setting is kilobits per second.\hyphpar0\par\pard\sb200\s3\sl266 {\*\bkmkstart _2016}{\*\bkmkend _2016}\b\fs24\lang1024\f2 Source MAC addrs in traffic monitor\keepn\hyphpar0\par\pard\sb121\li960\sl220\qj \b0\fs20\lang1033\f1 When enabled, the IP traffic monitor retrieves the packets' source MAC addresses if they came in on an Ethernet, FDDI, or PLIP interface. The addresses appear in the lower window for non-TCP packets, while for TCP connections, they can be viewed by pressing M.\hyphpar0\par\pard\sb100\li960\sl220\qj No such information is displayed if the network interface doesn't use MAC addresses (such as PPP interfaces).\hyphpar0\par\pard\sb100\li960\sl220\qj This can be used to determine the actual source of the packets on your local LAN.\hyphpar0\par\pard\sb100\li960\sl220\qj The traffic monitor also logs the MAC addresses with this option enabled. The default setting is off.\hyphpar0\par\pard\sb200\s2\sl293 {\*\bkmkstart ID_TIMERS}{\*\bkmkend ID_TIMERS}\b\fs26\lang1024\f2 Timers\keepn\hyphpar0\par\pard\sb133\li960\sl220\qj \b0\fs20\lang1033\f1 The \i Timers...\i0 submenu allows you to IPTraf's interval and timeout functions.\hyphpar0\par\pard\sb200\li960{\field\flddirty{\*\fldinst INCLUDEPICTURE "iptraf-timermenu.eps" }{\fldrslt }}\keepn\par\pard\sb200\li960\sl220\qj \b\lang1024 Figure 8-2. The Timers configuration submenu\hyphpar0\par\pard\sb200\s3\sl266 {\*\bkmkstart _2029}{\*\bkmkend _2029}\fs24\f2 TCP Timeout\keepn\hyphpar0\par\pard\sb121\li960\sl220\qj \b0\fs20\lang1033\f1 This figure determines the amount of time (in minutes) a connection entry may remain idle before it becomes eligible for replacement by a new connection. The default is 15 minutes. You may want to reduce this on an isolated (not connected to the Internet) LAN or a LAN connected to the Internet with high-speed links. Just enter the new value and press Enter. You can press Ctrl+X to leave the current value unchanged.\hyphpar0\par\pard\sb200\s3\sl266 {\*\bkmkstart _2032}{\*\bkmkend _2032}\b\fs24\lang1024\f2 Log Interval\keepn\hyphpar0\par\pard\sb121\li960\sl220\qj \b0\fs20\lang1033\f1 This figure determines the number of minutes between logging of interface statistics, TCP/UDP figures, and LAN host statistics. The default is 60 minutes. This figure is meaningless if logging is disabled.\hyphpar0\par\pard\sb100\li960\sl220\qj This configuration item can be overridden with the \fs18\f3 -I\fs20\f1 when a facility is directly invoked from the command line (not accessed via the main menu), and remains effective for that particular session. The configured value is not affected.\hyphpar0\par\pard\sb200\s3\sl266 {\*\bkmkstart _2037}{\*\bkmkend _2037}\b\fs24\lang1024\f2 Screen Update Interval\keepn\hyphpar0\par\pard\sb121\li960\sl220\qj \b0\fs20\lang1033\f1 This value determines the rate in seconds at which the screen is updated. The default is 0, which means the screen is updated as fast as possible, giving close-to-realtime reflection of network activity. However, this high-speed update can cause incredible amounts of traffic if IPTraf is run on a remote terminal (e.g. a Telnet or Secure Shell session). You can set this to a higher value, such as 1 or 2 seconds to slow down the updates.\hyphpar0\par\pard\sb100\li960\sl220\qj This figure does not affect the rate of data capture. Only the screen refresh is affected. The figures are still updated as fast as possible, although the figure display will no longer be as close to realtime.\hyphpar0\par\pard\sb100\li960\sl220\qj The default setting is 0, which shouldn't be a problem on the console. Set it to a slightly higher value on remote terminals or slow links. The setting affects all monitoring facilities.\hyphpar0\par\pard\sb200\li1360\sl198\qj \b\fs18\lang1024\f2 Note: \b0\f4 Updating the screen is one of the slowest operations in a program. Older versions of IPTraf had a problem once network activity became very high. Because each packet caused a screen update, IPTraf began spending more time with the screen updates, causing a loss of packets once network activity reached a certain point.\hyphpar0\par\pard\sb100\li1360\sl198\qj However, since many users like rapid counts on their screen, a compromise was incorporated. Even when the screen update interval is set to 0, there is still a 50ms delay between screen updates (except the LAN station monitor, which has a 100 ms delay). This is still visually fast, but provides more time to the packet capture routine. Higher delays may result in better accuracy of counts and activity.\hyphpar0\par\pard\sb100\li1360\sl198\qj In any case, this setting only affects screen updates. Capture still proceeds as fast as possible.\hyphpar0\par\pard\sb200\s3\sl266 {\*\bkmkstart _2047}{\*\bkmkend _2047}\b\fs24\f2 TCP closed/idle persistence\keepn\hyphpar0\par\pard\sb121\li960\sl220\qj \b0\fs20\lang1033\f1 This parameter determines the interval (in minutes) at which the IP Traffic Monitor clears from the TCP display window all closed, idle, and timed out entries. Enter \fs18\f3 0\fs20\f1 to keep such entries on the screen indefinitely, disappearing only when replaced by new connections.\hyphpar0\par\pard\sb200\li1360\sl198\qj \b\fs18\lang1024\f2 Note: \b0\f4 The \i TCP timeout...\i0 option only tells IPTraf how long it should take before a connection should be considered idle and open to replacement by new connections. This does not determine how long it remains onscreen. The \i TCP closed/idle persistence...\i0 parameter flushes entries that have been closed or reset, or idle for the number of minutes defined by the \i TCP timeout...\i0 option.\hyphpar0\par\pard\sb200\s2\sl293 {\*\bkmkstart ID_CUSTOMPORTS}{\*\bkmkend ID_CUSTOMPORTS}\b\fs26\f2 Custom Information\keepn\hyphpar0\par\pard\sb133\li960\sl220\qj \b0\fs20\lang1033\f1 The remaining configuration items allow you to enter information which IPTraf uses for its displays and logs.\hyphpar0\par\pard\sb200\s3\sl266 {\*\bkmkstart _2060}{\*\bkmkend _2060}\b\fs24\lang1024\f2 Additional ports\keepn\hyphpar0\par\pard\sb121\li960\sl220\qj \b0\fs20\lang1033\f1 Select this item to enter a port number to be included in the TCP/UDP counts in the TCP/UDP service statistics main menu item described above. By default, port numbers above 1023 are not monitored. If you do have a higher-numbered port to monitor, enter it here.\hyphpar0\par\pard\sb100\li960\sl220\qj You will see two fields. If you have only one port to enter, just fill up the first field. To specify a range, fill both fields, the first port in the first field, the last port in the second field.\hyphpar0\par\pard\sb100\li960\sl220\qj You can select this option multiple times to add more values or ranges.\hyphpar0\par\pard\sb200\s3\sl266 {\*\bkmkstart _2065}{\*\bkmkend _2065}\b\fs24\lang1024\f2 Delete port/range\keepn\hyphpar0\par\pard\sb121\li960\sl220\qj \b0\fs20\lang1033\f1 Select this item to remove a higher-numbered port number or port range you entered earlier with the \i Additional ports...\i0 option. A window will come up containing the entered ports and ranges. Select the entry you want delete and press Enter.\hyphpar0\par\pard\sb200\s3\sl266 {\*\bkmkstart _2069}{\*\bkmkend _2069}\b\fs24\lang1024\f2 LAN Station Identifiers\keepn\hyphpar0\par\pard\sb121\li960\sl220\qj \b0\fs20\lang1033\f1 The LAN station statistics facility monitors stations based on their respective MAC addresses. The hexadecimal notation of these addresses make them even more difficult to remember than the dotted-decimal IP addresses, so these facilities were added to help you better determine which station is which.\hyphpar0\par\pard\sb100\li960\sl220\qj Selecting the \i Ethernet/PLIP host descriptions...\i0 or \i FDDI/Token Ring host descriptions...\i0 options brings up a submenu asking you to add, edit, or delete descriptions.\hyphpar0\par\pard\sb100\li960\sl220\qj To add a new description, select the \i Add description...\i0 option. A dialog box will appear, asking you for the MAC address and an appropriate description. Type in the address in hexadecimal notation with no punctuation of any kind. The dialog box is case-insensitive for the address; the alphabetical digits A to F will be stored in lowercase.\hyphpar0\par\pard\sb100\li960\sl220\qj Use the Tab key to move between fields and Enter to accept. Press Ctrl+X to discard this dialog and return to the main menu.\hyphpar0\par\pard\sb100\li960\sl220\qj The description may be anything: the IP address, a fully-qualified domain name, or a description of your liking as long as the field can hold.\hyphpar0\par\pard\sb100\li960\sl220\qj Enter as many descriptions as you need. Press Ctrl+X at a blank dialog after you have entered the last entry\hyphpar0\par\pard\sb100\li960\sl220\qj These descriptions will be displayed alongside the MAC addresses in the LAN station monitor, together with the type of frame (Ethernet, PLIP, or FDDI).\hyphpar0\par\pard\sb100\li960\sl220\qj An existing address or description may be edited by selecting the \i Edit description...\i0 option from the submenu. A panel will appear with a list of existing address descriptions. Select the one you wish to edit and press Enter. A dialog box identical to that when you add a description will appear with prefilled fields. Just backspace over and edit the fields. Press Enter to accept or Ctrl+X to cancel.\hyphpar0\par\pard\sb100\li960\sl220\qj Selecting the \i Delete description...\i0 submenu item brings up the selection panel. Select the description you want to delete and press Enter. You can also press Ctrl+X to cancel the operation.\hyphpar0\par\pard\sb100\li960\sl220\qj IPTraf 2.4 and later also recognizes the \fs18\f3 /etc/ethers\fs20\f1 file. Should a hardware address be present in the IPTraf definition files and in \fs18\f3 /etc/ethers\fs20\f1 , the IPTraf definition will be used.\hyphpar0\par\pard\sb200\li1360\sl198\qj \b\fs18\lang1024\f2 Note: \b0\f4 The description file for Ethernet and PLIP is \fs16\f3 ethernet.desc\fs18\f4 , while the FDDI and Token Ring mappings are stored in \fs16\f3 fddi.desc\fs18\f4 in the IPTraf working directory. These files are in colon-delimited text format. Database engines or custom scripts can be told to append data lines to those files. Each line follows this simple format:\hyphpar0\par\pard\sb200\li1360\sl178\qj \i\fs16\f3 address\i0 :\i description\hyphpar0\par\pard\sb200\li1360\sl198\qj \i0\fs18\f4 For example\hyphpar0\par\pard\sb200\li1360\sl178\qj \fs16\f3 00201e457e:Cisco 3640 gateway\hyphpar0\par\pard\sb200\li1360\sl198\qj \fs18\f4 Do not put colons, periods, or any invalid characters in the MAC address.\hyphpar0\par\sect\sectd\plain\pgwsxn12240\pghsxn15840\marglsxn1920\margrsxn1920\margtsxn960\margbsxn480\headery0\footery0\pgndec\titlepg{\headerf\pard\sl-240\sb770\sa-50\plain\tqc\tx4200\tqr\tx8400 {}\tab {}\tab {}\par}{\footerf\pard\sl-240\sb-670\sa910\plain\tqc\tx4200\tqr\tx8400 {}\tab {}\tab {\i\fs20\f1 \chpgn }\par}{\headerl\pard\sl-240\sb770\sa-50\plain\tqc\tx4200\tqr\tx8400 {\i\fs20\f1 Chapter 9. Background Operation}\tab {}\tab {}\par}{\footerl\pard\sl-240\sb-670\sa910\plain\tqc\tx4200\tqr\tx8400 {\i\fs20\f1 \chpgn }\tab {}\tab {}\par}{\headerr\pard\sl-240\sb770\sa-50\plain\tqc\tx4200\tqr\tx8400 {}\tab {}\tab {\i\fs20\f1 Chapter 9. Background Operation}\par}{\footerr\pard\sl-240\sb-670\sa910\plain\tqc\tx4200\tqr\tx8400 {}\tab {}\tab {\i\fs20\f1 \chpgn }\par}\pard\sb220\s1\sl322 {\*\bkmkstart ID_BACKOP}{\*\bkmkend ID_BACKOP}\b\fs29\f2 Chapter 9. Background Operation\keepn\hyphpar0\par\pard\sb146\li960\sl220\qj \b0\fs20\lang1033\f1 IPTraf's facilities can be placed in the background solely for logging. When running in the background, it doesn't display any output on the screen, and doesn't receive input from the keyboard, and drops you back to the shell.\hyphpar0\par\pard\sb100\li960\sl220\qj Before starting a statistical facility in the background, configure IPTraf in the usual way (set filters, add TCP/UDP ports, etc).\hyphpar0\par\pard\sb100\li960\sl220\qj Once that's done, exit all instances of IPTraf on the system, then invoke IPTraf from the command line with the parameter to start the facility you want, the timeout (\fs18\f3 -t\fs20\f1 ) parameter if you wish, and the \fs18\f3 -B\fs20\f1 parameter to actually daemonize the program. For example, to run the IP traffic monitor in the background for all interfaces, issue the command\hyphpar0\par\pard\sb200\li960\sl198\qj \fs18\lang1024\f3 iptraf -i all -B\hyphpar0\par\pard\sb200\li960\sl220\qj \fs20\lang1033\f1 To run the detailed interface statistics on interface \fs18\f3 eth0\fs20\f1 for 5 minutes in the background:\hyphpar0\par\pard\sb200\li960\sl198\qj \fs18\lang1024\f3 iptraf -d eth0 -t 5 -B\hyphpar0\par\pard\sb200\li960\sl220\qj \fs20\lang1033\f1 If the timeout parameter is not specified, the facility will run until the process receives a USR2 signal. To stop a facility in the background, do a\hyphpar0\par\pard\sb200\li960\sl198\qj \fs18\lang1024\f3 ps x\hyphpar0\par\pard\sb200\li960\sl220\qj \fs20\lang1033\f1 at the command line, and find the process id (pid) of the iptraf process you're looking for. Then send that process a USR2 signal with the kill command:\hyphpar0\par\pard\sb200\li960\sl198\qj \fs18\lang1024\f3 kill -USR2 pid\hyphpar0\par\pard\sb200\li960\sl220\qj \fs20\lang1033\f1 Since IPTraf cannot send error messages to the terminal, all messages are written to the file daemon.log in the IPTraf logging directory.\hyphpar0\par\pard\sb100\li960\sl220\qj The \fs18\f3 -B\fs20\f1 parameter automatically enables logging regardless of its configured setting. The parameter is ignored if not used with one of the parameters to start a facility from the command line.\hyphpar0\par\pard\sb100\li960\sl220\qj The log file can be specified with the \fs18\f3 -L\fs20\f1 command-line parameter. If this parameter is not specified, the default log file name for the facility will be used (see the descriptions of the facilities above for the default log name patterns). If you don't specify an path, the log file will be placed in \fs18\f3 /var/log/iptraf\fs20\f1 .\hyphpar0\par\pard\sb100\li960\sl220\qj The logging interval for all facilities (except the IP traffic monitor) can also be overriden with the \fs18\f3 -I\fs20\f1 command-line parameter.\hyphpar0\par\sect\sectd\plain\pgwsxn12240\pghsxn15840\marglsxn1920\margrsxn1920\margtsxn960\margbsxn480\headery0\footery0\pgndec\titlepg{\headerf\pard\sl-240\sb770\sa-50\plain\tqc\tx4200\tqr\tx8400 {}\tab {}\tab {}\par}{\footerf\pard\sl-240\sb-670\sa910\plain\tqc\tx4200\tqr\tx8400 {}\tab {}\tab {\i\fs20\f1 \chpgn }\par}{\headerl\pard\sl-240\sb770\sa-50\plain\tqc\tx4200\tqr\tx8400 {\i\fs20\f1 Appendix A. Messages}\tab {}\tab {}\par}{\footerl\pard\sl-240\sb-670\sa910\plain\tqc\tx4200\tqr\tx8400 {\i\fs20\f1 \chpgn }\tab {}\tab {}\par}{\headerr\pard\sl-240\sb770\sa-50\plain\tqc\tx4200\tqr\tx8400 {}\tab {}\tab {\i\fs20\f1 Appendix A. Messages}\par}{\footerr\pard\sl-240\sb-670\sa910\plain\tqc\tx4200\tqr\tx8400 {}\tab {}\tab {\i\fs20\f1 \chpgn }\par}\pard\sb220\s1\sl322 {\*\bkmkstart ID_MESSAGES}{\*\bkmkend ID_MESSAGES}\b\fs29\f2 Appendix A. Messages\keepn\hyphpar0\par\pard\sb146\li960\sl220\qj \b0\fs20\lang1033\f1 IPTraf's messages are presented in two ways. In interactive mode, messages are displayed in a distictive message box. In daemon (background) mode, appropriate messages are written to the \fs18\f3 iptraf.log\fs20\f1 file in the IPTraf log directory (normally \fs18\f3 /var/log/iptraf\fs20\f1 .\hyphpar0\par\pard\sb200\s2\sl293 {\*\bkmkstart ID_IPTRAFMESSAGES}{\*\bkmkend ID_IPTRAFMESSAGES}\b\fs26\lang1024\f2 IPTraf Messages\keepn\hyphpar0\par\pard\sb200\li960\sl220\qj \b0\fs18\lang1033\f3 Unable to create config file\hyphpar0\par\pard\sb100\li1360\sl220\qj \fs20\lang1024\f1 IPTraf cannot create the configuration file. The most likely cause of this is that you didn't properly install the program, and the necessary directory \fs18\f3 /var/local/iptraf\fs20\f1 does not exist. Can also be generated if you have a disk problem or if you have too many files open.\hyphpar0\par\pard\sb200\li960\sl220\qj \fs18\lang1033\f3 Unable to read config file\hyphpar0\par\pard\sb100\li1360\sl220\qj \fs20\lang1024\f1 The configuration record cannot be read. You most likely have a disk problem.\hyphpar0\par\pard\sb200\li960\sl220\qj \fs18\lang1033\f3 Unable to write config file\hyphpar0\par\pard\sb100\li1360\sl220\qj \fs20\lang1024\f1 The configuration file cannot be written. You either have a disk problem, or (more likely), your disk is full.\hyphpar0\par\pard\sb200\li960\sl220\qj \fs18\lang1033\f3 Enter an appropriate description for this filter\hyphpar0\par\pard\sb100\li1360\sl220\qj \fs20\lang1024\f1 Enter something to clearly describe the filter you are defining. \hyphpar0\par\pard\sb200\li960\sl220\qj \fs18\lang1033\f3 Error loading filter list file\hyphpar0\par\pard\sb100\li1360\sl220\qj \fs20\lang1024\f1 IPTraf cannot access the list of defined TCP or UDP filters. Can also be an indicator of a bad disk.\hyphpar0\par\pard\sb200\li960\sl220\qj \fs18\lang1033\f3 Error writing filter list file\hyphpar0\par\pard\sb100\li1360\sl220\qj \fs20\lang1024\f1 The filter list file cannot be written to. You may have trouble accessing your filters. \hyphpar0\par\pard\sb200\li960\sl220\qj \fs18\lang1033\f3 Unable to read TCP/UDP/misc IP filter file\hyphpar0\par\pard\sb100\li1360\sl220\qj \fs20\lang1024\f1 IPTraf cannot read the filter data off the file. Could be caused by a bad disk. \hyphpar0\par\pard\sb200\li960\sl220\qj \fs18\lang1033\f3 Error opening filter data file\hyphpar0\par\pard\sb100\li1360\sl220\qj \fs20\lang1024\f1 IPTraf cannot open the filter file. Could be caused by a shortage of file descriptors or a bad disk.\hyphpar0\par\pard\sb200\li960\sl220\qj \fs18\lang1033\f3 Unable to write filter data\hyphpar0\par\pard\sb100\li1360\sl220\qj \fs20\lang1024\f1 IPTraf cannot add the newly defined filter to the filter list. This may be due to a bad disk.\hyphpar0\par\pard\sb200\li960\sl220\qj \fs18\lang1033\f3 Cannot create filter data file\hyphpar0\par\pard\sb100\li1360\sl220\qj \fs20\lang1024\f1 IPTraf cannot create the filter record file. The defined filter is lost.\hyphpar0\par\pard\sb200\li960\sl220\qj \fs18\lang1033\f3 Unable to save filter changes\hyphpar0\par\pard\sb100\li1360\sl220\qj \fs20\lang1024\f1 IPTraf cannot save the changes you made to the filter. You probably have a disk error.\hyphpar0\par\pard\sb200\li960\sl220\qj \fs18\lang1033\f3 Unable to write filter state information\hyphpar0\par\pard\sb100\li1360\sl220\qj \fs20\lang1024\f1 The current state of the filters cannot be saved. IPTraf will be unable to correctly reload the filters the next time it's started. This can be caused by a bad disk or improper installation.\hyphpar0\par\pard\sb200\li960\sl220\qj \fs18\lang1033\f3 Unable to save interface flags\hyphpar0\par\pard\sb100\li1360\sl220\qj \fs20\lang1024\f1 IPTraf was unable to save the flags of the network interfaces. This is probably due to a bad installation or full filesystem.\hyphpar0\par\pard\sb200\li960\sl220\qj \fs18\lang1033\f3 Unable to retrieve saved interface flags\hyphpar0\par\pard\sb100\li1360\sl220\qj \fs20\lang1024\f1 IPTraf was unable to retrieve the save interface flags. Probably again due to a bad installation or full filesystem.\hyphpar0\par\pard\sb200\li960\sl220\qj \i\fs18\lang1033\f3 protocol\i0 filter data file in use; try again later\hyphpar0\par\pard\sb100\li960\sl220\qj Filter state file in use; try again later\hyphpar0\par\pard\sb100\li1360\sl220\qj \fs20\lang1024\f1 Another IPTraf process is modifying the TCP, UDP or miscellaneous IP filter data or the filter state file and has locked the files or file. Try again once the other IPTraf process has terminated or completed its modifications and unlocked the files.\hyphpar0\par\pard\sb200\li960\sl220\qj \fs18\lang1033\f3 Unable to resolve hostname\hyphpar0\par\pard\sb100\li1360\sl220\qj \fs20\lang1024\f1 The indicated host name in the filter cannot be resolved into an IP address. Check the local hosts database \fs18\f3 /etc/hosts\fs20\f1 or your machine's DNS configuration or DNS server. The filter parameters will not be used.\hyphpar0\par\pard\sb200\li960\sl220\qj \fs18\lang1033\f3 Unable to open host description file\hyphpar0\par\pard\sb100\li1360\sl220\qj \fs20\lang1024\f1 IPTraf cannot open the file containing the descriptions for Ethernet or FDDI addresses. Could be due to a bad disk or a hit on the file descriptor limit. \hyphpar0\par\pard\sb200\li960\sl220\qj \fs18\lang1033\f3 Unable to write host description\hyphpar0\par\pard\sb100\li1360\sl220\qj \fs20\lang1024\f1 IPTraf was unable to write the description record for this Ethernet or FDDI address. Could be due to a bad disk or corrupted filesystem. \hyphpar0\par\pard\sb200\li960\sl220\qj \fs18\lang1033\f3 No descriptions \hyphpar0\par\pard\sb100\li1360\sl220\qj \fs20\lang1024\f1 You tried to edit or delete a description with no previous descriptions defined. \hyphpar0\par\pard\sb200\li960\sl220\qj \fs18\lang1033\f3 Cannot open log file\hyphpar0\par\pard\sb100\li1360\sl220\qj \fs20\lang1024\f1 There is a problem opening the log file. There is most likely a problem with the disk, or there are too many open files. \hyphpar0\par\pard\sb200\li960\sl220\qj \fs18\lang1033\f3 Unable to obtain interface list\hyphpar0\par\pard\sb100\li1360\sl220\qj \fs20\lang1024\f1 IPTraf was unable to retrieve the list of network interfaces from the \fs18\f3 /proc\fs20\f1 filesystem. This may be due to a badly configured kernel. IPTraf needs \fs18\f3 /proc\fs20\f1 filesystem support. \hyphpar0\par\pard\sb200\li960\sl220\qj \fs18\lang1033\f3 No active interfaces. Check their status or the /proc filesystem.\hyphpar0\par\pard\sb100\li1360\sl220\qj \fs20\lang1024\f1 IPTraf found no active interfaces. Either all interfaces are down or the \fs18\f3 /proc/net/dev\fs20\f1 file was empty or unavailable. Activate at least one interface or check the \fs18\f3 /proc/net/dev\fs20\f1 file. \hyphpar0\par\pard\sb200\li960\sl220\qj \fs18\lang1033\f3 Unable to obtain interface parameters for interface\hyphpar0\par\pard\sb100\li1360\sl220\qj \fs20\lang1024\f1 The system call to retrieve the interface's flags failed. Check your interface or kernel driver. \hyphpar0\par\pard\sb200\li960\sl220\qj \fs18\lang1033\f3 Promisc change failed for interface\hyphpar0\par\pard\sb100\li1360\sl220\qj \fs20\lang1024\f1 The system call to change the promiscuous flag failed. Check your interface or its kernel driver. \hyphpar0\par\pard\sb200\li960\sl220\qj \fs18\lang1033\f3 Unable to open raw socket for flag change\hyphpar0\par\pard\sb100\li1360\sl220\qj \fs20\lang1024\f1 IPTraf was unable to open the necessary socket for the promiscuous change operation. May be due to a shortage of file descriptors. \hyphpar0\par\pard\sb200\li960\sl220\qj \fs18\lang1033\f3 Unable to open socket for MTU determination\hyphpar0\par\pard\sb100\li1360\sl220\qj \fs20\lang1024\f1 Returned by the facility for detailed interface statistics if the raw socket's opening sequence failed. The facility will abort.\hyphpar0\par\pard\sb200\li960\sl220\qj \fs18\lang1033\f3 Unable to open raw socket\hyphpar0\par\pard\sb100\li1360\sl220\qj \fs20\lang1024\f1 IPTraf was unable to open the raw socket for packet capture. May be due to a shortage of file descriptors.\hyphpar0\par\pard\sb200\li1760\sl198\qj \b\fs18\f2 Reminder: \b0\f4 IPTraf 2.x.x requires Linux kernel 2.2.x, with the Packet Socket option compiled in or installed as a module. IPTraf 2.x will return this error on a pre-2.2 kernel or on a 2.2 kernel without Packet Socket.\hyphpar0\par\pard\sb200\li960\sl220\qj \lang1033\f3 Unable to obtain interface MTU\hyphpar0\par\pard\sb100\li1360\sl220\qj \fs20\lang1024\f1 The detailed statistics facility was unable to obtain the maximum transmission unit (MTU) for the selected interface. The facility will abort. \hyphpar0\par\pard\sb200\li960\sl220\qj \fs18\lang1033\f3 Specified interface not supported\hyphpar0\par\pard\sb100\li1360\sl220\qj \fs20\lang1024\f1 The interface specified with the \fs18\f3 -i\fs20\f1 , \fs18\f3 -d\fs20\f1 , \fs18\f3 -s\fs20\f1 , \fs18\f3 -l\fs20\f1 , or \fs18\f3 -z\fs20\f1 command-line parameters is not supported by IPTraf.\hyphpar0\par\pard\sb200\li960\sl220\qj \fs18\lang1033\f3 Specified interface not active\hyphpar0\par\pard\sb100\li1360\sl220\qj \fs20\lang1024\f1 The interface specified with the \fs18\f3 -i\fs20\f1 , \fs18\f3 -d\fs20\f1 , \fs18\f3 -s\fs20\f1 , \fs18\f3 -l\fs20\f1 , or \fs18\f3 -z\fs20\f1 command-line parameters is supported, but not currently activated. \hyphpar0\par\pard\sb200\li960\sl220\qj \fs18\lang1033\f3 Fatal: memory allocation error\hyphpar0\par\pard\sb100\li1360\sl220\qj \fs20\lang1024\f1 May occur if you have too little memory to allocate for windows, the menu system, or dialog boxes. IPTraf tries to prevent further allocations if memory runs out during a monitor. However, this could also mean a bug if you're reasonably sure you're not out of memory. An instructional message on bug reporting follows this message.\hyphpar0\par\pard\sb200\li1760\sl198\qj \b\fs18\f2 Technical note: \b0\f4 This is actually a response to the segmentation fault error (SIGSEGV).\hyphpar0\par\pard\sb200\li960\sl220\qj \lang1033\f3 This program can be run only by the system administrator\hyphpar0\par\pard\sb100\li1360\sl220\qj \fs20\lang1024\f1 IPTraf normally does not allow anybody but uid 0 (root) to run it. This measure is included for safety reasons. See the section on recompiling the program below if you want to override this. This feature is built in, and not part of the configuration \hyphpar0\par\pard\sb200\li960\sl220\qj \fs18\lang1033\f3 Your TERM variable is not set\hyphpar0\par\pard\sb100\li1360\sl220\qj \fs20\lang1024\f1 The TERM (terminal type) environment variable must be set to a valid terminal type so that the screen management routines can function properly. Set it to the appropriate terminal type. Linux consoles typically have their TERM variables set to \fs18\f3 linux\fs20\f1 . \hyphpar0\par\pard\sb200\li960\sl220\qj \fs18\lang1033\f3 Received TERM signal\hyphpar0\par\pard\sb100\li1360\sl220\qj \fs20\lang1024\f1 Not related to the previous message. The \fs18\f3 TERM\fs20\f1 (terminate) signal is normally used to gracefully shut down a program. This message simply indicates that the \fs18\f3 TERM\fs20\f1 signal was caught and IPTraf is attempting to shut down as gracefully as possible.\hyphpar0\par\pard\sb200\li960\sl220\qj \fs18\lang1033\f3 Invalid option or missing parameter, use iptraf -h for help\hyphpar0\par\pard\sb100\li1360\sl220\qj \fs20\lang1024\f1 The \fs18\f3 -i\fs20\f1 , \fs18\f3 -d\fs20\f1 , \fs18\f3 -s\fs20\f1 , \fs18\f3 -l\fs20\f1 , or \fs18\f3 -z\fs20\f1 options were specified but no interface was specified on the command line. These parameters require a valid interface name (or \fs18\f3 all\fs20\f1 for \fs18\f3 -i\fs20\f1 or \fs18\f3 -l\fs20\f1 ). This message also appears if an unknown option is passed to the \b iptraf\b0 command. \hyphpar0\par\pard\sb200\li960\sl220\qj \fs18\lang1033\f3 Warning: unable to tag this process\hyphpar0\par\pard\sb100\li1360\sl220\qj \fs20\lang1024\f1 IPTraf normally tags itself when it runs to prevent multiple instances of the statistical facilities from running. This message means the program was unable to create the necessary tag file. This may be due to a bad or improper installation. Try running the \b make install\b0 procedure or the \b Setup\b0 in the distribution's top-level directory. \hyphpar0\par\pard\sb200\li960\sl220\qj \fs18\lang1033\f3 Warning: unable to tag facility\hyphpar0\par\pard\sb100\li1360\sl220\qj \fs20\lang1024\f1 IPTraf was unable to create the tag file for the facility you started. The facility will still run, but other instances of IPTraf that may be running simultaneously will allow the same facility to run. This may cause both instances of the facility to malfunction. This could be due to a bad disk or bad installation. \hyphpar0\par\pard\sb200\li960\sl220\qj \i\fs18\lang1033\f3 facility\i0 already running/listening on interface\hyphpar0\par\pard\sb100\li1360\sl220\qj \fs20\lang1024\f1 The facility you tried to start is currently running on the indicated interface in another IPTraf process on the machine. This restriction is placed to prevent conflicts involving internal sockets or the log files. \hyphpar0\par\pard\sb200\li960\sl220\qj \fs18\lang1033\f3 General interface statistics already active in another process\hyphpar0\par\pard\sb100\li1360\sl220\qj \fs20\lang1024\f1 Only one instance of the general interface statistics can run at a time. \hyphpar0\par\pard\sb200\li960\sl220\qj \fs18\lang1033\f3 Duplicate port/range entry \hyphpar0\par\pard\sb100\li1360\sl220\qj \fs20\lang1024\f1 You entered a port number or range that was already added to the list of additional ports to be monitored by the TCP/UDP service monitor \hyphpar0\par\pard\sb200\li960\sl220\qj \fs18\lang1033\f3 No custom ports\hyphpar0\par\pard\sb100\li1360\sl220\qj \fs20\lang1024\f1 There are no ports or port ranges earlier added. There's nothing to delete. \hyphpar0\par\pard\sb200\li960\sl220\qj \fs18\lang1033\f3 Can't start rvnamed; lookups will block\hyphpar0\par\pard\sb100\li1360\sl220\qj \fs20\lang1024\f1 IPTraf cannot start the \b rvnamed\b0 daemon; probably due to a bad installation. IPTraf will fall back to blocking lookups. \hyphpar0\par\pard\sb200\li960\sl220\qj \fs18\lang1033\f3 Can't spawn new process; lookups will block\hyphpar0\par\pard\sb100\li1360\sl220\qj \fs20\lang1024\f1 IPTraf cannot start a new process. This may be due to memory shortage. IPTraf will fall back to blocking lookups. \hyphpar0\par\pard\sb200\li960\sl220\qj \fs18\lang1033\f3 Fork error, IPTraf cannot run in background\hyphpar0\par\pard\sb100\li1360\sl220\qj \fs20\lang1024\f1 IPTraf cannot start a new process, and can go into the background. This may be due to memory shortage. IPTraf aborts. \hyphpar0\par\pard\sb200\li960\sl220\qj \fs18\lang1033\f3 No memory for new filter entry\hyphpar0\par\pard\sb100\li1360\sl220\qj \fs20\lang1024\f1 IPTraf was unable to allocate memory for a new filter entry. Most likely due to memory shortage. \hyphpar0\par\pard\sb200\li960\sl220\qj \fs18\lang1033\f3 Memory Low\hyphpar0\par\pard\sb100\li1360\sl220\qj \fs20\lang1024\f1 This indicator appears if memory runs low due to a lot of entries in a facility. Should critical functions fail (window creation, internal allocation), the program could terminate with a segmentation violation.\hyphpar0\par\pard\sb200\li1760\sl198\qj \b\fs18\f2 Note: \b0\f4 Any message or indicator about low memory means that your system does not have enough memory to handle the entries. It is almost certain that sooner or later, IPTraf or other applications will abort due to the failure of important system calls or library functions. Memory must be added right away.\hyphpar0\par\pard\sb200\li960\sl220\qj \lang1033\f3 IPC Error\hyphpar0\par\pard\sb100\li1360\sl220\qj \fs20\lang1024\f1 This indicator appears if an error occurs receiving data from the \b rvnamed\b0 program (IPC stands for Interprocess Communication). This indication should not occur under normal circumstances. Report instances of this condition and the circumstances under which it happens. You may also include data from the \fs18\f3 rvnamed.log\fs20\f1 file. \hyphpar0\par\pard\sb200\li960\sl220\qj \fs18\lang1033\f3 Error opening terminal: \i terminal\hyphpar0\par\pard\sb100\li1360\sl220\qj \i0\fs20\lang1024\f1 The screen management routines cannot find the \fs18\f3 terminfo\fs20\f1 entry for your terminal. IPTraf expects the terminfo database located in \fs18\f3 /usr/share/terminfo\fs20\f1 . This error could occur when your terminfo database is located somewhere else. See the section on controlling the \fs18\f3 terminfo\fs20\f1 search path.\hyphpar0\par\pard\sb200\li960\sl220\qj \fs18\lang1033\f3 This will end your IPTraf session \hyphpar0\par\pard\sb100\li1360\sl220\qj \fs20\lang1024\f1 In interactive mode IPTraf asks you to confirm your exit command. Press Enter to return to the shell or any other key to cancel your command and return to the main menu.\hyphpar0\par\pard\sb200\s2\sl293 {\*\bkmkstart ID_RVNAMEDMESSAGES}{\*\bkmkend ID_RVNAMEDMESSAGES}\b\fs26\f2 rvnamed Messages\keepn\hyphpar0\par\pard\sb133\li960\sl220\qj \b0\fs20\lang1033\f1 As a daemon, rvnamed does not send messages to the screen. It writes its messages to the file \fs18\f3 rvnamed.log\fs20\f1 in the IPTraf log directory.\hyphpar0\par\pard\sb200\li960\sl220\qj \fs18\f3 Unable to open child communication socket\hyphpar0\par\pard\sb100\li1360\sl220\qj \fs20\lang1024\f1 rvnamed was unable to open the communication endpoint for data reception from the children it creates. This is highly unusual, and should it occur, report the circumstances.\hyphpar0\par\pard\sb200\li960\sl220\qj \fs18\lang1033\f3 Unable to open client communication socket\hyphpar0\par\pard\sb100\li1360\sl220\qj \fs20\lang1024\f1 rvnamed was unable to open the communication endpoint for data exchange with the IPTraf program. This is highly unusual, and should it occur, report the circumstances.\hyphpar0\par\pard\sb200\li960\sl220\qj \fs18\lang1033\f3 Error binding client communication socket Error binding child communication socket\hyphpar0\par\pard\sb100\li1360\sl220\qj \fs20\lang1024\f1 rvnamed was unable to assign a name to the indicated communication socket. This may be due to a bad, full, or corrupted filesystem. \hyphpar0\par\pard\sb200\li960\sl220\qj \fs18\lang1033\f3 Fatal error: no memory for descriptor monitoring\hyphpar0\par\pard\sb100\li1360\sl220\qj \fs20\lang1024\f1 rvnamed ran out of memory. IPTraf will resort to blocking, and may freeze. \hyphpar0\par\pard\sb200\li960\sl220\qj \fs18\lang1033\f3 Error on fork, returning IP address\hyphpar0\par\pard\sb100\li1360\sl220\qj \fs20\lang1024\f1 rvnamed had a problem spawning a copy of itself to resolve the IP address. rvnamed will simply return the IP address in its literal, dotted-decimal notation. IPTraf will still function normally. This may be due to lack of memory or a process limit hit.\hyphpar0\par\pard\sb200\li960\sl220\qj \fs18\lang1033\f3 Maximum child process limit reached\hyphpar0\par\pard\sb100\li1360\sl220\qj \fs20\lang1024\f1 rvnamed has reached its maximum number of child processes. This is intended as a "brake" to prevent too many rvnamed children from hogging your computer's resources and possibly crashing it. Unless IPTraf is monitoring an extremely busy network without filters, this shouldn't happen, at least, not that often. If you notice this message, try applying filters or check your DNS server. Many times, this can happen when the DNS server goes down for whatever reason, and you have rvnamed children taking too long to resolve.\hyphpar0\par\sect\sectd\plain\pgwsxn12240\pghsxn15840\marglsxn1920\margrsxn1920\margtsxn960\margbsxn480\headery0\footery0\pgndec\titlepg{\headerf\pard\sl-240\sb770\sa-50\plain\tqc\tx4200\tqr\tx8400 {}\tab {}\tab {}\par}{\footerf\pard\sl-240\sb-670\sa910\plain\tqc\tx4200\tqr\tx8400 {}\tab {}\tab {\i\fs20\f1 \chpgn }\par}{\headerl\pard\sl-240\sb770\sa-50\plain\tqc\tx4200\tqr\tx8400 {\i\fs20\f1 Appendix B. GNU Free Documentation License}\tab {}\tab {}\par}{\footerl\pard\sl-240\sb-670\sa910\plain\tqc\tx4200\tqr\tx8400 {\i\fs20\f1 \chpgn }\tab {}\tab {}\par}{\headerr\pard\sl-240\sb770\sa-50\plain\tqc\tx4200\tqr\tx8400 {}\tab {}\tab {\i\fs20\f1 Appendix B. GNU Free Documentation License}\par}{\footerr\pard\sl-240\sb-670\sa910\plain\tqc\tx4200\tqr\tx8400 {}\tab {}\tab {\i\fs20\f1 \chpgn }\par}\pard\sb220\s1\sl322 {\*\bkmkstart ID_GFDL}{\*\bkmkend ID_GFDL}\b\fs29\f2 Appendix B. GNU Free Documentation License\keepn\hyphpar0\par\pard\sb146\li960\sl220\qj \b0\fs20\lang1033\f1 Version 1.1, March 2000\hyphpar0\par\pard\sb100\li1160\ri200\sl198\qj \fs18 Copyright (C) 2000 Free Software Foundation, Inc. 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA Everyone is permitted to copy and distribute verbatim copies of this license document, but changing it is not allowed.\hyphpar0\par\pard\sb200\s2\sl293 {\*\bkmkstart ID_GFDL_45_0}{\*\bkmkend ID_GFDL_45_0}\b\fs26\lang1024\f2 PREAMBLE\keepn\hyphpar0\par\pard\sb133\li960\sl220\qj \b0\fs20\lang1033\f1 The purpose of this License is to make a manual, textbook, or other written document "free" in the sense of freedom: to assure everyone the effective freedom to copy and redistribute it, with or without modifying it, either commercially or noncommercially. Secondarily, this License preserves for the author and publisher a way to get credit for their work, while not being considered responsible for modifications made by others.\hyphpar0\par\pard\sb100\li960\sl220\qj This License is a kind of "copyleft", which means that derivative works of the document must themselves be free in the same sense. It complements the GNU General Public License, which is a copyleft license designed for free software.\hyphpar0\par\pard\sb100\li960\sl220\qj We have designed this License in order to use it for manuals for free software, because free software needs free documentation: a free program should come with manuals providing the same freedoms that the software does. But this License is not limited to software manuals; it can be used for any textual work, regardless of subject matter or whether it is published as a printed book. We recommend this License principally for works whose purpose is instruction or reference.\hyphpar0\par\pard\sb200\s2\sl293 {\*\bkmkstart ID_GFDL_45_1}{\*\bkmkend ID_GFDL_45_1}\b\fs26\lang1024\f2 APPLICABILITY AND DEFINITIONS\keepn\hyphpar0\par\pard\sb133\li960\sl220\qj \b0\fs20\lang1033\f1 This License applies to any manual or other work that contains a notice placed by the copyright holder saying it can be distributed under the terms of this License. The "Document", below, refers to any such manual or work. Any member of the public is a licensee, and is addressed as "you".\hyphpar0\par\pard\sb100\li960\sl220\qj A "Modified Version" of the Document means any work containing the Document or a portion of it, either copied verbatim, or with modifications and/or translated into another language.\hyphpar0\par\pard\sb100\li960\sl220\qj A "Secondary Section" is a named appendix or a front-matter section of the Document that deals exclusively with the relationship of the publishers or authors of the Document to the Document's overall subject (or to related matters) and contains nothing that could fall directly within that overall subject. (For example, if the Document is in part a textbook of mathematics, a Secondary Section may not explain any mathematics.) The relationship could be a matter of historical connection with the subject or with related matters, or of legal, commercial, philosophical, ethical or political position regarding them.\hyphpar0\par\pard\sb100\li960\sl220\qj The "Invariant Sections" are certain Secondary Sections whose titles are designated, as being those of Invariant Sections, in the notice that says that the Document is released under this License.\hyphpar0\par\pard\sb100\li960\sl220\qj The "Cover Texts" are certain short passages of text that are listed, as Front-Cover Texts or Back-Cover Texts, in the notice that says that the Document is released under this License.\hyphpar0\par\pard\sb100\li960\sl220\qj A "Transparent" copy of the Document means a machine-readable copy, represented in a format whose specification is available to the general public, whose contents can be viewed and edited directly and straightforwardly with generic text editors or (for images composed of pixels) generic paint programs or (for drawings) some widely available drawing editor, and that is suitable for input to text formatters or for automatic translation to a variety of formats suitable for input to text formatters. A copy made in an otherwise Transparent file format whose markup has been designed to thwart or discourage subsequent modification by readers is not Transparent. A copy that is not "Transparent" is called "Opaque".\hyphpar0\par\pard\sb100\li960\sl220\qj Examples of suitable formats for Transparent copies include plain ASCII without markup, Texinfo input format, LaTeX input format, SGML or XML using a publicly available DTD, and standard-conforming simple HTML designed for human modification. Opaque formats include PostScript, PDF, proprietary formats that can be read and edited only by proprietary word processors, SGML or XML for which the DTD and/or processing tools are not generally available, and the machine-generated HTML produced by some word processors for output purposes only.\hyphpar0\par\pard\sb100\li960\sl220\qj The "Title Page" means, for a printed book, the title page itself, plus such following pages as are needed to hold, legibly, the material this License requires to appear in the title page. For works in formats which do not have any title page as such, "Title Page" means the text near the most prominent appearance of the work's title, preceding the beginning of the body of the text.\hyphpar0\par\pard\sb200\s2\sl293 {\*\bkmkstart ID_GFDL_45_2}{\*\bkmkend ID_GFDL_45_2}\b\fs26\lang1024\f2 VERBATIM COPYING\keepn\hyphpar0\par\pard\sb133\li960\sl220\qj \b0\fs20\lang1033\f1 You may copy and distribute the Document in any medium, either commercially or noncommercially, provided that this License, the copyright notices, and the license notice saying this License applies to the Document are reproduced in all copies, and that you add no other conditions whatsoever to those of this License. You may not use technical measures to obstruct or control the reading or further copying of the copies you make or distribute. However, you may accept compensation in exchange for copies. If you distribute a large enough number of copies you must also follow the conditions in section 3.\hyphpar0\par\pard\sb100\li960\sl220\qj You may also lend copies, under the same conditions stated above, and you may publicly display copies.\hyphpar0\par\pard\sb200\s2\sl293 {\*\bkmkstart ID_GFDL_45_3}{\*\bkmkend ID_GFDL_45_3}\b\fs26\lang1024\f2 COPYING IN QUANTITY\keepn\hyphpar0\par\pard\sb133\li960\sl220\qj \b0\fs20\lang1033\f1 If you publish printed copies of the Document numbering more than 100, and the Document's license notice requires Cover Texts, you must enclose the copies in covers that carry, clearly and legibly, all these Cover Texts: Front-Cover Texts on the front cover, and Back-Cover Texts on the back cover. Both covers must also clearly and legibly identify you as the publisher of these copies. The front cover must present the full title with all words of the title equally prominent and visible. You may add other material on the covers in addition. Copying with changes limited to the covers, as long as they preserve the title of the Document and satisfy these conditions, can be treated as verbatim copying in other respects.\hyphpar0\par\pard\sb100\li960\sl220\qj If the required texts for either cover are too voluminous to fit legibly, you should put the first ones listed (as many as fit reasonably) on the actual cover, and continue the rest onto adjacent pages.\hyphpar0\par\pard\sb100\li960\sl220\qj If you publish or distribute Opaque copies of the Document numbering more than 100, you must either include a machine-readable Transparent copy along with each Opaque copy, or state in or with each Opaque copy a publicly-accessible computer-network location containing a complete Transparent copy of the Document, free of added material, which the general network-using public has access to download anonymously at no charge using public-standard network protocols. If you use the latter option, you must take reasonably prudent steps, when you begin distribution of Opaque copies in quantity, to ensure that this Transparent copy will remain thus accessible at the stated location until at least one year after the last time you distribute an Opaque copy (directly or through your agents or retailers) of that edition to the public.\hyphpar0\par\pard\sb100\li960\sl220\qj It is requested, but not required, that you contact the authors of the Document well before redistributing any large number of copies, to give them a chance to provide you with an updated version of the Document.\hyphpar0\par\pard\sb200\s2\sl293 {\*\bkmkstart ID_GFDL_45_4}{\*\bkmkend ID_GFDL_45_4}\b\fs26\lang1024\f2 MODIFICATIONS\keepn\hyphpar0\par\pard\sb133\li960\sl220\qj \b0\fs20\lang1033\f1 You may copy and distribute a Modified Version of the Document under the conditions of sections 2 and 3 above, provided that you release the Modified Version under precisely this License, with the Modified Version filling the role of the Document, thus licensing distribution and modification of the Modified Version to whoever possesses a copy of it. In addition, you must do these things in the Modified Version:\hyphpar0\par\pard\sb100\li1440\sl220\fi-480\qj \tqr\tx1390\tx1440\tab \lang1024 A.\tab Use in the Title Page (and on the covers, if any) a title distinct from that of the Document, and from those of previous versions (which should, if there were any, be listed in the History section of the Document). You may use the same title as a previous version if the original publisher of that version gives permission.\hyphpar0\par\pard\sb100\li1440\sl220\fi-480\qj \tqr\tx1390\tx1440\tab B.\tab List on the Title Page, as authors, one or more persons or entities responsible for authorship of the modifications in the Modified Version, together with at least five of the principal authors of the Document (all of its principal authors, if it has less than five).\hyphpar0\par\pard\sb100\li1440\sl220\fi-480\qj \tqr\tx1390\tx1440\tab C.\tab State on the Title page the name of the publisher of the Modified Version, as the publisher.\hyphpar0\par\pard\sb100\li1440\sl220\fi-480\qj \tqr\tx1390\tx1440\tab D.\tab Preserve all the copyright notices of the Document.\hyphpar0\par\pard\sb100\li1440\sl220\fi-480\qj \tqr\tx1390\tx1440\tab E.\tab Add an appropriate copyright notice for your modifications adjacent to the other copyright notices.\hyphpar0\par\pard\sb100\li1440\sl220\fi-480\qj \tqr\tx1390\tx1440\tab F.\tab Include, immediately after the copyright notices, a license notice giving the public permission to use the Modified Version under the terms of this License, in the form shown in the Addendum below.\hyphpar0\par\pard\sb100\li1440\sl220\fi-480\qj \tqr\tx1390\tx1440\tab G.\tab Preserve in that license notice the full lists of Invariant Sections and required Cover Texts given in the Document's license notice.\hyphpar0\par\pard\sb100\li1440\sl220\fi-480\qj \tqr\tx1390\tx1440\tab H.\tab Include an unaltered copy of this License.\hyphpar0\par\pard\sb100\li1440\sl220\fi-480\qj \tqr\tx1390\tx1440\tab I.\tab Preserve the section entitled "History", and its title, and add to it an item stating at least the title, year, new authors, and publisher of the Modified Version as given on the Title Page. If there is no section entitled "History" in the Document, create one stating the title, year, authors, and publisher of the Document as given on its Title Page, then add an item describing the Modified Version as stated in the previous sentence.\hyphpar0\par\pard\sb100\li1440\sl220\fi-480\qj \tqr\tx1390\tx1440\tab J.\tab Preserve the network location, if any, given in the Document for public access to a Transparent copy of the Document, and likewise the network locations given in the Document for previous versions it was based on. These may be placed in the "History" section. You may omit a network location for a work that was published at least four years before the Document itself, or if the original publisher of the version it refers to gives permission.\hyphpar0\par\pard\sb100\li1440\sl220\fi-480\qj \tqr\tx1390\tx1440\tab K.\tab In any section entitled "Acknowledgements" or "Dedications", preserve the section's title, and preserve in the section all the substance and tone of each of the contributor acknowledgements and/or dedications given therein.\hyphpar0\par\pard\sb100\li1440\sl220\fi-480\qj \tqr\tx1390\tx1440\tab L.\tab Preserve all the Invariant Sections of the Document, unaltered in their text and in their titles. Section numbers or the equivalent are not considered part of the section titles.\hyphpar0\par\pard\sb100\li1440\sl220\fi-480\qj \tqr\tx1390\tx1440\tab M.\tab Delete any section entitled "Endorsements". Such a section may not be included in the Modified Version.\hyphpar0\par\pard\sb100\li1440\sl220\fi-480\qj \tqr\tx1390\tx1440\tab N.\tab Do not retitle any existing section as "Endorsements" or to conflict in title with any Invariant Section.\hyphpar0\par\pard\sb100\li960\sl220\qj \lang1033 If the Modified Version includes new front-matter sections or appendices that qualify as Secondary Sections and contain no material copied from the Document, you may at your option designate some or all of these sections as invariant. To do this, add their titles to the list of Invariant Sections in the Modified Version's license notice. These titles must be distinct from any other section titles.\hyphpar0\par\pard\sb100\li960\sl220\qj You may add a section entitled "Endorsements", provided it contains nothing but endorsements of your Modified Version by various parties--for example, statements of peer review or that the text has been approved by an organization as the authoritative definition of a standard.\hyphpar0\par\pard\sb100\li960\sl220\qj You may add a passage of up to five words as a Front-Cover Text, and a passage of up to 25 words as a Back-Cover Text, to the end of the list of Cover Texts in the Modified Version. Only one passage of Front-Cover Text and one of Back-Cover Text may be added by (or through arrangements made by) any one entity. If the Document already includes a cover text for the same cover, previously added by you or by arrangement made by the same entity you are acting on behalf of, you may not add another; but you may replace the old one, on explicit permission from the previous publisher that added the old one.\hyphpar0\par\pard\sb100\li960\sl220\qj The author(s) and publisher(s) of the Document do not by this License give permission to use their names for publicity for or to assert or imply endorsement of any Modified Version.\hyphpar0\par\pard\sb200\s2\sl293 {\*\bkmkstart ID_GFDL_45_5}{\*\bkmkend ID_GFDL_45_5}\b\fs26\lang1024\f2 COMBINING DOCUMENTS\keepn\hyphpar0\par\pard\sb133\li960\sl220\qj \b0\fs20\lang1033\f1 You may combine the Document with other documents released under this License, under the terms defined in section 4 above for modified versions, provided that you include in the combination all of the Invariant Sections of all of the original documents, unmodified, and list them all as Invariant Sections of your combined work in its license notice.\hyphpar0\par\pard\sb100\li960\sl220\qj The combined work need only contain one copy of this License, and multiple identical Invariant Sections may be replaced with a single copy. If there are multiple Invariant Sections with the same name but different contents, make the title of each such section unique by adding at the end of it, in parentheses, the name of the original author or publisher of that section if known, or else a unique number. Make the same adjustment to the section titles in the list of Invariant Sections in the license notice of the combined work.\hyphpar0\par\pard\sb100\li960\sl220\qj In the combination, you must combine any sections entitled "History" in the various original documents, forming one section entitled "History"; likewise combine any sections entitled "Acknowledgements", and any sections entitled "Dedications". You must delete all sections entitled "Endorsements."\hyphpar0\par\pard\sb200\s2\sl293 {\*\bkmkstart ID_GFDL_45_6}{\*\bkmkend ID_GFDL_45_6}\b\fs26\lang1024\f2 COLLECTIONS OF DOCUMENTS\keepn\hyphpar0\par\pard\sb133\li960\sl220\qj \b0\fs20\lang1033\f1 You may make a collection consisting of the Document and other documents released under this License, and replace the individual copies of this License in the various documents with a single copy that is included in the collection, provided that you follow the rules of this License for verbatim copying of each of the documents in all other respects.\hyphpar0\par\pard\sb100\li960\sl220\qj You may extract a single document from such a collection, and distribute it individually under this License, provided you insert a copy of this License into the extracted document, and follow this License in all other respects regarding verbatim copying of that document.\hyphpar0\par\pard\sb200\s2\sl293 {\*\bkmkstart ID_GFDL_45_7}{\*\bkmkend ID_GFDL_45_7}\b\fs26\lang1024\f2 AGGREGATION WITH INDEPENDENT WORKS\keepn\hyphpar0\par\pard\sb133\li960\sl220\qj \b0\fs20\lang1033\f1 A compilation of the Document or its derivatives with other separate and independent documents or works, in or on a volume of a storage or distribution medium, does not as a whole count as a Modified Version of the Document, provided no compilation copyright is claimed for the compilation. Such a compilation is called an "aggregate", and this License does not apply to the other self-contained works thus compiled with the Document, on account of their being thus compiled, if they are not themselves derivative works of the Document.\hyphpar0\par\pard\sb100\li960\sl220\qj If the Cover Text requirement of section 3 is applicable to these copies of the Document, then if the Document is less than one quarter of the entire aggregate, the Document's Cover Texts may be placed on covers that surround only the Document within the aggregate. Otherwise they must appear on covers around the whole aggregate.\hyphpar0\par\pard\sb200\s2\sl293 {\*\bkmkstart ID_GFDL_45_8}{\*\bkmkend ID_GFDL_45_8}\b\fs26\lang1024\f2 TRANSLATION\keepn\hyphpar0\par\pard\sb133\li960\sl220\qj \b0\fs20\lang1033\f1 Translation is considered a kind of modification, so you may distribute translations of the Document under the terms of section 4. Replacing Invariant Sections with translations requires special permission from their copyright holders, but you may include translations of some or all Invariant Sections in addition to the original versions of these Invariant Sections. You may include a translation of this License provided that you also include the original English version of this License. In case of a disagreement between the translation and the original English version of this License, the original English version will prevail.\hyphpar0\par\pard\sb200\s2\sl293 {\*\bkmkstart ID_GFDL_45_9}{\*\bkmkend ID_GFDL_45_9}\b\fs26\lang1024\f2 TERMINATION\keepn\hyphpar0\par\pard\sb133\li960\sl220\qj \b0\fs20\lang1033\f1 You may not copy, modify, sublicense, or distribute the Document except as expressly provided for under this License. Any other attempt to copy, modify, sublicense or distribute the Document is void, and will automatically terminate your rights under this License. However, parties who have received copies, or rights, from you under this License will not have their licenses terminated so long as such parties remain in full compliance.\hyphpar0\par\pard\sb200\s2\sl293 {\*\bkmkstart ID_GFDL_45_10}{\*\bkmkend ID_GFDL_45_10}\b\fs26\lang1024\f2 FUTURE REVISIONS OF THIS LICENSE\keepn\hyphpar0\par\pard\sb133\li960\sl220\qj \b0\fs20\lang1033\f1 The Free Software Foundation may publish new, revised versions of the GNU Free Documentation License from time to time. Such new versions will be similar in spirit to the present version, but may differ in detail to address new problems or concerns. See http://www.gnu.org/copyleft/\up8\fs12 1\up0\fs20 .\hyphpar0\par\pard\sb100\li960\sl220\qj Each version of the License is given a distinguishing version number. If the Document specifies that a particular numbered version of this License "or any later version" applies to it, you have the option of following the terms and conditions either of that specified version or of any later version that has been published (not as a draft) by the Free Software Foundation. If the Document does not specify a version number of this License, you may choose any version ever published (not as a draft) by the Free Software Foundation.\hyphpar0\par\pard\sb200\s2\sl293 {\*\bkmkstart ID_GFDL_45_11}{\*\bkmkend ID_GFDL_45_11}\b\fs26\lang1024\f2 How to use this License for your documents\keepn\hyphpar0\par\pard\sb133\li960\sl220\qj \b0\fs20\lang1033\f1 To use this License in a document you have written, include a copy of the License in the document and put the following copyright and license notices just after the title page:\hyphpar0\par\pard\sb100\li1160\ri200\sl198\qj \fs18 Copyright (c) YEAR YOUR NAME. Permission is granted to copy, distribute and/or modify this document under the terms of the GNU Free Documentation License, Version 1.1 or any later version published by the Free Software Foundation; with the Invariant Sections being LIST THEIR TITLES, with the Front-Cover Texts being LIST, and with the Back-Cover Texts being LIST. A copy of the license is included in the section entitled "GNU Free Documentation License".\hyphpar0\par\pard\sb100\li960\sl220\qj \fs20 If you have no Invariant Sections, write "with no Invariant Sections" instead of saying which ones are invariant. If you have no Front-Cover Texts, write "no Front-Cover Texts" instead of "Front-Cover Texts being LIST"; likewise for Back-Cover Texts.\hyphpar0\par\pard\sb100\li960\sl220\qj If your document contains nontrivial examples of program code, we recommend releasing these examples in parallel under your choice of free software license, such as the GNU General Public License, to permit their use in free software.\hyphpar0\par\pard\sb200\sl293 \b\fs26\lang1024\f2 Notes\keepn\hyphpar0\par\pard\sb133\li1280\sl220\fi-320\qj \tx1280 \b0\fs20\f1 1. \tab http://www.gnu.org/copyleft/\hyphpar0\par} iptraf-3.0.0/Documentation/q.log0100644000000000000000000000117010274337122015252 0ustar rootrootThis is TeX, Version 3.14159 (Web2C 7.4.5) (format=jadetex 2005.8.4) 4 AUG 2005 15:05 **q (/usr/share/texmf/tex/latex/tools/q.tex JadeTeX 2001/01/18: 3.2 File ignored ) ! Emergency stop. <*> q *** (job aborted, no legal \end found) Here is how much of TeX's memory you used: 4 strings out of 40929 82 string characters out of 345994 141358 words of memory out of 1100001 12799 multiletter control sequences out of 10000+50000 5199 words of font info for 18 fonts, out of 500000 for 1000 14 hyphenation exceptions out of 1000 4i,0n,1p,81b,7s stack positions out of 1500i,500n,1500p,200000b,5000s No pages of output. iptraf-3.0.0/Documentation/.log0100644000000000000000000000055510274337117015103 0ustar rootrootThis is pdfTeX, Version 3.14159-1.10b (Web2C 7.4.5) (format=pdftex 2005.8.4) 4 AUG 2005 15:05 **quit (/usr/share/texmf/tex/latex/tools/.tex{/usr/share/texmf/pdftex/config/pdftex.cf g} File ignored) *q *q *quit *q * ! Interruption. <*> ? q OK, entering \batchmode... ! Emergency stop. <*> *** (job aborted, no legal \end found) No pages of output. iptraf-3.0.0/Documentation/manual.log0100644000000000000000000007216010274336404016300 0ustar rootrootThis is TeX, Version 3.14159 (Web2C 7.4.5) (format=jadetex 2005.8.4) 4 AUG 2005 15:00 **manual.tex (./manual.tex JadeTeX 2001/01/18: 3.2 LaTeX Font Info: Try loading font information for T1+ptm on input line 1. (/usr/share/texmf/tex/latex/psnfss/t1ptm.fd File: t1ptm.fd 2001/06/04 font definitions for T1/ptm. ) Elements will be labelled Jade begin document sequence at 19 (./manual.aux) \openout1 = `manual.aux'. LaTeX Font Info: Checking defaults for OML/cmm/m/it on input line 19. LaTeX Font Info: ... okay on input line 19. LaTeX Font Info: Checking defaults for T1/cmr/m/n on input line 19. LaTeX Font Info: ... okay on input line 19. LaTeX Font Info: Checking defaults for OT1/cmr/m/n on input line 19. LaTeX Font Info: ... okay on input line 19. LaTeX Font Info: Checking defaults for OMS/cmsy/m/n on input line 19. LaTeX Font Info: ... okay on input line 19. LaTeX Font Info: Checking defaults for OMX/cmex/m/n on input line 19. LaTeX Font Info: ... okay on input line 19. LaTeX Font Info: Checking defaults for U/cmr/m/n on input line 19. LaTeX Font Info: ... okay on input line 19. LaTeX Font Info: Checking defaults for PD1/pdf/m/n on input line 19. LaTeX Font Info: ... okay on input line 19. LaTeX Font Info: Checking defaults for T2A/cmr/m/n on input line 19. LaTeX Font Info: Try loading font information for T2A+cmr on input line 19. (/usr/share/texmf/tex/latex/cyrillic/t2acmr.fd File: t2acmr.fd 2001/08/11 v1.0a Computer Modern Cyrillic font definitions ) LaTeX Font Info: ... okay on input line 19. LaTeX Font Info: Checking defaults for TS1/cmr/m/n on input line 19. LaTeX Font Info: Try loading font information for TS1+cmr on input line 19. (/usr/share/texmf/tex/latex/base/ts1cmr.fd File: ts1cmr.fd 1999/05/25 v2.5h Standard LaTeX font definitions ) LaTeX Font Info: ... okay on input line 19. LaTeX Font Info: Checking defaults for LECO/omseco/m/n on input line 19. LaTeX Font Info: ... okay on input line 19. LaTeX Font Info: Checking defaults for LECX/omsecx/m/n on input line 19. LaTeX Font Info: ... okay on input line 19. LaTeX Font Info: Checking defaults for LECY/omsecy/m/n on input line 19. LaTeX Font Info: ... okay on input line 19. LaTeX Font Info: Checking defaults for LEGR/omsegr/m/n on input line 19. LaTeX Font Info: ... okay on input line 19. LaTeX Font Info: Checking defaults for LEHA/omseha/m/n on input line 19. LaTeX Font Info: ... okay on input line 19. LaTeX Font Info: Checking defaults for LEIP/omseip/m/n on input line 19. LaTeX Font Info: ... okay on input line 19. LaTeX Font Info: Checking defaults for LELA/omsela/m/n on input line 19. LaTeX Font Info: ... okay on input line 19. LaTeX Font Info: Checking defaults for LETI/omseti/m/n on input line 19. LaTeX Font Info: ... okay on input line 19. Package hyperref Info: Link coloring ON on input line 19. (/usr/share/texmf/tex/latex/hyperref/nameref.sty Package: nameref 2001/01/27 v2.19 Cross-referencing by name of section \c@section@level=\count114 ) LaTeX Info: Redefining \ref on input line 19. LaTeX Info: Redefining \pageref on input line 19. (./manual.out) (./manual.out) \openout3 = `manual.out'. LaTeX Font Info: Try loading font information for T1+ppl on input line 32. (/usr/share/texmf/tex/latex/psnfss/t1ppl.fd File: t1ppl.fd 2001/06/04 font definitions for T1/ppl. ) Overfull \hbox (105.82433pt too wide) in paragraph at lines 1--83 []\T1/ptm/m/n/10 This is TeX, Ver-sion 3.14159 (Web2C 7.4.5) (./man-ual.tex Jad e-TeX 2001/01/18: 3.2 (/usr/share/texmf/tex/latex/psnfss/t1ptm.fd) [] Overfull \hbox (66.45444pt too wide) in paragraph at lines 1--83 \T1/ptm/m/n/10 El-e-ments will be la-belled Jade be-gin doc-u-ment se-quence at 19 (./man-ual.aux) (/usr/share/texmf/tex/latex/cyrillic/t2acmr.fd) [] Overfull \hbox (1.10448pt too wide) in paragraph at lines 1--83 \T1/ptm/m/n/10 (/usr/share/texmf/tex/latex/base/ts1cmr.fd) (/usr/share/texmf/te x/latex/hyperref/nameref.sty) (./man-ual.out [] Overfull \hbox (85.82433pt too wide) in paragraph at lines 1--83 \T1/ptm/m/n/10 This is TeX, Ver-sion 3.14159 (Web2C 7.4.5) (./man-ual.tex Jade- TeX 2001/01/18: 3.2 (/usr/share/texmf/tex/latex/psnfss/t1ptm.fd) [] Overfull \hbox (66.45444pt too wide) in paragraph at lines 1--83 \T1/ptm/m/n/10 El-e-ments will be la-belled Jade be-gin doc-u-ment se-quence at 19 (./man-ual.aux) (/usr/share/texmf/tex/latex/cyrillic/t2acmr.fd) [] Overfull \hbox (4.43443pt too wide) in paragraph at lines 1--83 \T1/ptm/m/n/10 (/usr/share/texmf/tex/latex/base/ts1cmr.fd) (/usr/share/texmf/te x/latex/hyperref/nameref.sty) (./man-ual.out) [] LaTeX Font Info: Try loading font information for T1+phv on input line 98. (/usr/share/texmf/tex/latex/psnfss/t1phv.fd File: t1phv.fd 2001/06/04 scalable font definitions for T1/phv. ) LaTeX Font Info: Font shape `T1/phv/bx/n' in size <16.105> not available (Font) Font shape `T1/phv/b/n' tried instead on input line 98. [1.0.59] [2.0.59 ] LaTeX Font Info: Font shape `T1/phv/bx/n' in size <10> not available (Font) Font shape `T1/phv/b/n' tried instead on input line 163. LaTeX Font Info: Try loading font information for TS1+ppl on input line 168. (/usr/share/texmf/tex/latex/psnfss/ts1ppl.fd File: ts1ppl.fd 2001/06/04 font definitions for TS1/ppl. ) [3.0.59] [4.0.59 ] LaTeX Font Info: Font shape `T1/phv/bx/n' in size <14.641> not available (Font) Font shape `T1/phv/b/n' tried instead on input line 337. LaTeX Font Info: Font shape `T1/ppl/bx/n' in size <10> not available (Font) Font shape `T1/ppl/b/n' tried instead on input line 354. [5.0.59] [6.0.59] LaTeX Font Info: Font shape `T1/phv/bx/it' in size <13.31> not available (Font) Font shape `T1/phv/b/it' tried instead on input line 2476. LaTeX Font Info: Font shape `T1/phv/b/it' in size <13.31> not available (Font) Font shape `T1/phv/b/sl' tried instead on input line 2476. LaTeX Font Info: Font shape `T1/phv/bx/n' in size <13.31> not available (Font) Font shape `T1/phv/b/n' tried instead on input line 2534. LaTeX Font Info: Try loading font information for T1+pcr on input line 2650. (/usr/share/texmf/tex/latex/psnfss/t1pcr.fd File: t1pcr.fd 2001/06/04 font definitions for T1/pcr. ) Overfull \hbox (1.58571pt too wide) in paragraph at lines 2783--2787 \T1/ppl/m/n/10 pre-sented. Be-cause UNIX and vari-ants are case-sensitive, cas e must be pre-served. [] LaTeX Font Info: Font shape `T1/pcr/m/it' in size <9> not available (Font) Font shape `T1/pcr/m/sl' tried instead on input line 2807. LaTeX Font Info: Font shape `T1/pcr/m/it' in size <10> not available (Font) Font shape `T1/pcr/m/sl' tried instead on input line 2837. [7.0.59 ] [8.0.59 ] LaTeX Font Info: Font shape `T1/phv/bx/n' in size <12.1> not available (Font) Font shape `T1/phv/b/n' tried instead on input line 3501. LaTeX Font Info: Font shape `T1/phv/bx/n' in size <11> not available (Font) Font shape `T1/phv/b/n' tried instead on input line 3560. [9.0.59] Overfull \hbox (93.14415pt too wide) in paragraph at lines 3999--4009 []\T1/ppl/m/n/10 IPTraf can be down-loaded from the In-ter-net from the of-fi- cial FTP site at [][][] ftp://iptraf.seul.org/pub/iptraf/[]. [] Overfull \hbox (61.95697pt too wide) in paragraph at lines 4026--4077 []\T1/ppl/m/n/10 The soft-ware is avail-able in source form in com-pressed [][ ][] \T1/pcr/m/n/9 .tar.gz \T1/ppl/m/n/10 files named [][][] \T1/pcr/m/n/9 ipt raf-[][][]\T1/pcr/m/sl/9 x.y.z\T1/pcr/m/n/9 .tar.gz [] [10.0.59] Overfull \hbox (5.5962pt too wide) in paragraph at lines 4556--4559 []\T1/ppl/m/n/10 If you re-ceived IP-Traf on a diskette, the sources are al-re ady de-com-pressed. The diskette [] LaTeX Font Info: Font shape `T1/phv/bx/n' in size <9> not available (Font) Font shape `T1/phv/b/n' tried instead on input line 4936. [11.0.59] [12.0.59] [13.0.59] LaTeX Warning: File `iptraf-mmenu.eps' not found on input line 6404. ! LaTeX Error: File `iptraf-mmenu.eps' not found. See the LaTeX manual or LaTeX Companion for explanation. Type H for immediate help. ... l.6404 {PNG}} \endPar{}\endNode{}\endPar{}\Node% Try typing to proceed. If that doesn't work, type X to quit. ! LaTeX Error: Cannot determine size of graphic in iptraf-mmenu.eps (no Boundin gBox). See the LaTeX manual or LaTeX Companion for explanation. Type H for immediate help. ... l.6404 {PNG}} \endPar{}\endNode{}\endPar{}\Node% Try typing to proceed. If that doesn't work, type X to quit. File: iptraf-mmenu.eps Graphic file (type eps) [14.0.59] Overfull \hbox (34.01518pt too wide) in paragraph at lines 6491--6512 \T1/ppl/m/n/10 ram-e-ter will im-me-di-ately ter-mi-nate af-ter be-ing sent a USR2 sig-nal. See [] [] [15.0.59] [16.0.59 ] Overfull \hbox (0.79999pt too wide) in alignment at lines 6821--6823 [] [] [] Overfull \hbox (0.79999pt too wide) in alignment at lines 6823--7015 [] [] [] LaTeX Warning: File `iptraf-logprompt.eps' not found on input line 7187. ! LaTeX Error: File `iptraf-logprompt.eps' not found. See the LaTeX manual or LaTeX Companion for explanation. Type H for immediate help. ... l.7187 {PNG}} \endPar{}\endNode{}\endPar{}\Node% Try typing to proceed. If that doesn't work, type X to quit. ! LaTeX Error: Cannot determine size of graphic in iptraf-logprompt.eps (no Bou ndingBox). See the LaTeX manual or LaTeX Companion for explanation. Type H for immediate help. ... l.7187 {PNG}} \endPar{}\endNode{}\endPar{}\Node% Try typing to proceed. If that doesn't work, type X to quit. File: iptraf-logprompt.eps Graphic file (type eps) [17.0.59] Overfull \hbox (5.06679pt too wide) in paragraph at lines 7447--7469 [][][][][] \T1/ppl/m/n/10 The loop-back in-ter-face. Ev-ery ma-chine has one, and has an IP ad-dress of 127.0.0.1. [] [18.0.59] [19.0.59] [20.0.59 ] LaTeX Warning: File `iptraf-iptm1.eps' not found on input line 8471. ! LaTeX Error: File `iptraf-iptm1.eps' not found. See the LaTeX manual or LaTeX Companion for explanation. Type H for immediate help. ... l.8471 {PNG}} \endPar{}\endNode{}\endPar{}\Node% Try typing to proceed. If that doesn't work, type X to quit. ! LaTeX Error: Cannot determine size of graphic in iptraf-iptm1.eps (no Boundin gBox). See the LaTeX manual or LaTeX Companion for explanation. Type H for immediate help. ... l.8471 {PNG}} \endPar{}\endNode{}\endPar{}\Node% Try typing to proceed. If that doesn't work, type X to quit. File: iptraf-iptm1.eps Graphic file (type eps) LaTeX Font Info: Font shape `T1/pcr/m/it' in size <8.1> not available (Font) Font shape `T1/pcr/m/sl' tried instead on input line 8770. [21.0.59] [22.0.59] [23.0.59] LaTeX Font Info: Try loading font information for U+msa on input line 9893. (/usr/share/texmf/tex/latex/amsfonts/umsa.fd File: umsa.fd 2002/01/19 v2.2g AMS font definitions ) LaTeX Font Info: Try loading font information for U+msb on input line 9893. (/usr/share/texmf/tex/latex/amsfonts/umsb.fd File: umsb.fd 2002/01/19 v2.2g AMS font definitions ) LaTeX Font Info: Try loading font information for U+wasy on input line 9893. (/usr/share/texmf/tex/latex/wasysym/uwasy.fd File: uwasy.fd 1999/05/13 v1.0i Wasy-2 symbol font definitions ) LaTeX Font Info: Try loading font information for U+stmry on input line 9893 . (/usr/share/texmf/tex/latex/misc/ustmry.fd) [24.0.59] LaTeX Font Info: Font shape `T1/phv/m/it' in size <9> not available (Font) Font shape `T1/phv/m/sl' tried instead on input line 10166. LaTeX Warning: File `iptraf-iptmsort.eps' not found on input line 10313. ! LaTeX Error: File `iptraf-iptmsort.eps' not found. See the LaTeX manual or LaTeX Companion for explanation. Type H for immediate help. ... l.10313 {PNG}} \endPar{}\endNode{}\endPar{}\Node% Try typing to proceed. If that doesn't work, type X to quit. ! LaTeX Error: Cannot determine size of graphic in iptraf-iptmsort.eps (no Boun dingBox). See the LaTeX manual or LaTeX Companion for explanation. Type H for immediate help. ... l.10313 {PNG}} \endPar{}\endNode{}\endPar{}\Node% Try typing to proceed. If that doesn't work, type X to quit. File: iptraf-iptmsort.eps Graphic file (type eps) [25.0.59] [26.0.59] [27.0.59] [28.0.59] [29.0.59] [30.0.59] [31.0.59] [32.0.59 ] LaTeX Warning: File `iptraf-gstat1.eps' not found on input line 13797. ! LaTeX Error: File `iptraf-gstat1.eps' not found. See the LaTeX manual or LaTeX Companion for explanation. Type H for immediate help. ... l.13797 {PNG}} \endPar{}\endNode{}\endPar{}\Node% Try typing to proceed. If that doesn't work, type X to quit. ! LaTeX Error: Cannot determine size of graphic in iptraf-gstat1.eps (no Boundi ngBox). See the LaTeX manual or LaTeX Companion for explanation. Type H for immediate help. ... l.13797 {PNG}} \endPar{}\endNode{}\endPar{}\Node% Try typing to proceed. If that doesn't work, type X to quit. File: iptraf-gstat1.eps Graphic file (type eps) [33.0.59] LaTeX Warning: File `iptraf-dstat1.eps' not found on input line 14168. ! LaTeX Error: File `iptraf-dstat1.eps' not found. See the LaTeX manual or LaTeX Companion for explanation. Type H for immediate help. ... l.14168 {PNG}} \endPar{}\endNode{}\endPar{}\Node% Try typing to proceed. If that doesn't work, type X to quit. ! LaTeX Error: Cannot determine size of graphic in iptraf-dstat1.eps (no Boundi ngBox). See the LaTeX manual or LaTeX Companion for explanation. Type H for immediate help. ... l.14168 {PNG}} \endPar{}\endNode{}\endPar{}\Node% Try typing to proceed. If that doesn't work, type X to quit. File: iptraf-dstat1.eps Graphic file (type eps) [34.0.59] [35.0.59] [36.0.59 ] LaTeX Warning: File `iptraf-pktsize.eps' not found on input line 14825. ! LaTeX Error: File `iptraf-pktsize.eps' not found. See the LaTeX manual or LaTeX Companion for explanation. Type H for immediate help. ... l.14825 {PNG}} \endPar{}\endNode{}\endPar{}\Node% Try typing to proceed. If that doesn't work, type X to quit. ! LaTeX Error: Cannot determine size of graphic in iptraf-pktsize.eps (no Bound ingBox). See the LaTeX manual or LaTeX Companion for explanation. Type H for immediate help. ... l.14825 {PNG}} \endPar{}\endNode{}\endPar{}\Node% Try typing to proceed. If that doesn't work, type X to quit. File: iptraf-pktsize.eps Graphic file (type eps) [37.0.59] LaTeX Warning: File `iptraf-tcpudp.eps' not found on input line 15086. ! LaTeX Error: File `iptraf-tcpudp.eps' not found. See the LaTeX manual or LaTeX Companion for explanation. Type H for immediate help. ... l.15086 {PNG}} \endPar{}\endNode{}\endPar{}\Node% Try typing to proceed. If that doesn't work, type X to quit. ! LaTeX Error: Cannot determine size of graphic in iptraf-tcpudp.eps (no Boundi ngBox). See the LaTeX manual or LaTeX Companion for explanation. Type H for immediate help. ... l.15086 {PNG}} \endPar{}\endNode{}\endPar{}\Node% Try typing to proceed. If that doesn't work, type X to quit. File: iptraf-tcpudp.eps Graphic file (type eps) LaTeX Warning: File `iptraf-tcpudpsort.eps' not found on input line 15390. ! LaTeX Error: File `iptraf-tcpudpsort.eps' not found. See the LaTeX manual or LaTeX Companion for explanation. Type H for immediate help. ... l.15390 {PNG}} \endPar{}\endNode{}\endPar{}\Node% Try typing to proceed. If that doesn't work, type X to quit. ! LaTeX Error: Cannot determine size of graphic in iptraf-tcpudpsort.eps (no Bo undingBox). See the LaTeX manual or LaTeX Companion for explanation. Type H for immediate help. ... l.15390 {PNG}} \endPar{}\endNode{}\endPar{}\Node% Try typing to proceed. If that doesn't work, type X to quit. File: iptraf-tcpudpsort.eps Graphic file (type eps) [38.0.59] [39.0.59] [40.0.59 ] LaTeX Warning: File `iptraf-hw.eps' not found on input line 15986. ! LaTeX Error: File `iptraf-hw.eps' not found. See the LaTeX manual or LaTeX Companion for explanation. Type H for immediate help. ... l.15986 {PNG}} \endPar{}\endNode{}\endPar{}\Node% Try typing to proceed. If that doesn't work, type X to quit. ! LaTeX Error: Cannot determine size of graphic in iptraf-hw.eps (no BoundingBo x). See the LaTeX manual or LaTeX Companion for explanation. Type H for immediate help. ... l.15986 {PNG}} \endPar{}\endNode{}\endPar{}\Node% Try typing to proceed. If that doesn't work, type X to quit. File: iptraf-hw.eps Graphic file (type eps) LaTeX Warning: File `iptraf-hwsort.eps' not found on input line 16131. ! LaTeX Error: File `iptraf-hwsort.eps' not found. See the LaTeX manual or LaTeX Companion for explanation. Type H for immediate help. ... l.16131 {PNG}} \endPar{}\endNode{}\endPar{}\Node% Try typing to proceed. If that doesn't work, type X to quit. ! LaTeX Error: Cannot determine size of graphic in iptraf-hwsort.eps (no Boundi ngBox). See the LaTeX manual or LaTeX Companion for explanation. Type H for immediate help. ... l.16131 {PNG}} \endPar{}\endNode{}\endPar{}\Node% Try typing to proceed. If that doesn't work, type X to quit. File: iptraf-hwsort.eps Graphic file (type eps) [41.0.59] [42.0.59] LaTeX Warning: File `iptraf-filtermenu.eps' not found on input line 16466. ! LaTeX Error: File `iptraf-filtermenu.eps' not found. See the LaTeX manual or LaTeX Companion for explanation. Type H for immediate help. ... l.16466 {PNG}} \endPar{}\endNode{}\endPar{}\Node% Try typing to proceed. If that doesn't work, type X to quit. ! LaTeX Error: Cannot determine size of graphic in iptraf-filtermenu.eps (no Bo undingBox). See the LaTeX manual or LaTeX Companion for explanation. Type H for immediate help. ... l.16466 {PNG}} \endPar{}\endNode{}\endPar{}\Node% Try typing to proceed. If that doesn't work, type X to quit. File: iptraf-filtermenu.eps Graphic file (type eps) LaTeX Warning: File `iptraf-ipfltmenu.eps' not found on input line 16581. ! LaTeX Error: File `iptraf-ipfltmenu.eps' not found. See the LaTeX manual or LaTeX Companion for explanation. Type H for immediate help. ... l.16581 {PNG}} \endPar{}\endNode{}\endPar{}\Node% Try typing to proceed. If that doesn't work, type X to quit. ! LaTeX Error: Cannot determine size of graphic in iptraf-ipfltmenu.eps (no Bou ndingBox). See the LaTeX manual or LaTeX Companion for explanation. Type H for immediate help. ... l.16581 {PNG}} \endPar{}\endNode{}\endPar{}\Node% Try typing to proceed. If that doesn't work, type X to quit. File: iptraf-ipfltmenu.eps Graphic file (type eps) LaTeX Warning: File `iptraf-ipfltnamedlg.eps' not found on input line 16713. ! LaTeX Error: File `iptraf-ipfltnamedlg.eps' not found. See the LaTeX manual or LaTeX Companion for explanation. Type H for immediate help. ... l.16713 {PNG}} \endPar{}\endNode{}\endPar{}\Node% Try typing to proceed. If that doesn't work, type X to quit. ! LaTeX Error: Cannot determine size of graphic in iptraf-ipfltnamedlg.eps (no BoundingBox). See the LaTeX manual or LaTeX Companion for explanation. Type H for immediate help. ... l.16713 {PNG}} \endPar{}\endNode{}\endPar{}\Node% Try typing to proceed. If that doesn't work, type X to quit. File: iptraf-ipfltnamedlg.eps Graphic file (type eps) [43.0.59 ] LaTeX Warning: File `iptraf-ipfltlist.eps' not found on input line 16841. ! LaTeX Error: File `iptraf-ipfltlist.eps' not found. See the LaTeX manual or LaTeX Companion for explanation. Type H for immediate help. ... l.16841 {PNG}} \endPar{}\endNode{}\endPar{}\Node% Try typing to proceed. If that doesn't work, type X to quit. ! LaTeX Error: Cannot determine size of graphic in iptraf-ipfltlist.eps (no Bou ndingBox). See the LaTeX manual or LaTeX Companion for explanation. Type H for immediate help. ... l.16841 {PNG}} \endPar{}\endNode{}\endPar{}\Node% Try typing to proceed. If that doesn't work, type X to quit. File: iptraf-ipfltlist.eps Graphic file (type eps) [44.0.59] [45.0.59] [46.0.59] LaTeX Warning: File `iptraf-ipfltdlg.eps' not found on input line 18185. ! LaTeX Error: File `iptraf-ipfltdlg.eps' not found. See the LaTeX manual or LaTeX Companion for explanation. Type H for immediate help. ... l.18185 {PNG}} \endPar{}\endNode{}\endPar{}\Node% Try typing to proceed. If that doesn't work, type X to quit. ! LaTeX Error: Cannot determine size of graphic in iptraf-ipfltdlg.eps (no Boun dingBox). See the LaTeX manual or LaTeX Companion for explanation. Type H for immediate help. ... l.18185 {PNG}} \endPar{}\endNode{}\endPar{}\Node% Try typing to proceed. If that doesn't work, type X to quit. File: iptraf-ipfltdlg.eps Graphic file (type eps) [47.0.59] [48.0.59] [49.0.59] [50.0.59] [51.0.59] [52.0.59 ] LaTeX Warning: File `iptraf-configmenu.eps' not found on input line 24103. ! LaTeX Error: File `iptraf-configmenu.eps' not found. See the LaTeX manual or LaTeX Companion for explanation. Type H for immediate help. ... l.24103 {PNG}} \endPar{}\endNode{}\endPar{}\Node% Try typing to proceed. If that doesn't work, type X to quit. ! LaTeX Error: Cannot determine size of graphic in iptraf-configmenu.eps (no Bo undingBox). See the LaTeX manual or LaTeX Companion for explanation. Type H for immediate help. ... l.24103 {PNG}} \endPar{}\endNode{}\endPar{}\Node% Try typing to proceed. If that doesn't work, type X to quit. File: iptraf-configmenu.eps Graphic file (type eps) Overfull \hbox (2.11646pt too wide) in paragraph at lines 24298--24321 \T1/ppl/m/n/10 map-pings will de-pend on the sys-tems ser-vices database file (usu-ally [][][] \T1/pcr/m/n/9 /etc/services\T1/ppl/m/n/10 ). [] [53.0.59] [54.0.59] [55.0.59] LaTeX Warning: File `iptraf-timermenu.eps' not found on input line 25399. ! LaTeX Error: File `iptraf-timermenu.eps' not found. See the LaTeX manual or LaTeX Companion for explanation. Type H for immediate help. ... l.25399 {PNG}} \endPar{}\endNode{}\endPar{}\Node% Try typing to proceed. If that doesn't work, type X to quit. ! LaTeX Error: Cannot determine size of graphic in iptraf-timermenu.eps (no Bou ndingBox). See the LaTeX manual or LaTeX Companion for explanation. Type H for immediate help. ... l.25399 {PNG}} \endPar{}\endNode{}\endPar{}\Node% Try typing to proceed. If that doesn't work, type X to quit. File: iptraf-timermenu.eps Graphic file (type eps) [56.0.59] [57.0.59] [58.0.59] [59.0.59 ] [60.0.59 ] Overfull \hbox (43.72673pt too wide) in paragraph at lines 27046--27058 \T1/ppl/m/n/10 sages are writ-ten to the [][][] \T1/pcr/m/n/9 iptraf.log \T1/ ppl/m/n/10 file in the IP-Traf log di-rec-tory (nor-mally [][][] \T1/pcr/m/n/9 /var/log/iptraf\T1/ppl/m/n/10 . [] Overfull \hbox (37.17651pt too wide) in paragraph at lines 27155--27164 \T1/ppl/m/n/10 you didn't prop-erly in-stall the pro-gram, and the nec-es-sary di-rec-tory [][][] \T1/pcr/m/n/9 /var/local/iptraf [] [61.0.59] [62.0.59] Overfull \hbox (19.78665pt too wide) in paragraph at lines 28339--28350 []\T1/ppl/m/n/10 IPTraf found no ac-tive in-ter-faces. Ei-ther all in-ter-face s are down or the [][][] \T1/pcr/m/n/9 /proc/net/dev [] Overfull \hbox (34.376pt too wide) in paragraph at lines 28339--28350 \T1/ppl/m/n/10 file was empty or un-avail-able. Ac-ti-vate at least one in-ter -face or check the [][][] \T1/pcr/m/n/9 /proc/net/dev [] [63.0.59] [64.0.59] Overfull \hbox (8.60098pt too wide) in paragraph at lines 28967--28968 []\T1/phv/b/n/9 Technical note: \T1/phv/m/n/9 This is ac-tu-ally a re-sponse t o the seg-men-ta-tion fault er-ror (SIGSEGV). [] [65.0.59] [66.0.59] [67.0.59] Overfull \hbox (32.99954pt too wide) in paragraph at lines 30337--30338 []\T1/pcr/m/n/9 Error binding client communication socket Error binding child communication [] [68.0.59] [69.0.59 ] [70.0.59] [71.0.59] [72.0.59] [73.0.59] [74.0.59] (./manual.aux) ) Here is how much of TeX's memory you used: 4083 strings out of 40929 27951 string characters out of 345994 171740 words of memory out of 1100001 16784 multiletter control sequences out of 10000+50000 37601 words of font info for 58 fonts, out of 500000 for 1000 14 hyphenation exceptions out of 1000 29i,12n,43p,339b,1457s stack positions out of 1500i,500n,1500p,200000b,5000s Output written on manual.dvi (74 pages, 736396 bytes). iptraf-3.0.0/Documentation/manual.aux0100644000000000000000000000664110274336404016315 0ustar rootroot\relax \ifx\hyper@anchor\@undefined \global \let \oldcontentsline\contentsline \gdef \contentsline#1#2#3#4{\oldcontentsline{#1}{#2}{#3}} \global \let \oldnewlabel\newlabel \gdef \newlabel#1#2{\newlabelxx{#1}#2} \gdef \newlabelxx#1#2#3#4#5#6{\oldnewlabel{#1}{{#2}{#3}}} \AtEndDocument{\let \contentsline\oldcontentsline \let \newlabel\oldnewlabel} \else \global \let \hyper@last\relax \fi \pagelabel{PREFACE}{7} \pagelabel{ADDINFO}{7} \pagelabel{CONVENTIONS}{7} \pagelabel{GETTINGSTARTED}{9} \pagelabel{65}{9} \pagelabel{INSTALLATION}{9} \pagelabel{96}{9} \pagelabel{134}{10} \pagelabel{149}{10} \pagelabel{186}{11} \pagelabel{UPGRADING}{11} \pagelabel{STARTSTOP}{12} \pagelabel{CMDLINE}{12} \pagelabel{MENUS}{14} \pagelabel{EXITING}{14} \gdef \LT@i {\LT@entry {2}{186.4pt}\LT@entry {2}{186.4pt}} \pagelabel{PREPARINGTOUSE}{17} \pagelabel{NUMBERS}{17} \pagelabel{INSTANCES}{17} \pagelabel{UPDATES}{18} \pagelabel{IFACES}{18} \pagelabel{ITRAFMON}{21} \pagelabel{UPPERWIN}{21} \pagelabel{725}{25} \pagelabel{736}{25} \pagelabel{LOWERWIN}{26} \pagelabel{835}{27} \pagelabel{1076}{30} \pagelabel{NETSTATS}{33} \pagelabel{GENSTATS}{33} \pagelabel{DETSTATS}{33} \pagelabel{STATBREAKDOWNS}{37} \pagelabel{PKTSIZE}{37} \pagelabel{SERVMON}{37} \pagelabel{1230}{38} \pagelabel{1222}{38} \pagelabel{1230}{39} \pagelabel{HOSTMON}{41} \pagelabel{SORTINGLAN}{41} \pagelabel{MORELANMONINFO}{42} \pagelabel{FILTERS}{43} \pagelabel{IPFILTERS}{43} \pagelabel{1304}{43} \gdef \LT@ii {\LT@entry {2}{186.0pt}\LT@entry {2}{186.0pt}} \gdef \LT@iii {\LT@entry {2}{186.0pt}\LT@entry {2}{186.0pt}} \gdef \LT@iv {\LT@entry {2}{186.0pt}\LT@entry {2}{186.0pt}} \gdef \LT@v {\LT@entry {2}{124.0pt}\LT@entry {2}{124.0pt}\LT@entry {2}{124.0pt}} \gdef \LT@vi {\LT@entry {2}{124.0pt}\LT@entry {2}{124.0pt}\LT@entry {2}{124.0pt}} \gdef \LT@vii {\LT@entry {2}{124.0pt}\LT@entry {2}{124.0pt}\LT@entry {2}{124.0pt}} \gdef \LT@viii {\LT@entry {2}{124.0pt}\LT@entry {2}{124.0pt}\LT@entry {2}{124.0pt}} \gdef \LT@ix {\LT@entry {2}{124.0pt}\LT@entry {2}{124.0pt}\LT@entry {2}{124.0pt}} \gdef \LT@x {\LT@entry {2}{124.0pt}\LT@entry {2}{124.0pt}\LT@entry {2}{124.0pt}} \gdef \LT@xi {\LT@entry {2}{124.0pt}\LT@entry {2}{124.0pt}\LT@entry {2}{124.0pt}} \gdef \LT@xii {\LT@entry {2}{124.0pt}\LT@entry {2}{124.0pt}\LT@entry {2}{124.0pt}} \gdef \LT@xiii {\LT@entry {2}{124.0pt}\LT@entry {2}{124.0pt}\LT@entry {2}{124.0pt}} \pagelabel{1902}{50} \pagelabel{1907}{50} \pagelabel{1922}{51} \pagelabel{1926}{51} \pagelabel{NONIPFILTERS}{51} \pagelabel{CONFIG}{53} \pagelabel{TOGGLES}{53} \pagelabel{1946}{53} \pagelabel{1950}{53} \pagelabel{1961}{53} \pagelabel{1971}{54} \pagelabel{1975}{54} \pagelabel{2012}{55} \pagelabel{2016}{55} \pagelabel{TIMERS}{55} \pagelabel{2029}{56} \pagelabel{2032}{56} \pagelabel{2037}{56} \pagelabel{2047}{57} \pagelabel{CUSTOMPORTS}{57} \pagelabel{2060}{57} \pagelabel{2065}{57} \pagelabel{2069}{57} \pagelabel{BACKOP}{59} \pagelabel{MESSAGES}{61} \pagelabel{IPTRAFMESSAGES}{61} \pagelabel{RVNAMEDMESSAGES}{67} \pagelabel{GFDL}{69} \pagelabel{GFDL-0}{69} \pagelabel{GFDL-1}{69} \pagelabel{GFDL-2}{70} \pagelabel{GFDL-3}{70} \pagelabel{GFDL-4}{71} \pagelabel{GFDL-6}{72} \pagelabel{GFDL-5}{72} \pagelabel{GFDL-6}{73} \pagelabel{GFDL-7}{73} \pagelabel{GFDL-8}{73} \pagelabel{GFDL-9}{73} \pagelabel{GFDL-10}{73} \pagelabel{GFDL-11}{74} iptraf-3.0.0/Documentation/manual.dvi0100644000000000000000000263621410274336404016311 0ustar rootroot; TeX output 2005.08.04:1500;⟷O! /DvipsToPDF { 72.27 mul Resolution div } def /PDFToDvips { 72.27 div Resolution mul } def /HyperBorder { 1 PDFToDvips } def /H.V {pdf@hoff pdf@voff null} def /H.B {/Rect[pdf@llx pdf@lly pdf@urx pdf@ury]} def /H.S { currentpoint HyperBorder add /pdf@lly exch def dup DvipsToPDF /pdf@hoff exch def HyperBorder sub /pdf@llx exch def } def /H.L { 2 sub dup /HyperBasePt exch def PDFToDvips /HyperBaseDvips exch def currentpoint HyperBaseDvips sub /pdf@ury exch def /pdf@urx exch def } def /H.A { H.L currentpoint exch pop vsize 72 sub exch DvipsToPDF HyperBasePt sub sub /pdf@voff exch def } def /H.R { currentpoint HyperBorder sub /pdf@ury exch def HyperBorder add /pdf@urx exch def currentpoint exch pop vsize 72 sub exch DvipsToPDF sub /pdf@voff exch def } def systemdict /pdfmark known not {userdict /pdfmark systemdict /cleartomark get put} if ps:SDict begin /product where{pop product(Distiller)search{pop pop pop version(.)search{exch pop exch pop(3011)eq{gsave newpath 0 0 moveto closepath clip/Courier findfont 10 scalefont setfont 72 72 moveto(.)show grestore}if}{pop}ifelse}{pop}ifelse}if endps:SDict begin [ /Title () /Subject () /Creator (LaTeX with hyperref package) /Author () /Producer (dvips + Distiller) /Keywords () /DOCINFO pdfmark end 0`color push Blackcolor push gray 0ps:SDict begin H.S endcolor push gray 0 color popps:SDict begin H.R endJps:SDict begin [ /View [/XYZ H.V] /Dest (page.1) cvn H.B /DEST pdfmark end color pop color popt?| ptmr8tThishisTLeX,Version3.14159(W37eb2CA7.4.5)(./manual.te٠xJadeTeXA2001/01/18:3.2(/usr/share/te٠xmf/tex/latex/psnfss/t1ptm.fd) `ElementshwillbelabelledJadebe٠gindocumentsequenceat19(./manual.aux)(/usr/share/texmf/tex/latex/cyrillic/t2acmrs8.fd)`(/usr/share/te٠xmf/tex/latex/base/ts1cmrs8.fd)h(/usr/share/texmf/tex/latex/h7yperref/nameref.sty)(./manual.out`ThishisTLeX,Version3.14159(W37eb2CA7.4.5)(./manual.te٠xJadeTeXA2001/01/18:3.2(/usr/share/te٠xmf/tex/latex/psnfss/t1ptm.fd)`ElementshwillbelabelledJadebe٠gindocumentsequenceat19(./manual.aux)(/usr/share/texmf/tex/latex/cyrillic/t2acmrs8.fd)`(/usr/share/te٠xmf/tex/latex/base/ts1cmrs8.fd)h(/usr/share/texmf/tex/latex/h7yperref/nameref.sty)(./manual.out)`(./manual.outTps:SDict begin [ /Page 1 /View [ /Fit ] /PageMode /UseOutlines /DOCVIEW pdfmark endJps:SDict begin [ {Catalog} << /ViewerPreferences << >> >> /PUT pdfmark endps:SDict begin H.S endps:SDict begin 12 H.A endMps:SDict begin [ /View [/XYZ H.V] /Dest (Doc-Start) cvn H.B /DEST pdfmark endpapersize=0.0pt,0.0ptps:SDict begin H.S endps:SDict begin 12 H.A endJps:SDict begin [ /View [/XYZ H.V] /Dest (MANUAL) cvn H.B /DEST pdfmark end˅㍸ phvb8tIPT2rafzUser'sManual0`color push Black color pop;*⟷ps:SDict begin /product where{pop product(Distiller)search{pop pop pop version(.)search{exch pop exch pop(3011)eq{gsave newpath 0 0 moveto closepath clip/Courier findfont 10 scalefont setfont 72 72 moveto(.)show grestore}if}{pop}ifelse}{pop}ifelse}if end 0`color push Blackcolor push gray 0ps:SDict begin H.S endcolor push gray 0 color popps:SDict begin H.R endJps:SDict begin [ /View [/XYZ H.V] /Dest (page.2) cvn H.B /DEST pdfmark end color pop color pop0`color push Black color pop; ⟷ps:SDict begin /product where{pop product(Distiller)search{pop pop pop version(.)search{exch pop exch pop(3011)eq{gsave newpath 0 0 moveto closepath clip/Courier findfont 10 scalefont setfont 72 72 moveto(.)show grestore}if}{pop}ifelse}{pop}ifelse}if end 0`color push Blackcolor push gray 0ps:SDict begin H.S endcolor push gray 0 color popps:SDict begin H.R endJps:SDict begin [ /View [/XYZ H.V] /Dest (page.3) cvn H.B /DEST pdfmark end color pop color pop` phvb8tIPT37rafǧUser'fgsMangual `E( pplr8tCopyright#Z pplr8c1997,2003byGerardPaulJava`E( pplr8tThismanualisr&eleasedunderthetermsoftheGNUFreeDocumentationLicenseofMarch,2000aspublishedbythe`Fr&eeSoftwareFoundation,reproducedinthismanualasAppendixB.`IPTGrafisopen-sour&cesoftwarereleasedunderthetermsoftheGNUGeneralPublicLicenseversion2oranylater`versionaspublishedbytheFr&eeSoftwareFoundation,reproducedintheLICENSEleinthedistribution'stop-level`dir&ectory.`Theaccomanyingsoftwar&eandtheinformationcontainedinthisdocumentareprovided"ASIS"withoutwarrantyof`anykind,expr&essorimplied,including,withoutlimitation,theimpliedwarrantiesofmercantabilityortnessforany`particularpurpose.`Inwnoeventshalltheauthorbeliableforanyindir&ect,special,consequential,orincidentaldamagesarisingfromtheuse`ofthismanualortheaccompanyingsoftwar&eeveniftheauthorhasbeenadvisedofthepossibilityofsuchdamages.`Linuxisar&egisteredtrademarkofLinusTCorvalds.Pentiumisar&egisteredtrademarkofIntelCorporation.Allother`trademarksar&epropertyoftheirrespectiveowners.`Somestructur&edeclarationswerebasedoncodecopyrightedbytheRegentsoftheUniversityofCalifornia.`TCokenRingparsingcodebasedontheTokenRingpacketconstructioncodeintheLinux2.2kernel.0`color push Black color pop;q⟷ps:SDict begin /product where{pop product(Distiller)search{pop pop pop version(.)search{exch pop exch pop(3011)eq{gsave newpath 0 0 moveto closepath clip/Courier findfont 10 scalefont setfont 72 72 moveto(.)show grestore}if}{pop}ifelse}{pop}ifelse}if end 0`color push Blackcolor push gray 0ps:SDict begin H.S endcolor push gray 0 color popps:SDict begin H.R endJps:SDict begin [ /View [/XYZ H.V] /Dest (page.4) cvn H.B /DEST pdfmark end color pop color pop0`color push Black color pop;p⟷ps:SDict begin /product where{pop product(Distiller)search{pop pop pop version(.)search{exch pop exch pop(3011)eq{gsave newpath 0 0 moveto closepath clip/Courier findfont 10 scalefont setfont 72 72 moveto(.)show grestore}if}{pop}ifelse}{pop}ifelse}if end 0`color push Blackcolor push gray 0ps:SDict begin H.S endcolor push gray 0 color popps:SDict begin H.R endJps:SDict begin [ /View [/XYZ H.V] /Dest (page.5) cvn H.B /DEST pdfmark end color pop color pop;` phvb8tT-abچleofContentsps:SDict begin H.S endps:SDict begin 16.105 H.A endGps:SDict begin [ /View [/XYZ H.V] /Dest (1.0) cvn H.B /DEST pdfmark endR-color push gray 0ps:SDict begin H.S end,  pplb8tAboutThisDocumentps:SDict begin 11 H.L endmps:SDict begin [ /Subtype /Link /Dest (PREFACE) cvn /H /I /Border [0 0 0] /Color [1 0 0] H.B /ANN pdfmark end color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color pop+color push gray 0ps:SDict begin H.S end-999ps:SDict begin 11 H.L endmps:SDict begin [ /Subtype /Link /Dest (PREFACE) cvn /H /I /Border [0 0 0] /Color [1 0 0] H.B /ANN pdfmark end color pop ffcolor push gray 0ps:SDict begin H.S endForAdditionalInformationps:SDict begin 11 H.L endmps:SDict begin [ /Subtype /Link /Dest (ADDINFO) cvn /H /I /Border [0 0 0] /Color [1 0 0] H.B /ANN pdfmark end color pop#color push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color pop+color push gray 0ps:SDict begin H.S end-999ps:SDict begin 11 H.L endmps:SDict begin [ /Subtype /Link /Dest (ADDINFO) cvn /H /I /Border [0 0 0] /Color [1 0 0] H.B /ANN pdfmark end color pop color push gray 0ps:SDict begin H.S endDocumentConventionsps:SDict begin 11 H.L endqps:SDict begin [ /Subtype /Link /Dest (CONVENTIONS) cvn /H /I /Border [0 0 0] /Color [1 0 0] H.B /ANN pdfmark end color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color pop+color push gray 0ps:SDict begin H.S end-999ps:SDict begin 11 H.L endqps:SDict begin [ /Subtype /Link /Dest (CONVENTIONS) cvn /H /I /Border [0 0 0] /Color [1 0 0] H.B /ANN pdfmark end color popcolor push gray 0ps:SDict begin H.S end1.GettingStartedps:SDict begin 11 H.L endtps:SDict begin [ /Subtype /Link /Dest (GETTINGSTARTED) cvn /H /I /Border [0 0 0] /Color [1 0 0] H.B /ANN pdfmark end color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color pop+color push gray 0ps:SDict begin H.S end-999ps:SDict begin 11 H.L endtps:SDict begin [ /Subtype /Link /Dest (GETTINGSTARTED) cvn /H /I /Border [0 0 0] /Color [1 0 0] H.B /ANN pdfmark end color popcolor push gray 0ps:SDict begin H.S endAboutIPTrafps:SDict begin 11 H.L endhps:SDict begin [ /Subtype /Link /Dest (65) cvn /H /I /Border [0 0 0] /Color [1 0 0] H.B /ANN pdfmark end color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color pop+color push gray 0ps:SDict begin H.S end-999ps:SDict begin 11 H.L endhps:SDict begin [ /Subtype /Link /Dest (65) cvn /H /I /Border [0 0 0] /Color [1 0 0] H.B /ANN pdfmark end color pop color push gray 0ps:SDict begin H.S endInstallationps:SDict begin 11 H.L endrps:SDict begin [ /Subtype /Link /Dest (INSTALLATION) cvn /H /I /Border [0 0 0] /Color [1 0 0] H.B /ANN pdfmark end color popڀcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color pop+color push gray 0ps:SDict begin H.S end-999ps:SDict begin 11 H.L endrps:SDict begin [ /Subtype /Link /Dest (INSTALLATION) cvn /H /I /Border [0 0 0] /Color [1 0 0] H.B /ANN pdfmark end color popcolor push gray 0ps:SDict begin H.S endSystemRequirementsps:SDict begin 11 H.L endhps:SDict begin [ /Subtype /Link /Dest (96) cvn /H /I /Border [0 0 0] /Color [1 0 0] H.B /ANN pdfmark end color pop color push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color pop+color push gray 0ps:SDict begin H.S end-999ps:SDict begin 11 H.L endhps:SDict begin [ /Subtype /Link /Dest (96) cvn /H /I /Border [0 0 0] /Color [1 0 0] H.B /ANN pdfmark end color popcolor push gray 0ps:SDict begin H.S endAvailabilityps:SDict begin 11 H.L endips:SDict begin [ /Subtype /Link /Dest (134) cvn /H /I /Border [0 0 0] /Color [1 0 0] H.B /ANN pdfmark end color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color pop+color push gray 0ps:SDict begin H.S end-999ps:SDict begin 11 H.L endips:SDict begin [ /Subtype /Link /Dest (134) cvn /H /I /Border [0 0 0] /Color [1 0 0] H.B /ANN pdfmark end color popcolor push gray 0ps:SDict begin H.S endInstallingDownloadedPackagesps:SDict begin 11 H.L endips:SDict begin [ /Subtype /Link /Dest (149) cvn /H /I /Border [0 0 0] /Color [1 0 0] H.B /ANN pdfmark end color popRcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color pop+color push gray 0ps:SDict begin H.S end-999ps:SDict begin 11 H.L endips:SDict begin [ /Subtype /Link /Dest (149) cvn /H /I /Border [0 0 0] /Color [1 0 0] H.B /ANN pdfmark end color popcolor push gray 0ps:SDict begin H.S endInstallingaFloppyDistributionps:SDict begin 11 H.L endips:SDict begin [ /Subtype /Link /Dest (186) cvn /H /I /Border [0 0 0] /Color [1 0 0] H.B /ANN pdfmark end color popMcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color pop+color push gray 0ps:SDict begin H.S end-999ps:SDict begin 11 H.L endips:SDict begin [ /Subtype /Link /Dest (186) cvn /H /I /Border [0 0 0] /Color [1 0 0] H.B /ANN pdfmark end color popcolor push gray 0ps:SDict begin H.S endUpgradingfromEarlierVersionsps:SDict begin 11 H.L endops:SDict begin [ /Subtype /Link /Dest (UPGRADING) cvn /H /I /Border [0 0 0] /Color [1 0 0] H.B /ANN pdfmark end color pop9color push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color pop+color push gray 0ps:SDict begin H.S end-999ps:SDict begin 11 H.L endops:SDict begin [ /Subtype /Link /Dest (UPGRADING) cvn /H /I /Border [0 0 0] /Color [1 0 0] H.B /ANN pdfmark end color popcolor push gray 0ps:SDict begin H.S endStartingandStoppingIPTrafps:SDict begin 11 H.L endops:SDict begin [ /Subtype /Link /Dest (STARTSTOP) cvn /H /I /Border [0 0 0] /Color [1 0 0] H.B /ANN pdfmark end color pop(color push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color pop+color push gray 0ps:SDict begin H.S end-999ps:SDict begin 11 H.L endops:SDict begin [ /Subtype /Link /Dest (STARTSTOP) cvn /H /I /Border [0 0 0] /Color [1 0 0] H.B /ANN pdfmark end color popcolor push gray 0ps:SDict begin H.S endCommand-lineOptionsps:SDict begin 11 H.L endmps:SDict begin [ /Subtype /Link /Dest (CMDLINE) cvn /H /I /Border [0 0 0] /Color [1 0 0] H.B /ANN pdfmark end color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color pop+color push gray 0ps:SDict begin H.S end-999ps:SDict begin 11 H.L endmps:SDict begin [ /Subtype /Link /Dest (CMDLINE) cvn /H /I /Border [0 0 0] /Color [1 0 0] H.B /ANN pdfmark end color popcolor push gray 0ps:SDict begin H.S endUsingtheMenusps:SDict begin 11 H.L endkps:SDict begin [ /Subtype /Link /Dest (MENUS) cvn /H /I /Border [0 0 0] /Color [1 0 0] H.B /ANN pdfmark end color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color pop+color push gray 0ps:SDict begin H.S end-999ps:SDict begin 11 H.L endkps:SDict begin [ /Subtype /Link /Dest (MENUS) cvn /H /I /Border [0 0 0] /Color [1 0 0] H.B /ANN pdfmark end color popcolor push gray 0ps:SDict begin H.S endExitingIPTrafps:SDict begin 11 H.L endmps:SDict begin [ /Subtype /Link /Dest (EXITING) cvn /H /I /Border [0 0 0] /Color [1 0 0] H.B /ANN pdfmark end color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color pop+color push gray 0ps:SDict begin H.S end-999ps:SDict begin 11 H.L endmps:SDict begin [ /Subtype /Link /Dest (EXITING) cvn /H /I /Border [0 0 0] /Color [1 0 0] H.B /ANN pdfmark end color pop ffcolor push gray 0ps:SDict begin H.S end2.PreparingtoUseIPTrafps:SDict begin 11 H.L endtps:SDict begin [ /Subtype /Link /Dest (PREPARINGTOUSE) cvn /H /I /Border [0 0 0] /Color [1 0 0] H.B /ANN pdfmark end color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color pop+color push gray 0ps:SDict begin H.S end-999ps:SDict begin 11 H.L endtps:SDict begin [ /Subtype /Link /Dest (PREPARINGTOUSE) cvn /H /I /Border [0 0 0] /Color [1 0 0] H.B /ANN pdfmark end color popcolor push gray 0ps:SDict begin H.S endNumberDisplayNotationsps:SDict begin 11 H.L endmps:SDict begin [ /Subtype /Link /Dest (NUMBERS) cvn /H /I /Border [0 0 0] /Color [1 0 0] H.B /ANN pdfmark end color pop#color push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color pop+color push gray 0ps:SDict begin H.S end-999ps:SDict begin 11 H.L endmps:SDict begin [ /Subtype /Link /Dest (NUMBERS) cvn /H /I /Border [0 0 0] /Color [1 0 0] H.B /ANN pdfmark end color pop color push gray 0ps:SDict begin H.S endInstancesandLoggingps:SDict begin 11 H.L endops:SDict begin [ /Subtype /Link /Dest (INSTANCES) cvn /H /I /Border [0 0 0] /Color [1 0 0] H.B /ANN pdfmark end color pop color push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color pop+color push gray 0ps:SDict begin H.S end-999ps:SDict begin 11 H.L endops:SDict begin [ /Subtype /Link /Dest (INSTANCES) cvn /H /I /Border [0 0 0] /Color [1 0 0] H.B /ANN pdfmark end color popcolor push gray 0ps:SDict begin H.S endScreenUpdateDelaysps:SDict begin 11 H.L endmps:SDict begin [ /Subtype /Link /Dest (UPDATES) cvn /H /I /Border [0 0 0] /Color [1 0 0] H.B /ANN pdfmark end color pop color push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color pop+color push gray 0ps:SDict begin H.S end-999ps:SDict begin 11 H.L endmps:SDict begin [ /Subtype /Link /Dest (UPDATES) cvn /H /I /Border [0 0 0] /Color [1 0 0] H.B /ANN pdfmark end color popcolor push gray 0ps:SDict begin H.S endSupportedNetworkInterfacesps:SDict begin 11 H.L endlps:SDict begin [ /Subtype /Link /Dest (IFACES) cvn /H /I /Border [0 0 0] /Color [1 0 0] H.B /ANN pdfmark end color pop/color push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color pop+color push gray 0ps:SDict begin H.S end-999ps:SDict begin 11 H.L endlps:SDict begin [ /Subtype /Link /Dest (IFACES) cvn /H /I /Border [0 0 0] /Color [1 0 0] H.B /ANN pdfmark end color pop ffcolor push gray 0ps:SDict begin H.S end3.TheIPTracMonitorps:SDict begin 11 H.L endnps:SDict begin [ /Subtype /Link /Dest (ITRAFMON) cvn /H /I /Border [0 0 0] /Color [1 0 0] H.B /ANN pdfmark end color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color pop+color push gray 0ps:SDict begin H.S end-999ps:SDict begin 11 H.L endnps:SDict begin [ /Subtype /Link /Dest (ITRAFMON) cvn /H /I /Border [0 0 0] /Color [1 0 0] H.B /ANN pdfmark end color popcolor push gray 0ps:SDict begin H.S endTheUpperWs8indowps:SDict begin 11 H.L endnps:SDict begin [ /Subtype /Link /Dest (UPPERWIN) cvn /H /I /Border [0 0 0] /Color [1 0 0] H.B /ANN pdfmark end color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color pop+color push gray 0ps:SDict begin H.S end-999ps:SDict begin 11 H.L endnps:SDict begin [ /Subtype /Link /Dest (UPPERWIN) cvn /H /I /Border [0 0 0] /Color [1 0 0] H.B /ANN pdfmark end color pop color push gray 0ps:SDict begin H.S endClosed/Idle/Ts8imedOutConnectionsps:SDict begin 11 H.L endips:SDict begin [ /Subtype /Link /Dest (725) cvn /H /I /Border [0 0 0] /Color [1 0 0] H.B /ANN pdfmark end color popfcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color pop+color push gray 0ps:SDict begin H.S end-999ps:SDict begin 11 H.L endips:SDict begin [ /Subtype /Link /Dest (725) cvn /H /I /Border [0 0 0] /Color [1 0 0] H.B /ANN pdfmark end color popcolor push gray 0ps:SDict begin H.S endSortingTCPEntriesps:SDict begin 11 H.L endips:SDict begin [ /Subtype /Link /Dest (736) cvn /H /I /Border [0 0 0] /Color [1 0 0] H.B /ANN pdfmark end color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color pop+color push gray 0ps:SDict begin H.S end-999ps:SDict begin 11 H.L endips:SDict begin [ /Subtype /Link /Dest (736) cvn /H /I /Border [0 0 0] /Color [1 0 0] H.B /ANN pdfmark end color popcolor push gray 0ps:SDict begin H.S endLowerWs8indowps:SDict begin 11 H.L endnps:SDict begin [ /Subtype /Link /Dest (LOWERWIN) cvn /H /I /Border [0 0 0] /Color [1 0 0] H.B /ANN pdfmark end color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color pop+color push gray 0ps:SDict begin H.S end-999ps:SDict begin 11 H.L endnps:SDict begin [ /Subtype /Link /Dest (LOWERWIN) cvn /H /I /Border [0 0 0] /Color [1 0 0] H.B /ANN pdfmark end color popcolor push gray 0ps:SDict begin H.S endEntryDetailsps:SDict begin 11 H.L endips:SDict begin [ /Subtype /Link /Dest (835) cvn /H /I /Border [0 0 0] /Color [1 0 0] H.B /ANN pdfmark end color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color pop+color push gray 0ps:SDict begin H.S end-999ps:SDict begin 11 H.L endips:SDict begin [ /Subtype /Link /Dest (835) cvn /H /I /Border [0 0 0] /Color [1 0 0] H.B /ANN pdfmark end color popcolor push gray 0ps:SDict begin H.S endAdditionalInformationps:SDict begin 11 H.L endjps:SDict begin [ /Subtype /Link /Dest (1076) cvn /H /I /Border [0 0 0] /Color [1 0 0] H.B /ANN pdfmark end color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color pop+color push gray 0ps:SDict begin H.S end-999ps:SDict begin 11 H.L endjps:SDict begin [ /Subtype /Link /Dest (1076) cvn /H /I /Border [0 0 0] /Color [1 0 0] H.B /ANN pdfmark end color pop ffcolor push gray 0ps:SDict begin H.S end4.NetworkInterfaceStatisticsps:SDict begin 11 H.L endnps:SDict begin [ /Subtype /Link /Dest (NETSTATS) cvn /H /I /Border [0 0 0] /Color [1 0 0] H.B /ANN pdfmark end color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color pop+color push gray 0ps:SDict begin H.S end-999ps:SDict begin 11 H.L endnps:SDict begin [ /Subtype /Link /Dest (NETSTATS) cvn /H /I /Border [0 0 0] /Color [1 0 0] H.B /ANN pdfmark end color popcolor push gray 0ps:SDict begin H.S endGeneralInterfaceStatisticsps:SDict begin 11 H.L endnps:SDict begin [ /Subtype /Link /Dest (GENSTATS) cvn /H /I /Border [0 0 0] /Color [1 0 0] H.B /ANN pdfmark end color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color pop+color push gray 0ps:SDict begin H.S end-999ps:SDict begin 11 H.L endnps:SDict begin [ /Subtype /Link /Dest (GENSTATS) cvn /H /I /Border [0 0 0] /Color [1 0 0] H.B /ANN pdfmark end color pop color push gray 0ps:SDict begin H.S endDetailedInterfaceStatisticsps:SDict begin 11 H.L endnps:SDict begin [ /Subtype /Link /Dest (DETSTATS) cvn /H /I /Border [0 0 0] /Color [1 0 0] H.B /ANN pdfmark end color pop color push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color pop+color push gray 0ps:SDict begin H.S end-999ps:SDict begin 11 H.L endnps:SDict begin [ /Subtype /Link /Dest (DETSTATS) cvn /H /I /Border [0 0 0] /Color [1 0 0] H.B /ANN pdfmark end color popcolor push gray 0ps:SDict begin H.S end5.StatisticalBreakdownsps:SDict begin 11 H.L endtps:SDict begin [ /Subtype /Link /Dest (STATBREAKDOWNS) cvn /H /I /Border [0 0 0] /Color [1 0 0] H.B /ANN pdfmark end color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color pop+color push gray 0ps:SDict begin H.S end-999ps:SDict begin 11 H.L endtps:SDict begin [ /Subtype /Link /Dest (STATBREAKDOWNS) cvn /H /I /Border [0 0 0] /Color [1 0 0] H.B /ANN pdfmark end color popcolor push gray 0ps:SDict begin H.S endPacketSizesps:SDict begin 11 H.L endmps:SDict begin [ /Subtype /Link /Dest (PKTSIZE) cvn /H /I /Border [0 0 0] /Color [1 0 0] H.B /ANN pdfmark end color pop߀color push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color pop+color push gray 0ps:SDict begin H.S end-999ps:SDict begin 11 H.L endmps:SDict begin [ /Subtype /Link /Dest (PKTSIZE) cvn /H /I /Border [0 0 0] /Color [1 0 0] H.B /ANN pdfmark end color popcolor push gray 0ps:SDict begin H.S endTCPandUDPTracStatisticsps:SDict begin 11 H.L endmps:SDict begin [ /Subtype /Link /Dest (SERVMON) cvn /H /I /Border [0 0 0] /Color [1 0 0] H.B /ANN pdfmark end color pop/color push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color pop+color push gray 0ps:SDict begin H.S end-999ps:SDict begin 11 H.L endmps:SDict begin [ /Subtype /Link /Dest (SERVMON) cvn /H /I /Border [0 0 0] /Color [1 0 0] H.B /ANN pdfmark end color popcolor push gray 0ps:SDict begin H.S endSortingTCP/UDPEntriesps:SDict begin 11 H.L endjps:SDict begin [ /Subtype /Link /Dest (1222) cvn /H /I /Border [0 0 0] /Color [1 0 0] H.B /ANN pdfmark end color pop4color push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color pop+color push gray 0ps:SDict begin H.S end-999ps:SDict begin 11 H.L endjps:SDict begin [ /Subtype /Link /Dest (1222) cvn /H /I /Border [0 0 0] /Color [1 0 0] H.B /ANN pdfmark end color popcolor push gray 0ps:SDict begin H.S endAdditionalInformationps:SDict begin 11 H.L endjps:SDict begin [ /Subtype /Link /Dest (1230) cvn /H /I /Border [0 0 0] /Color [1 0 0] H.B /ANN pdfmark end color pop(color push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color pop+color push gray 0ps:SDict begin H.S end-999ps:SDict begin 11 H.L endjps:SDict begin [ /Subtype /Link /Dest (1230) cvn /H /I /Border [0 0 0] /Color [1 0 0] H.B /ANN pdfmark end color popcolor push gray 0ps:SDict begin H.S end6.LANStationStatisticsps:SDict begin 11 H.L endmps:SDict begin [ /Subtype /Link /Dest (HOSTMON) cvn /H /I /Border [0 0 0] /Color [1 0 0] H.B /ANN pdfmark end color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color pop+color push gray 0ps:SDict begin H.S end-999ps:SDict begin 11 H.L endmps:SDict begin [ /Subtype /Link /Dest (HOSTMON) cvn /H /I /Border [0 0 0] /Color [1 0 0] H.B /ANN pdfmark end color popcolor push gray 0ps:SDict begin H.S endSortingtheLANStationMonitorEntriesps:SDict begin 11 H.L endpps:SDict begin [ /Subtype /Link /Dest (SORTINGLAN) cvn /H /I /Border [0 0 0] /Color [1 0 0] H.B /ANN pdfmark end color pop\color push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color pop+color push gray 0ps:SDict begin H.S end-999ps:SDict begin 11 H.L endpps:SDict begin [ /Subtype /Link /Dest (SORTINGLAN) cvn /H /I /Border [0 0 0] /Color [1 0 0] H.B /ANN pdfmark end color popcolor push gray 0ps:SDict begin H.S endAdditionalInformationps:SDict begin 11 H.L endtps:SDict begin [ /Subtype /Link /Dest (MORELANMONINFO) cvn /H /I /Border [0 0 0] /Color [1 0 0] H.B /ANN pdfmark end color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color pop+color push gray 0ps:SDict begin H.S end-999ps:SDict begin 11 H.L endtps:SDict begin [ /Subtype /Link /Dest (MORELANMONINFO) cvn /H /I /Border [0 0 0] /Color [1 0 0] H.B /ANN pdfmark end color popcolor push gray 0ps:SDict begin H.S end7.Filtersps:SDict begin 11 H.L endmps:SDict begin [ /Subtype /Link /Dest (FILTERS) cvn /H /I /Border [0 0 0] /Color [1 0 0] H.B /ANN pdfmark end color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color pop+color push gray 0ps:SDict begin H.S end-999ps:SDict begin 11 H.L endmps:SDict begin [ /Subtype /Link /Dest (FILTERS) cvn /H /I /Border [0 0 0] /Color [1 0 0] H.B /ANN pdfmark end color popcolor push gray 0ps:SDict begin H.S endIPFiltersps:SDict begin 11 H.L endops:SDict begin [ /Subtype /Link /Dest (IPFILTERS) cvn /H /I /Border [0 0 0] /Color [1 0 0] H.B /ANN pdfmark end color popЀcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color pop+color push gray 0ps:SDict begin H.S end-999ps:SDict begin 11 H.L endops:SDict begin [ /Subtype /Link /Dest (IPFILTERS) cvn /H /I /Border [0 0 0] /Color [1 0 0] H.B /ANN pdfmark end color popcolor push gray 0ps:SDict begin H.S endDeningaNewFilterps:SDict begin 11 H.L endjps:SDict begin [ /Subtype /Link /Dest (1304) cvn /H /I /Border [0 0 0] /Color [1 0 0] H.B /ANN pdfmark end color pop color push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color pop+color push gray 0ps:SDict begin H.S end-999ps:SDict begin 11 H.L endjps:SDict begin [ /Subtype /Link /Dest (1304) cvn /H /I /Border [0 0 0] /Color [1 0 0] H.B /ANN pdfmark end color popcolor push gray 0ps:SDict begin H.S endApplyingaFilterps:SDict begin 11 H.L endjps:SDict begin [ /Subtype /Link /Dest (1902) cvn /H /I /Border [0 0 0] /Color [1 0 0] H.B /ANN pdfmark end color pop color push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color pop+color push gray 0ps:SDict begin H.S end-999ps:SDict begin 11 H.L endjps:SDict begin [ /Subtype /Link /Dest (1902) cvn /H /I /Border [0 0 0] /Color [1 0 0] H.B /ANN pdfmark end color popcolor push gray 0ps:SDict begin H.S endEditingaDenedFilterps:SDict begin 11 H.L endjps:SDict begin [ /Subtype /Link /Dest (1907) cvn /H /I /Border [0 0 0] /Color [1 0 0] H.B /ANN pdfmark end color pop(color push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color pop+color push gray 0ps:SDict begin H.S end-999ps:SDict begin 11 H.L endjps:SDict begin [ /Subtype /Link /Dest (1907) cvn /H /I /Border [0 0 0] /Color [1 0 0] H.B /ANN pdfmark end color popcolor push gray 0ps:SDict begin H.S endDeletingaDenedFilterps:SDict begin 11 H.L endjps:SDict begin [ /Subtype /Link /Dest (1922) cvn /H /I /Border [0 0 0] /Color [1 0 0] H.B /ANN pdfmark end color pop-color push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color pop+color push gray 0ps:SDict begin H.S end-999ps:SDict begin 11 H.L endjps:SDict begin [ /Subtype /Link /Dest (1922) cvn /H /I /Border [0 0 0] /Color [1 0 0] H.B /ANN pdfmark end color popcolor push gray 0ps:SDict begin H.S endDetachingaFilterps:SDict begin 11 H.L endjps:SDict begin [ /Subtype /Link /Dest (1926) cvn /H /I /Border [0 0 0] /Color [1 0 0] H.B /ANN pdfmark end color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color pop+color push gray 0ps:SDict begin H.S end-999ps:SDict begin 11 H.L endjps:SDict begin [ /Subtype /Link /Dest (1926) cvn /H /I /Border [0 0 0] /Color [1 0 0] H.B /ANN pdfmark end color popcolor push gray 0ps:SDict begin H.S endARP,RARP,andotherNon-IPPacketFiltersps:SDict begin 11 H.L endrps:SDict begin [ /Subtype /Link /Dest (NONIPFILTERS) cvn /H /I /Border [0 0 0] /Color [1 0 0] H.B /ANN pdfmark end color popkcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color pop+color push gray 0ps:SDict begin H.S end-999ps:SDict begin 11 H.L endrps:SDict begin [ /Subtype /Link /Dest (NONIPFILTERS) cvn /H /I /Border [0 0 0] /Color [1 0 0] H.B /ANN pdfmark end color popcolor push gray 0ps:SDict begin H.S end8.ConguringIPTrafps:SDict begin 11 H.L endlps:SDict begin [ /Subtype /Link /Dest (CONFIG) cvn /H /I /Border [0 0 0] /Color [1 0 0] H.B /ANN pdfmark end color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color pop+color push gray 0ps:SDict begin H.S end-999ps:SDict begin 11 H.L endlps:SDict begin [ /Subtype /Link /Dest (CONFIG) cvn /H /I /Border [0 0 0] /Color [1 0 0] H.B /ANN pdfmark end color popcolor push gray 0ps:SDict begin H.S endTogglesps:SDict begin 11 H.L endmps:SDict begin [ /Subtype /Link /Dest (TOGGLES) cvn /H /I /Border [0 0 0] /Color [1 0 0] H.B /ANN pdfmark end color popˀcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color pop+color push gray 0ps:SDict begin H.S end-999ps:SDict begin 11 H.L endmps:SDict begin [ /Subtype /Link /Dest (TOGGLES) cvn /H /I /Border [0 0 0] /Color [1 0 0] H.B /ANN pdfmark end color popcolor push gray 0ps:SDict begin H.S endReverseDNSLookupsps:SDict begin 11 H.L endjps:SDict begin [ /Subtype /Link /Dest (1946) cvn /H /I /Border [0 0 0] /Color [1 0 0] H.B /ANN pdfmark end color pop%color push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color pop+color push gray 0ps:SDict begin H.S end-999ps:SDict begin 11 H.L endjps:SDict begin [ /Subtype /Link /Dest (1946) cvn /H /I /Border [0 0 0] /Color [1 0 0] H.B /ANN pdfmark end color popcolor push gray 0ps:SDict begin H.S endTCP/UDPServiceNamesps:SDict begin 11 H.L endjps:SDict begin [ /Subtype /Link /Dest (1950) cvn /H /I /Border [0 0 0] /Color [1 0 0] H.B /ANN pdfmark end color pop4color push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color pop+color push gray 0ps:SDict begin H.S end-999ps:SDict begin 11 H.L endjps:SDict begin [ /Subtype /Link /Dest (1950) cvn /H /I /Border [0 0 0] /Color [1 0 0] H.B /ANN pdfmark end color popcolor push gray 0ps:SDict begin H.S endForcepromiscuousps:SDict begin 11 H.L endjps:SDict begin [ /Subtype /Link /Dest (1961) cvn /H /I /Border [0 0 0] /Color [1 0 0] H.B /ANN pdfmark end color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color pop+color push gray 0ps:SDict begin H.S end-999ps:SDict begin 11 H.L endjps:SDict begin [ /Subtype /Link /Dest (1961) cvn /H /I /Border [0 0 0] /Color [1 0 0] H.B /ANN pdfmark end color pop0`color push BlackY pplri8t5 color pop;ˑ⟷ps:SDict begin /product where{pop product(Distiller)search{pop pop pop version(.)search{exch pop exch pop(3011)eq{gsave newpath 0 0 moveto closepath clip/Courier findfont 10 scalefont setfont 72 72 moveto(.)show grestore}if}{pop}ifelse}{pop}ifelse}if end 0`color push Blackcolor push gray 0ps:SDict begin H.S endcolor push gray 0 color popps:SDict begin H.R endJps:SDict begin [ /View [/XYZ H.V] /Dest (page.6) cvn H.B /DEST pdfmark end color pop color popcolor push gray 0ps:SDict begin H.S endColorps:SDict begin 11 H.L endjps:SDict begin [ /Subtype /Link /Dest (1971) cvn /H /I /Border [0 0 0] /Color [1 0 0] H.B /ANN pdfmark end color popڀcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color pop+color push gray 0ps:SDict begin H.S end-999ps:SDict begin 11 H.L endjps:SDict begin [ /Subtype /Link /Dest (1971) cvn /H /I /Border [0 0 0] /Color [1 0 0] H.B /ANN pdfmark end color pop color push gray 0ps:SDict begin H.S endLoggingps:SDict begin 11 H.L endjps:SDict begin [ /Subtype /Link /Dest (1975) cvn /H /I /Border [0 0 0] /Color [1 0 0] H.B /ANN pdfmark end color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color pop+color push gray 0ps:SDict begin H.S end-999ps:SDict begin 11 H.L endjps:SDict begin [ /Subtype /Link /Dest (1975) cvn /H /I /Border [0 0 0] /Color [1 0 0] H.B /ANN pdfmark end color popcolor push gray 0ps:SDict begin H.S endActivitymodeps:SDict begin 11 H.L endjps:SDict begin [ /Subtype /Link /Dest (2012) cvn /H /I /Border [0 0 0] /Color [1 0 0] H.B /ANN pdfmark end color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color pop+color push gray 0ps:SDict begin H.S end-999ps:SDict begin 11 H.L endjps:SDict begin [ /Subtype /Link /Dest (2012) cvn /H /I /Border [0 0 0] /Color [1 0 0] H.B /ANN pdfmark end color popcolor push gray 0ps:SDict begin H.S endSourceMACaddrsintracmonitorps:SDict begin 11 H.L endjps:SDict begin [ /Subtype /Link /Dest (2016) cvn /H /I /Border [0 0 0] /Color [1 0 0] H.B /ANN pdfmark end color popdcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color pop+color push gray 0ps:SDict begin H.S end-999ps:SDict begin 11 H.L endjps:SDict begin [ /Subtype /Link /Dest (2016) cvn /H /I /Border [0 0 0] /Color [1 0 0] H.B /ANN pdfmark end color popcolor push gray 0ps:SDict begin H.S endTs8imersps:SDict begin 11 H.L endlps:SDict begin [ /Subtype /Link /Dest (TIMERS) cvn /H /I /Border [0 0 0] /Color [1 0 0] H.B /ANN pdfmark end color popƀcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color pop+color push gray 0ps:SDict begin H.S end-999ps:SDict begin 11 H.L endlps:SDict begin [ /Subtype /Link /Dest (TIMERS) cvn /H /I /Border [0 0 0] /Color [1 0 0] H.B /ANN pdfmark end color popcolor push gray 0ps:SDict begin H.S endTCPTs8imeoutps:SDict begin 11 H.L endjps:SDict begin [ /Subtype /Link /Dest (2029) cvn /H /I /Border [0 0 0] /Color [1 0 0] H.B /ANN pdfmark end color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color pop+color push gray 0ps:SDict begin H.S end-999ps:SDict begin 11 H.L endjps:SDict begin [ /Subtype /Link /Dest (2029) cvn /H /I /Border [0 0 0] /Color [1 0 0] H.B /ANN pdfmark end color popcolor push gray 0ps:SDict begin H.S endLogIntervalps:SDict begin 11 H.L endjps:SDict begin [ /Subtype /Link /Dest (2032) cvn /H /I /Border [0 0 0] /Color [1 0 0] H.B /ANN pdfmark end color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color pop+color push gray 0ps:SDict begin H.S end-999ps:SDict begin 11 H.L endjps:SDict begin [ /Subtype /Link /Dest (2032) cvn /H /I /Border [0 0 0] /Color [1 0 0] H.B /ANN pdfmark end color popcolor push gray 0ps:SDict begin H.S endScreenUpdateIntervalps:SDict begin 11 H.L endjps:SDict begin [ /Subtype /Link /Dest (2037) cvn /H /I /Border [0 0 0] /Color [1 0 0] H.B /ANN pdfmark end color pop(color push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color pop+color push gray 0ps:SDict begin H.S end-999ps:SDict begin 11 H.L endjps:SDict begin [ /Subtype /Link /Dest (2037) cvn /H /I /Border [0 0 0] /Color [1 0 0] H.B /ANN pdfmark end color popcolor push gray 0ps:SDict begin H.S endTCPclosed/idlepersistenceps:SDict begin 11 H.L endjps:SDict begin [ /Subtype /Link /Dest (2047) cvn /H /I /Border [0 0 0] /Color [1 0 0] H.B /ANN pdfmark end color pop>color push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color pop+color push gray 0ps:SDict begin H.S end-999ps:SDict begin 11 H.L endjps:SDict begin [ /Subtype /Link /Dest (2047) cvn /H /I /Border [0 0 0] /Color [1 0 0] H.B /ANN pdfmark end color popcolor push gray 0ps:SDict begin H.S endCustomInformationps:SDict begin 11 H.L endqps:SDict begin [ /Subtype /Link /Dest (CUSTOMPORTS) cvn /H /I /Border [0 0 0] /Color [1 0 0] H.B /ANN pdfmark end color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color pop+color push gray 0ps:SDict begin H.S end-999ps:SDict begin 11 H.L endqps:SDict begin [ /Subtype /Link /Dest (CUSTOMPORTS) cvn /H /I /Border [0 0 0] /Color [1 0 0] H.B /ANN pdfmark end color popcolor push gray 0ps:SDict begin H.S endAdditionalportsps:SDict begin 11 H.L endjps:SDict begin [ /Subtype /Link /Dest (2060) cvn /H /I /Border [0 0 0] /Color [1 0 0] H.B /ANN pdfmark end color pop color push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color pop+color push gray 0ps:SDict begin H.S end-999ps:SDict begin 11 H.L endjps:SDict begin [ /Subtype /Link /Dest (2060) cvn /H /I /Border [0 0 0] /Color [1 0 0] H.B /ANN pdfmark end color popcolor push gray 0ps:SDict begin H.S endDeleteport/rangeps:SDict begin 11 H.L endjps:SDict begin [ /Subtype /Link /Dest (2065) cvn /H /I /Border [0 0 0] /Color [1 0 0] H.B /ANN pdfmark end color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color pop+color push gray 0ps:SDict begin H.S end-999ps:SDict begin 11 H.L endjps:SDict begin [ /Subtype /Link /Dest (2065) cvn /H /I /Border [0 0 0] /Color [1 0 0] H.B /ANN pdfmark end color popcolor push gray 0ps:SDict begin H.S endLANStationIdentiersps:SDict begin 11 H.L endjps:SDict begin [ /Subtype /Link /Dest (2069) cvn /H /I /Border [0 0 0] /Color [1 0 0] H.B /ANN pdfmark end color pop(color push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color pop+color push gray 0ps:SDict begin H.S end-999ps:SDict begin 11 H.L endjps:SDict begin [ /Subtype /Link /Dest (2069) cvn /H /I /Border [0 0 0] /Color [1 0 0] H.B /ANN pdfmark end color pop ffcolor push gray 0ps:SDict begin H.S end9.BackgroundOperationps:SDict begin 11 H.L endlps:SDict begin [ /Subtype /Link /Dest (BACKOP) cvn /H /I /Border [0 0 0] /Color [1 0 0] H.B /ANN pdfmark end color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color pop+color push gray 0ps:SDict begin H.S end-999ps:SDict begin 11 H.L endlps:SDict begin [ /Subtype /Link /Dest (BACKOP) cvn /H /I /Border [0 0 0] /Color [1 0 0] H.B /ANN pdfmark end color popcolor push gray 0ps:SDict begin H.S endA.Messagesps:SDict begin 11 H.L endnps:SDict begin [ /Subtype /Link /Dest (MESSAGES) cvn /H /I /Border [0 0 0] /Color [1 0 0] H.B /ANN pdfmark end color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color pop+color push gray 0ps:SDict begin H.S end-999ps:SDict begin 11 H.L endnps:SDict begin [ /Subtype /Link /Dest (MESSAGES) cvn /H /I /Border [0 0 0] /Color [1 0 0] H.B /ANN pdfmark end color popcolor push gray 0ps:SDict begin H.S endIPTrafMessagesps:SDict begin 11 H.L endtps:SDict begin [ /Subtype /Link /Dest (IPTRAFMESSAGES) cvn /H /I /Border [0 0 0] /Color [1 0 0] H.B /ANN pdfmark end color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color pop+color push gray 0ps:SDict begin H.S end-999ps:SDict begin 11 H.L endtps:SDict begin [ /Subtype /Link /Dest (IPTRAFMESSAGES) cvn /H /I /Border [0 0 0] /Color [1 0 0] H.B /ANN pdfmark end color pop color push gray 0ps:SDict begin H.S endrvnamedMessagesps:SDict begin 11 H.L endups:SDict begin [ /Subtype /Link /Dest (RVNAMEDMESSAGES) cvn /H /I /Border [0 0 0] /Color [1 0 0] H.B /ANN pdfmark end color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color pop+color push gray 0ps:SDict begin H.S end-999ps:SDict begin 11 H.L endups:SDict begin [ /Subtype /Link /Dest (RVNAMEDMESSAGES) cvn /H /I /Border [0 0 0] /Color [1 0 0] H.B /ANN pdfmark end color popcolor push gray 0ps:SDict begin H.S endB.GNUFreeDocumentationLicenseps:SDict begin 11 H.L endjps:SDict begin [ /Subtype /Link /Dest (GFDL) cvn /H /I /Border [0 0 0] /Color [1 0 0] H.B /ANN pdfmark end color pop9color push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color pop+color push gray 0ps:SDict begin H.S end-999ps:SDict begin 11 H.L endjps:SDict begin [ /Subtype /Link /Dest (GFDL) cvn /H /I /Border [0 0 0] /Color [1 0 0] H.B /ANN pdfmark end color popcolor push gray 0ps:SDict begin H.S endPREAMBLEps:SDict begin 11 H.L endlps:SDict begin [ /Subtype /Link /Dest (GFDL-0) cvn /H /I /Border [0 0 0] /Color [1 0 0] H.B /ANN pdfmark end color pop߀color push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color pop+color push gray 0ps:SDict begin H.S end-999ps:SDict begin 11 H.L endlps:SDict begin [ /Subtype /Link /Dest (GFDL-0) cvn /H /I /Border [0 0 0] /Color [1 0 0] H.B /ANN pdfmark end color popcolor push gray 0ps:SDict begin H.S endAPPLICABILITYANDDEFINITIONSps:SDict begin 11 H.L endlps:SDict begin [ /Subtype /Link /Dest (GFDL-1) cvn /H /I /Border [0 0 0] /Color [1 0 0] H.B /ANN pdfmark end color popRcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color pop+color push gray 0ps:SDict begin H.S end-999ps:SDict begin 11 H.L endlps:SDict begin [ /Subtype /Link /Dest (GFDL-1) cvn /H /I /Border [0 0 0] /Color [1 0 0] H.B /ANN pdfmark end color popcolor push gray 0ps:SDict begin H.S endVERBABTIMCOPYINGps:SDict begin 11 H.L endlps:SDict begin [ /Subtype /Link /Dest (GFDL-2) cvn /H /I /Border [0 0 0] /Color [1 0 0] H.B /ANN pdfmark end color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color pop+color push gray 0ps:SDict begin H.S end-999ps:SDict begin 11 H.L endlps:SDict begin [ /Subtype /Link /Dest (GFDL-2) cvn /H /I /Border [0 0 0] /Color [1 0 0] H.B /ANN pdfmark end color popcolor push gray 0ps:SDict begin H.S endCOPYINGINQUANTITYps:SDict begin 11 H.L endlps:SDict begin [ /Subtype /Link /Dest (GFDL-3) cvn /H /I /Border [0 0 0] /Color [1 0 0] H.B /ANN pdfmark end color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color pop+color push gray 0ps:SDict begin H.S end-999ps:SDict begin 11 H.L endlps:SDict begin [ /Subtype /Link /Dest (GFDL-3) cvn /H /I /Border [0 0 0] /Color [1 0 0] H.B /ANN pdfmark end color popcolor push gray 0ps:SDict begin H.S endMODIFICABTIONSps:SDict begin 11 H.L endlps:SDict begin [ /Subtype /Link /Dest (GFDL-4) cvn /H /I /Border [0 0 0] /Color [1 0 0] H.B /ANN pdfmark end color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color pop+color push gray 0ps:SDict begin H.S end-999ps:SDict begin 11 H.L endlps:SDict begin [ /Subtype /Link /Dest (GFDL-4) cvn /H /I /Border [0 0 0] /Color [1 0 0] H.B /ANN pdfmark end color popcolor push gray 0ps:SDict begin H.S endCOMBININGDOCUMENTSps:SDict begin 11 H.L endlps:SDict begin [ /Subtype /Link /Dest (GFDL-5) cvn /H /I /Border [0 0 0] /Color [1 0 0] H.B /ANN pdfmark end color pop*color push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color pop+color push gray 0ps:SDict begin H.S end-999ps:SDict begin 11 H.L endlps:SDict begin [ /Subtype /Link /Dest (GFDL-5) cvn /H /I /Border [0 0 0] /Color [1 0 0] H.B /ANN pdfmark end color popcolor push gray 0ps:SDict begin H.S endCOLLECTIONSOFDOCUMENTSps:SDict begin 11 H.L endlps:SDict begin [ /Subtype /Link /Dest (GFDL-6) cvn /H /I /Border [0 0 0] /Color [1 0 0] H.B /ANN pdfmark end color popCcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color pop+color push gray 0ps:SDict begin H.S end-999ps:SDict begin 11 H.L endlps:SDict begin [ /Subtype /Link /Dest (GFDL-6) cvn /H /I /Border [0 0 0] /Color [1 0 0] H.B /ANN pdfmark end color popcolor push gray 0ps:SDict begin H.S endAGGREGABTIONWITHINDEPENDENTWORKSps:SDict begin 11 H.L endlps:SDict begin [ /Subtype /Link /Dest (GFDL-7) cvn /H /I /Border [0 0 0] /Color [1 0 0] H.B /ANN pdfmark end color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color pop+color push gray 0ps:SDict begin H.S end-999ps:SDict begin 11 H.L endlps:SDict begin [ /Subtype /Link /Dest (GFDL-7) cvn /H /I /Border [0 0 0] /Color [1 0 0] H.B /ANN pdfmark end color popcolor push gray 0ps:SDict begin H.S endTRANSLABTIONps:SDict begin 11 H.L endlps:SDict begin [ /Subtype /Link /Dest (GFDL-8) cvn /H /I /Border [0 0 0] /Color [1 0 0] H.B /ANN pdfmark end color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color pop+color push gray 0ps:SDict begin H.S end-999ps:SDict begin 11 H.L endlps:SDict begin [ /Subtype /Link /Dest (GFDL-8) cvn /H /I /Border [0 0 0] /Color [1 0 0] H.B /ANN pdfmark end color popcolor push gray 0ps:SDict begin H.S endTERMINABTIONps:SDict begin 11 H.L endlps:SDict begin [ /Subtype /Link /Dest (GFDL-9) cvn /H /I /Border [0 0 0] /Color [1 0 0] H.B /ANN pdfmark end color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color pop+color push gray 0ps:SDict begin H.S end-999ps:SDict begin 11 H.L endlps:SDict begin [ /Subtype /Link /Dest (GFDL-9) cvn /H /I /Border [0 0 0] /Color [1 0 0] H.B /ANN pdfmark end color popcolor push gray 0ps:SDict begin H.S endFUTUREREVISIONSOFTHISLICENSEps:SDict begin 11 H.L endmps:SDict begin [ /Subtype /Link /Dest (GFDL-10) cvn /H /I /Border [0 0 0] /Color [1 0 0] H.B /ANN pdfmark end color pop_color push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color pop+color push gray 0ps:SDict begin H.S end-999ps:SDict begin 11 H.L endmps:SDict begin [ /Subtype /Link /Dest (GFDL-10) cvn /H /I /Border [0 0 0] /Color [1 0 0] H.B /ANN pdfmark end color popcolor push gray 0ps:SDict begin H.S endHowtousethisLicenseforyourdocumentsps:SDict begin 11 H.L endmps:SDict begin [ /Subtype /Link /Dest (GFDL-11) cvn /H /I /Border [0 0 0] /Color [1 0 0] H.B /ANN pdfmark end color popkcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color popcolor push Black. color pop+color push gray 0ps:SDict begin H.S end-999ps:SDict begin 11 H.L endmps:SDict begin [ /Subtype /Link /Dest (GFDL-11) cvn /H /I /Border [0 0 0] /Color [1 0 0] H.B /ANN pdfmark end color pop0`color push Black6 color pop;⟷ps:SDict begin /product where{pop product(Distiller)search{pop pop pop version(.)search{exch pop exch pop(3011)eq{gsave newpath 0 0 moveto closepath clip/Courier findfont 10 scalefont setfont 72 72 moveto(.)show grestore}if}{pop}ifelse}{pop}ifelse}if end 0`color push Blackcolor push gray 0ps:SDict begin H.S endcolor push gray 0 color popps:SDict begin H.R endJps:SDict begin [ /View [/XYZ H.V] /Dest (page.7) cvn H.B /DEST pdfmark end color pop color pop`ps:SDict begin H.S endps:SDict begin 11 H.A endKps:SDict begin [ /View [/XYZ H.V] /Dest (PREFACE) cvn H.B /DEST pdfmark end ;AboutThisDocumentps:SDict begin H.S endps:SDict begin 16.105 H.A endGps:SDict begin [ /View [/XYZ H.V] /Dest (2.0) cvn H.B /DEST pdfmark end ~ps:SDict begin H.S endps:SDict begin 11 H.A endFps:SDict begin [ /View [/XYZ H.V] /Dest (20) cvn H.B /DEST pdfmark end ,0This̮documentcontainstheinstructionsonhowtousetheIPTrafnetworkmonitor- 0ing Xsoftwareversion3.0.Thismanualdetailsthedierentstatisticalfacilities,theuser0interface,andtheimportantfeaturesofthesoftware.ps:SDict begin H.S endps:SDict begin 11 H.A endKps:SDict begin [ /View [/XYZ H.V] /Dest (ADDINFO) cvn H.B /DEST pdfmark end׍ O\ phvb8tFor6AdditionalInformationps:SDict begin H.S endps:SDict begin 14.641 H.A endIps:SDict begin [ /View [/XYZ H.V] /Dest (2.1.1) cvn H.B /DEST pdfmark end@ps:SDict begin H.S endps:SDict begin 11 H.A endFps:SDict begin [ /View [/XYZ H.V] /Dest (23) cvn H.B /DEST pdfmark end n0SeetheincludedREADMEqleforsummarizedandlate-breakinginformation.Also0readTtheRELEASE-NOTEST`leforimportantnewinformationaboutthisnewver-0sion.ieTheCHANGESi`lecontainsarecordieofthechangesmadetothesoftwaresince01.0.0.README.rvnamedcontainsinformationonthervnamedreverseresolution0program.SeetheotherREADMElesforsupportanddevelopmentinformation.ps:SDict begin H.S endps:SDict begin 11 H.A endOps:SDict begin [ /View [/XYZ H.V] /Dest (CONVENTIONS) cvn H.B /DEST pdfmark end1Document6Conwventionsps:SDict begin H.S endps:SDict begin 14.641 H.A endIps:SDict begin [ /View [/XYZ H.V] /Dest (2.2.1) cvn H.B /DEST pdfmark endps:SDict begin H.S endps:SDict begin 11 H.A endFps:SDict begin [ /View [/XYZ H.V] /Dest (26) cvn H.B /DEST pdfmark end n0Thefollowingsymbolsandtypefacesareusedthroughoutthismanual:ps:SDict begin H.S endps:SDict begin 11 H.A endFps:SDict begin [ /View [/XYZ H.V] /Dest (27) cvn H.B /DEST pdfmark endps:SDict begin H.S endps:SDict begin 11 H.A endFps:SDict begin [ /View [/XYZ H.V] /Dest (29) cvn H.B /DEST pdfmark endps:SDict begin H.S endps:SDict begin 11 H.A endFps:SDict begin [ /View [/XYZ H.V] /Dest (30) cvn H.B /DEST pdfmark end.0 pcrr8t[ff] ps:SDict begin H.S endps:SDict begin 11 H.A endFps:SDict begin [ /View [/XYZ H.V] /Dest (31) cvn H.B /DEST pdfmark ends0color push Black color popDps:SDict begin H.S endps:SDict begin 11 H.A endFps:SDict begin [ /View [/XYZ H.V] /Dest (32) cvn H.B /DEST pdfmark enditems{inbracketsareoptional.BracketsalsodenoteitemsthatmayormaynotDbedisplayedonscreendependingonsettingsorconditions. ps:SDict begin H.S endps:SDict begin 11 H.A endFps:SDict begin [ /View [/XYZ H.V] /Dest (34) cvn H.B /DEST pdfmark endps:SDict begin H.S endps:SDict begin 11 H.A endFps:SDict begin [ /View [/XYZ H.V] /Dest (35) cvn H.B /DEST pdfmark end0{ff} ps:SDict begin H.S endps:SDict begin 11 H.A endFps:SDict begin [ /View [/XYZ H.V] /Dest (36) cvn H.B /DEST pdfmark ends0color push Black color popDps:SDict begin H.S endps:SDict begin 11 H.A endFps:SDict begin [ /View [/XYZ H.V] /Dest (37) cvn H.B /DEST pdfmark endcurlybracesencloseitemsyouchoosefromps:SDict begin H.S endps:SDict begin 11 H.A endFps:SDict begin [ /View [/XYZ H.V] /Dest (39) cvn H.B /DEST pdfmark endps:SDict begin H.S endps:SDict begin 11 H.A endFps:SDict begin [ /View [/XYZ H.V] /Dest (40) cvn H.B /DEST pdfmark end0|@ps:SDict begin H.S endps:SDict begin 11 H.A endFps:SDict begin [ /View [/XYZ H.V] /Dest (41) cvn H.B /DEST pdfmark end 0color push Black color popDps:SDict begin H.S endps:SDict begin 11 H.A endFps:SDict begin [ /View [/XYZ H.V] /Dest (42) cvn H.B /DEST pdfmark endtheverticalbarseparateschoicesincurlybracesps:SDict begin H.S endps:SDict begin 11 H.A endFps:SDict begin [ /View [/XYZ H.V] /Dest (44) cvn H.B /DEST pdfmark endps:SDict begin H.S endps:SDict begin 11 H.A endFps:SDict begin [ /View [/XYZ H.V] /Dest (45) cvn H.B /DEST pdfmark end0normalffmonospaceips:SDict begin H.S endps:SDict begin 11 H.A endFps:SDict begin [ /View [/XYZ H.V] /Dest (46) cvn H.B /DEST pdfmark endI0color push Black color popDps:SDict begin H.S endps:SDict begin 11 H.A endFps:SDict begin [ /View [/XYZ H.V] /Dest (47) cvn H.B /DEST pdfmark end_color push Black1. color popHps:SDict begin H.S endps:SDict begin 11 H.A endGps:SDict begin [ /View [/XYZ H.V] /Dest (154) cvn H.B /DEST pdfmark endDecompresstheps:SDict begin H.S endps:SDict begin 11 H.A endGps:SDict begin [ /View [/XYZ H.V] /Dest (155) cvn H.B /DEST pdfmark end.tar.gzlebyenteringps:SDict begin H.S endps:SDict begin 9.9 H.A endGps:SDict begin [ /View [/XYZ H.V] /Dest (156) cvn H.B /DEST pdfmark end~Htarffzxvfiptraf-ps:SDict begin H.S endps:SDict begin 9.9 H.A endGps:SDict begin [ /View [/XYZ H.V] /Dest (157) cvn H.B /DEST pdfmark endx.y.z.tar.gzips:SDict begin H.S endps:SDict begin 11 H.A endGps:SDict begin [ /View [/XYZ H.V] /Dest (158) cvn H.B /DEST pdfmark end IHforthesourcecodeor7ps:SDict begin H.S endps:SDict begin 9.9 H.A endGps:SDict begin [ /View [/XYZ H.V] /Dest (159) cvn H.B /DEST pdfmark end ^Htarffzxvfiptraf-ps:SDict begin H.S endps:SDict begin 9.9 H.A endGps:SDict begin [ /View [/XYZ H.V] /Dest (160) cvn H.B /DEST pdfmark endx.y.z.i386.bin.tar.gzps:SDict begin H.S endps:SDict begin 11 H.A endGps:SDict begin [ /View [/XYZ H.V] /Dest (161) cvn H.B /DEST pdfmark endHfortheprecompiledx86programs.ps:SDict begin H.S endps:SDict begin 11 H.A endGps:SDict begin [ /View [/XYZ H.V] /Dest (162) cvn H.B /DEST pdfmark end.HIfբyourtardoesn'tsupportthezoption,youcanseparatelydecompressthe Hps:SDict begin H.S endps:SDict begin 11 H.A endGps:SDict begin [ /View [/XYZ H.V] /Dest (163) cvn H.B /DEST pdfmark end.tar.gzlethenextracttheresultingps:SDict begin H.S endps:SDict begin 11 H.A endGps:SDict begin [ /View [/XYZ H.V] /Dest (164) cvn H.B /DEST pdfmark end.tararchive.ps:SDict begin H.S endps:SDict begin 9.9 H.A endGps:SDict begin [ /View [/XYZ H.V] /Dest (165) cvn H.B /DEST pdfmark end~Hgunzipffiptraf-ps:SDict begin H.S endps:SDict begin 9.9 H.A endGps:SDict begin [ /View [/XYZ H.V] /Dest (166) cvn H.B /DEST pdfmark endx.y.z.tar.gz fHtarffxvfiptraf-ps:SDict begin H.S endps:SDict begin 9.9 H.A endGps:SDict begin [ /View [/XYZ H.V] /Dest (167) cvn H.B /DEST pdfmark endx.y.z.tarips:SDict begin H.S endps:SDict begin 11 H.A endGps:SDict begin [ /View [/XYZ H.V] /Dest (168) cvn H.B /DEST pdfmark endHThiswilldecompressthesourcesintoadirectorycalledps:SDict begin H.S endps:SDict begin 11 H.A endGps:SDict begin [ /View [/XYZ H.V] /Dest (169) cvn H.B /DEST pdfmark endiptraf-ps:SDict begin H.S endps:SDict begin 11 H.A endGps:SDict begin [ /View [/XYZ H.V] /Dest (170) cvn H.B /DEST pdfmark endx.y.z(source Hcode)0%orps:SDict begin H.S endps:SDict begin 11 H.A endGps:SDict begin [ /View [/XYZ H.V] /Dest (171) cvn H.B /DEST pdfmark endiptraf-ps:SDict begin H.S endps:SDict begin 11 H.A endGps:SDict begin [ /View [/XYZ H.V] /Dest (172) cvn H.B /DEST pdfmark endx.y.z.bin(precompiled).(ps:SDict begin H.S endps:SDict begin 11 H.A endGps:SDict begin [ /View [/XYZ H.V] /Dest (173) cvn H.B /DEST pdfmark endx.y.zhereshouldbetheIPTrafHversionnumberyou'reinstalling,likeps:SDict begin H.S endps:SDict begin 11 H.A endGps:SDict begin [ /View [/XYZ H.V] /Dest (174) cvn H.B /DEST pdfmark end3.0.0).ps:SDict begin H.S endps:SDict begin 11 H.A endGps:SDict begin [ /View [/XYZ H.V] /Dest (175) cvn H.B /DEST pdfmark end>color push Black2. color popHps:SDict begin H.S endps:SDict begin 11 H.A endGps:SDict begin [ /View [/XYZ H.V] /Dest (176) cvn H.B /DEST pdfmark endChangetothecreatedtopleveldirectory.ps:SDict begin H.S endps:SDict begin 11 H.A endGps:SDict begin [ /View [/XYZ H.V] /Dest (177) cvn H.B /DEST pdfmark end .>color push Black3. color popHps:SDict begin H.S endps:SDict begin 11 H.A endGps:SDict begin [ /View [/XYZ H.V] /Dest (178) cvn H.B /DEST pdfmark endTocompileandinstallthesoftware,runtheSetupprogrambyenteringps:SDict begin H.S endps:SDict begin 9.9 H.A endGps:SDict begin [ /View [/XYZ H.V] /Dest (179) cvn H.B /DEST pdfmark end~H./Setupips:SDict begin H.S endps:SDict begin 11 H.A endGps:SDict begin [ /View [/XYZ H.V] /Dest (180) cvn H.B /DEST pdfmark endHwhile!youareloggedinasroot.TheSetupscriptwillrecognizethesourcedis- Htribution2andcompilethesoftwarebeforeinstalling.ItwillimmediatelyinstallHaprecompileddistribution.0`color push Black10 color pop ;ܑ⟷ps:SDict begin /product where{pop product(Distiller)search{pop pop pop version(.)search{exch pop exch pop(3011)eq{gsave newpath 0 0 moveto closepath clip/Courier findfont 10 scalefont setfont 72 72 moveto(.)show grestore}if}{pop}ifelse}{pop}ifelse}if end 0`color push Blackcolor push gray 0ps:SDict begin H.S endcolor push gray 0 color popps:SDict begin H.R endKps:SDict begin [ /View [/XYZ H.V] /Dest (page.11) cvn H.B /DEST pdfmark end color popfd8;1Chapter1.GettingStarted color pop`ps:SDict begin H.S endps:SDict begin 11 H.A endGps:SDict begin [ /View [/XYZ H.V] /Dest (181) cvn H.B /DEST pdfmark end 0The{resultingbinarieswillbeplacedintheps:SDict begin H.S endps:SDict begin 11 H.A endGps:SDict begin [ /View [/XYZ H.V] /Dest (182) cvn H.B /DEST pdfmark end/usr/local/bindirectory.Allneeded 0directorieswillalsobecreated.7ps:SDict begin H.S endps:SDict begin 11 H.A endGps:SDict begin [ /View [/XYZ H.V] /Dest (183) cvn H.B /DEST pdfmark end 0AfterCinstallation,youwillbeaskedifyouwanttoreadtheps:SDict begin H.S endps:SDict begin 11 H.A endGps:SDict begin [ /View [/XYZ H.V] /Dest (184) cvn H.B /DEST pdfmark endRELEASE-NOTESCle.It0isrecommendedthatyoudosoatthatpoint,sincetheps:SDict begin H.S endps:SDict begin 11 H.A endGps:SDict begin [ /View [/XYZ H.V] /Dest (185) cvn H.B /DEST pdfmark endRELEASE-NOTESlecontains0importantinformationaboutthenewversion.ps:SDict begin H.S endps:SDict begin 11 H.A endGps:SDict begin [ /View [/XYZ H.V] /Dest (186) cvn H.B /DEST pdfmark end}tInstalling]aFloppёyDistributionps:SDict begin H.S endps:SDict begin 13.31 H.A endKps:SDict begin [ /View [/XYZ H.V] /Dest (3.4.4.2) cvn H.B /DEST pdfmark endps:SDict begin H.S endps:SDict begin 11 H.A endGps:SDict begin [ /View [/XYZ H.V] /Dest (188) cvn H.B /DEST pdfmark endNЍ0IfhyoureceivedIPTrafonadiskette,thesourcesarealreadydecompressed.Thediskette0isUninSecondExtendedlesystemformat.Performthefollowingstepstoinstallthe0software.7ps:SDict begin H.S endps:SDict begin 11 H.A endGps:SDict begin [ /View [/XYZ H.V] /Dest (189) cvn H.B /DEST pdfmark endps:SDict begin H.S endps:SDict begin 11 H.A endGps:SDict begin [ /View [/XYZ H.V] /Dest (190) cvn H.B /DEST pdfmark end>color push Black1. color popHps:SDict begin H.S endps:SDict begin 11 H.A endGps:SDict begin [ /View [/XYZ H.V] /Dest (191) cvn H.B /DEST pdfmark endInserttheoppyinthedrive.ps:SDict begin H.S endps:SDict begin 11 H.A endGps:SDict begin [ /View [/XYZ H.V] /Dest (192) cvn H.B /DEST pdfmark end .>color push Black2. color popHps:SDict begin H.S endps:SDict begin 11 H.A endGps:SDict begin [ /View [/XYZ H.V] /Dest (193) cvn H.B /DEST pdfmark endMount1theoppyonanemptydirectory.Forexample,tomounttheoppyinHtherstoppydriveunderadirectorycalledps:SDict begin H.S endps:SDict begin 11 H.A endGps:SDict begin [ /View [/XYZ H.V] /Dest (194) cvn H.B /DEST pdfmark end/mnt,enterps:SDict begin H.S endps:SDict begin 9.9 H.A endGps:SDict begin [ /View [/XYZ H.V] /Dest (195) cvn H.B /DEST pdfmark end~Hmountff-text2/dev/fd0/mntps:SDict begin H.S endps:SDict begin 11 H.A endGps:SDict begin [ /View [/XYZ H.V] /Dest (196) cvn H.B /DEST pdfmark end JHThisoassumesyouroppyisinps:SDict begin H.S endps:SDict begin 11 H.A endGps:SDict begin [ /View [/XYZ H.V] /Dest (197) cvn H.B /DEST pdfmark end/dev/fd0.YoucanuseanyemptydirectoryinHplaceofps:SDict begin H.S endps:SDict begin 11 H.A endGps:SDict begin [ /View [/XYZ H.V] /Dest (198) cvn H.B /DEST pdfmark end/mnt.Ws8ithmostLinuxinstallations,thiswillworkne.ps:SDict begin H.S endps:SDict begin 11 H.A endGps:SDict begin [ /View [/XYZ H.V] /Dest (199) cvn H.B /DEST pdfmark end>color push Black3. color popHps:SDict begin H.S endps:SDict begin 11 H.A endGps:SDict begin [ /View [/XYZ H.V] /Dest (200) cvn H.B /DEST pdfmark endAftermounting,changetotheps:SDict begin H.S endps:SDict begin 11 H.A endGps:SDict begin [ /View [/XYZ H.V] /Dest (201) cvn H.B /DEST pdfmark end/mnt(orwhatever)directory.ps:SDict begin H.S endps:SDict begin 11 H.A endGps:SDict begin [ /View [/XYZ H.V] /Dest (202) cvn H.B /DEST pdfmark end .>color push Black4. color popHps:SDict begin H.S endps:SDict begin 11 H.A endGps:SDict begin [ /View [/XYZ H.V] /Dest (203) cvn H.B /DEST pdfmark endEnter7ps:SDict begin H.S endps:SDict begin 9.9 H.A endGps:SDict begin [ /View [/XYZ H.V] /Dest (204) cvn H.B /DEST pdfmark end ^H./Setupips:SDict begin H.S endps:SDict begin 11 H.A endGps:SDict begin [ /View [/XYZ H.V] /Dest (205) cvn H.B /DEST pdfmark end IHwhileEmloggedinasroot.Setupwilldeterminewhetherthediskettecontainsa Hsourcecodedistributionorready-to-runprecompiledsoftware.ThiswillcopyHthebinariestops:SDict begin H.S endps:SDict begin 11 H.A endGps:SDict begin [ /View [/XYZ H.V] /Dest (206) cvn H.B /DEST pdfmark end/usr/local/bin,andcreatethenecessaryworkingdirectories.ps:SDict begin H.S endps:SDict begin 11 H.A endGps:SDict begin [ /View [/XYZ H.V] /Dest (207) cvn H.B /DEST pdfmark end>color push Black5. color popHps:SDict begin H.S endps:SDict begin 11 H.A endGps:SDict begin [ /View [/XYZ H.V] /Dest (208) cvn H.B /DEST pdfmark endUnmountthediskettebytypingps:SDict begin H.S endps:SDict begin 9.9 H.A endGps:SDict begin [ /View [/XYZ H.V] /Dest (209) cvn H.B /DEST pdfmark end~Humountff/mntps:SDict begin H.S endps:SDict begin 11 H.A endGps:SDict begin [ /View [/XYZ H.V] /Dest (210) cvn H.B /DEST pdfmark end JH(That'sps:SDict begin H.S endps:SDict begin 11 H.A endGps:SDict begin [ /View [/XYZ H.V] /Dest (211) cvn H.B /DEST pdfmark endumount,notps:SDict begin H.S endps:SDict begin 11 H.A endGps:SDict begin [ /View [/XYZ H.V] /Dest (212) cvn H.B /DEST pdfmark endunmount.)Pps:SDict begin H.S endps:SDict begin 11 H.A endGps:SDict begin [ /View [/XYZ H.V] /Dest (213) cvn H.B /DEST pdfmark end簍HYoucanthenejectthediskette.Storeitinasafeplace.ps:SDict begin H.S endps:SDict begin 11 H.A endGps:SDict begin [ /View [/XYZ H.V] /Dest (214) cvn H.B /DEST pdfmark end.HYoujwillalsobeaskedifyouwanttoviewtheps:SDict begin H.S endps:SDict begin 11 H.A endGps:SDict begin [ /View [/XYZ H.V] /Dest (215) cvn H.B /DEST pdfmark endRELEASE-NOTESble.Itisrecom- Hmendedthatyoudosoatthatpoint.ps:SDict begin H.S endps:SDict begin 11 H.A endGps:SDict begin [ /View [/XYZ H.V] /Dest (216) cvn H.B /DEST pdfmark endHInAbothcases(downloadedandoppy),theinstallationwillstoretheprogram Hin]ps:SDict begin H.S endps:SDict begin 11 H.A endGps:SDict begin [ /View [/XYZ H.V] /Dest (217) cvn H.B /DEST pdfmark end/usr/local/binwiththebinariesownedbyuserroot,readable,writable,HandexecutablebytheownerB,nopermissionsforthegroup,nopermissionsforHallothers.(700octal,orps:SDict begin H.S endps:SDict begin 11 H.A endGps:SDict begin [ /View [/XYZ H.V] /Dest (218) cvn H.B /DEST pdfmark end-rwx------).Pps:SDict begin H.S endps:SDict begin 9.9 H.A endGps:SDict begin [ /View [/XYZ H.V] /Dest (219) cvn H.B /DEST pdfmark endps:SDict begin H.S endps:SDict begin 9.9 H.A endGps:SDict begin [ /View [/XYZ H.V] /Dest (221) cvn H.B /DEST pdfmark end\% phvb8tNote:$ځ phvr8tYvoumustbeps:SDict begin H.S endps:SDict begin 9.9 H.A endGps:SDict begin [ /View [/XYZ H.V] /Dest (222) cvn H.B /DEST pdfmark end& pcrr8troottodotheinstallation.Theoldstyleofinstallation(ps:SDict begin H.S endps:SDict begin 9.9 H.A endGps:SDict begin [ /View [/XYZ H.V] /Dest (223) cvn H.B /DEST pdfmark endcd f\src;make}install)isstillsuppor\#ted.ps:SDict begin H.S endps:SDict begin 11 H.A endGps:SDict begin [ /View [/XYZ H.V] /Dest (224) cvn H.B /DEST pdfmark end0Besureps:SDict begin H.S endps:SDict begin 11 H.A endGps:SDict begin [ /View [/XYZ H.V] /Dest (225) cvn H.B /DEST pdfmark end/usr/local/binisincludedinyourenvironment'sps:SDict begin H.S endps:SDict begin 11 H.A endGps:SDict begin [ /View [/XYZ H.V] /Dest (226) cvn H.B /DEST pdfmark endPABTHvariable.Youcan0edit/theappropriatecommandinyourlogincustomizationle(ps:SDict begin H.S endps:SDict begin 11 H.A endGps:SDict begin [ /View [/XYZ H.V] /Dest (227) cvn H.B /DEST pdfmark end.profileforthe0Bourne-typeshells,ps:SDict begin H.S endps:SDict begin 11 H.A endGps:SDict begin [ /View [/XYZ H.V] /Dest (228) cvn H.B /DEST pdfmark end.cshrcfortheCshellanditsrelatives).ps:SDict begin H.S endps:SDict begin 11 H.A endMps:SDict begin [ /View [/XYZ H.V] /Dest (UPGRADING) cvn H.B /DEST pdfmark end0`color push Black11 color pop ;q⟷ps:SDict begin /product where{pop product(Distiller)search{pop pop pop version(.)search{exch pop exch pop(3011)eq{gsave newpath 0 0 moveto closepath clip/Courier findfont 10 scalefont setfont 72 72 moveto(.)show grestore}if}{pop}ifelse}{pop}ifelse}if end 0`color push Blackcolor push gray 0ps:SDict begin H.S endcolor push gray 0 color popps:SDict begin H.R endKps:SDict begin [ /View [/XYZ H.V] /Dest (page.12) cvn H.B /DEST pdfmark end color popfdChapter1.GettingStarted color pop`Upgrading6fromEarlierVUersionsps:SDict begin H.S endps:SDict begin 14.641 H.A endIps:SDict begin [ /View [/XYZ H.V] /Dest (3.5.1) cvn H.B /DEST pdfmark end` ps:SDict begin H.S endps:SDict begin 11 H.A endGps:SDict begin [ /View [/XYZ H.V] /Dest (231) cvn H.B /DEST pdfmark end 卑0IPTraf3.0isamajorrevisionfromIPTraf2.7.Theltersubsystemhasbeencompletely 0redesigned/andassuch,isincompatiblewithpreviouslterformats.Thereforeold0IPTraflterscannolongerbeused.TheinstallationprocedureforIPTraf3.0will0renamethelterlistlesbutnotdeletethem.7ps:SDict begin H.S endps:SDict begin 11 H.A endGps:SDict begin [ /View [/XYZ H.V] /Dest (232) cvn H.B /DEST pdfmark end 0If߸youinstalladistributionpackage(e.g.RPM,dpkg),oldltersmaystillappearin0thelterselectionlistbutthenewIPTrafversionwillbeunabletoloadthem.ps:SDict begin H.S endps:SDict begin 11 H.A endMps:SDict begin [ /View [/XYZ H.V] /Dest (STARTSTOP) cvn H.B /DEST pdfmark end"mStarD!ting6andStoppingIPTorafps:SDict begin H.S endps:SDict begin 14.641 H.A endIps:SDict begin [ /View [/XYZ H.V] /Dest (3.6.1) cvn H.B /DEST pdfmark end ps:SDict begin H.S endps:SDict begin 11 H.A endGps:SDict begin [ /View [/XYZ H.V] /Dest (235) cvn H.B /DEST pdfmark end 卑0Afterinstallation,youcanstarttheprogrambysimplyentering ps:SDict begin H.S endps:SDict begin 9.9 H.A endGps:SDict begin [ /View [/XYZ H.V] /Dest (236) cvn H.B /DEST pdfmark end~0iptraf ips:SDict begin H.S endps:SDict begin 11 H.A endGps:SDict begin [ /View [/XYZ H.V] /Dest (237) cvn H.B /DEST pdfmark end I0attheshellprompt.Youwillseeacopyrightnotice,withaninstructiontopressany0keyfNtogetstarted.Justpressanycharacterkey,andyouwillbeimmediatelytakento0themainmenu.Allmajorfunctionsoftheprogramarefoundthere.ps:SDict begin H.S endps:SDict begin 11 H.A endGps:SDict begin [ /View [/XYZ H.V] /Dest (238) cvn H.B /DEST pdfmark end.0EnteringtheIPTrafcommandwithoutanycommand-lineparametersbringsupthe0program'smainmenu.Fromthere,youcanselectthefacilitiesyouwant.ps:SDict begin H.S endps:SDict begin 11 H.A endGps:SDict begin [ /View [/XYZ H.V] /Dest (239) cvn H.B /DEST pdfmark end.0IPTrafkdeterminesandmakesuseofthemaximumnumberoflinesandcolumnson0theterminal.7ps:SDict begin H.S endps:SDict begin 9.9 H.A endGps:SDict begin [ /View [/XYZ H.V] /Dest (240) cvn H.B /DEST pdfmark endps:SDict begin H.S endps:SDict begin 9.9 H.A endGps:SDict begin [ /View [/XYZ H.V] /Dest (242) cvn H.B /DEST pdfmark end ^DNote:IPTrafdoesnothavfeaSIGWINCHhandlerE;itdoesnotadjustitselfwhenanxter9m fDor}someotherXter9minalisresizved.fps:SDict begin H.S endps:SDict begin 9.9 H.A endGps:SDict begin [ /View [/XYZ H.V] /Dest (243) cvn H.B /DEST pdfmark endps:SDict begin H.S endps:SDict begin 9.9 H.A endGps:SDict begin [ /View [/XYZ H.V] /Dest (245) cvn H.B /DEST pdfmark endDTuechnical2note:IPTrafneedstorefertotheter9minfodatabaseinps:SDict begin H.S endps:SDict begin 9.9 H.A endGps:SDict begin [ /View [/XYZ H.V] /Dest (246) cvn H.B /DEST pdfmark end/usr/share/terminfo.DIf2thesuppliedexecutable2programfailswithps:SDict begin H.S endps:SDict begin 9.9 H.A endGps:SDict begin [ /View [/XYZ H.V] /Dest (247) cvn H.B /DEST pdfmark endError)openingterminal,yourter9minfoDdatabasemaybelocatedsomewhereelsev.Yvoucancontroltheter9minfosearchpathbyDusingԜtheps:SDict begin H.S endps:SDict begin 9.9 H.A endGps:SDict begin [ /View [/XYZ H.V] /Dest (248) cvn H.B /DEST pdfmark endTERMINFOԇenvironmentvfar"iablev.Forexamplev,ifyou'reusingtheps:SDict begin H.S endps:SDict begin 9.9 H.A endGps:SDict begin [ /View [/XYZ H.V] /Dest (249) cvn H.B /DEST pdfmark endshorps:SDict begin H.S endps:SDict begin 9.9 H.A endGps:SDict begin [ /View [/XYZ H.V] /Dest (250) cvn H.B /DEST pdfmark endbashDshell,=andyourter9minfodatabaseisinps:SDict begin H.S endps:SDict begin 9.9 H.A endGps:SDict begin [ /View [/XYZ H.V] /Dest (251) cvn H.B /DEST pdfmark end/usr/lib/terminfo(typicalforSlackwvaredistr"i-Dbutions),}youcanusethecommands: ps:SDict begin H.S endps:SDict begin 8.91 H.A endGps:SDict begin [ /View [/XYZ H.V] /Dest (252) cvn H.B /DEST pdfmark endDTERMINFO=/usr/lib/terminfoDexport)TERMINFO Eps:SDict begin H.S endps:SDict begin 9.9 H.A endGps:SDict begin [ /View [/XYZ H.V] /Dest (253) cvn H.B /DEST pdfmark endۍDYvouP'canplacethesecommandsinyourps:SDict begin H.S endps:SDict begin 9.9 H.A endGps:SDict begin [ /View [/XYZ H.V] /Dest (254) cvn H.B /DEST pdfmark end~/.profileorthesystemwideps:SDict begin H.S endps:SDict begin 9.9 H.A endGps:SDict begin [ /View [/XYZ H.V] /Dest (255) cvn H.B /DEST pdfmark end/etc/profileDstar\#tup}lesv.ps:SDict begin H.S endps:SDict begin 9.9 H.A endGps:SDict begin [ /View [/XYZ H.V] /Dest (256) cvn H.B /DEST pdfmark endmDYvouHcanalsocreateasymboliclinknamedps:SDict begin H.S endps:SDict begin 9.9 H.A endGps:SDict begin [ /View [/XYZ H.V] /Dest (257) cvn H.B /DEST pdfmark end/usr/share/terminfotoletitpointtoyourDexisting}ter9minfo(assumingagainyourter9minfoisinps:SDict begin H.S endps:SDict begin 9.9 H.A endGps:SDict begin [ /View [/XYZ H.V] /Dest (258) cvn H.B /DEST pdfmark end/usr/lib/terminfo): ps:SDict begin H.S endps:SDict begin 8.91 H.A endGps:SDict begin [ /View [/XYZ H.V] /Dest (259) cvn H.B /DEST pdfmark endTDln)-s/usr/lib/terminfo/usr/share/terminfo ps:SDict begin H.S endps:SDict begin 9.9 H.A endGps:SDict begin [ /View [/XYZ H.V] /Dest (260) cvn H.B /DEST pdfmark end BDOrbyoucanrecompileyourprogrambtouseyourexistingncurseslibrarEyinstallation.IfyouDdo}thisv,makesureyouhavfencurses4.2orlater. ps:SDict begin H.S endps:SDict begin 11 H.A endKps:SDict begin [ /View [/XYZ H.V] /Dest (CMDLINE) cvn H.B /DEST pdfmark end"Command-line6Optionsps:SDict begin H.S endps:SDict begin 14.641 H.A endIps:SDict begin [ /View [/XYZ H.V] /Dest (3.7.1) cvn H.B /DEST pdfmark end hps:SDict begin H.S endps:SDict begin 11 H.A endGps:SDict begin [ /View [/XYZ H.V] /Dest (263) cvn H.B /DEST pdfmark end>0IPTraf&hasafewoptionalcommand-lineparameters.AswithmostUNIX&commands, 0IPTrafcommand-lineparametersarecase-sensitive(ps:SDict begin H.S endps:SDict begin 11 H.A endGps:SDict begin [ /View [/XYZ H.V] /Dest (264) cvn H.B /DEST pdfmark end-lisNOTthesameasps:SDict begin H.S endps:SDict begin 11 H.A endGps:SDict begin [ /View [/XYZ H.V] /Dest (265) cvn H.B /DEST pdfmark end-L).0`color push Black12 color pop ;/⟷ps:SDict begin /product where{pop product(Distiller)search{pop pop pop version(.)search{exch pop exch pop(3011)eq{gsave newpath 0 0 moveto closepath clip/Courier findfont 10 scalefont setfont 72 72 moveto(.)show grestore}if}{pop}ifelse}{pop}ifelse}if end 0`color push Blackcolor push gray 0ps:SDict begin H.S endcolor push gray 0 color popps:SDict begin H.R endKps:SDict begin [ /View [/XYZ H.V] /Dest (page.13) cvn H.B /DEST pdfmark end color popfd8;1Chapter1.GettingStarted color pop`ps:SDict begin H.S endps:SDict begin 11 H.A endGps:SDict begin [ /View [/XYZ H.V] /Dest (266) cvn H.B /DEST pdfmark end 0Thefollowingcommand-lineparameterscanbesuppliedtotheps:SDict begin H.S endps:SDict begin 11 H.A endGps:SDict begin [ /View [/XYZ H.V] /Dest (267) cvn H.B /DEST pdfmark endiptrafcommand:ps:SDict begin H.S endps:SDict begin 11 H.A endGps:SDict begin [ /View [/XYZ H.V] /Dest (268) cvn H.B /DEST pdfmark endps:SDict begin H.S endps:SDict begin 11 H.A endGps:SDict begin [ /View [/XYZ H.V] /Dest (270) cvn H.B /DEST pdfmark endps:SDict begin H.S endps:SDict begin 11 H.A endGps:SDict begin [ /View [/XYZ H.V] /Dest (271) cvn H.B /DEST pdfmark end.0-iffps:SDict begin H.S endps:SDict begin 11 H.A endGps:SDict begin [ /View [/XYZ H.V] /Dest (272) cvn H.B /DEST pdfmark endiface0`ps:SDict begin H.S endps:SDict begin 11 H.A endGps:SDict begin [ /View [/XYZ H.V] /Dest (273) cvn H.B /DEST pdfmark endϠ0color push Black color popDps:SDict begin H.S endps:SDict begin 11 H.A endGps:SDict begin [ /View [/XYZ H.V] /Dest (274) cvn H.B /DEST pdfmark end[causestheIPWtracmonitortostartimmediatelyonthespeciedinterface.If-i Dallisspecied,allinterfacesaremonitored. ps:SDict begin H.S endps:SDict begin 11 H.A endGps:SDict begin [ /View [/XYZ H.V] /Dest (276) cvn H.B /DEST pdfmark endps:SDict begin H.S endps:SDict begin 11 H.A endGps:SDict begin [ /View [/XYZ H.V] /Dest (277) cvn H.B /DEST pdfmark end0-gips:SDict begin H.S endps:SDict begin 11 H.A endGps:SDict begin [ /View [/XYZ H.V] /Dest (278) cvn H.B /DEST pdfmark endI0color push Black color popDps:SDict begin H.S endps:SDict begin 11 H.A endGps:SDict begin [ /View [/XYZ H.V] /Dest (279) cvn H.B /DEST pdfmark endstartsthegeneralinterfacestatisticsps:SDict begin H.S endps:SDict begin 11 H.A endGps:SDict begin [ /View [/XYZ H.V] /Dest (281) cvn H.B /DEST pdfmark endps:SDict begin H.S endps:SDict begin 11 H.A endGps:SDict begin [ /View [/XYZ H.V] /Dest (282) cvn H.B /DEST pdfmark end0-dffps:SDict begin H.S endps:SDict begin 11 H.A endGps:SDict begin [ /View [/XYZ H.V] /Dest (283) cvn H.B /DEST pdfmark endiface0`ps:SDict begin H.S endps:SDict begin 11 H.A endGps:SDict begin [ /View [/XYZ H.V] /Dest (284) cvn H.B /DEST pdfmark endϠ0color push Black color popDps:SDict begin H.S endps:SDict begin 11 H.A endGps:SDict begin [ /View [/XYZ H.V] /Dest (285) cvn H.B /DEST pdfmark endshowsdetailedstatisticsforthespeciedinterfaceps:SDict begin H.S endps:SDict begin 11 H.A endGps:SDict begin [ /View [/XYZ H.V] /Dest (287) cvn H.B /DEST pdfmark endps:SDict begin H.S endps:SDict begin 11 H.A endGps:SDict begin [ /View [/XYZ H.V] /Dest (288) cvn H.B /DEST pdfmark end0-sffps:SDict begin H.S endps:SDict begin 11 H.A endGps:SDict begin [ /View [/XYZ H.V] /Dest (289) cvn H.B /DEST pdfmark endiface0`ps:SDict begin H.S endps:SDict begin 11 H.A endGps:SDict begin [ /View [/XYZ H.V] /Dest (290) cvn H.B /DEST pdfmark endϠ0color push Black color popDps:SDict begin H.S endps:SDict begin 11 H.A endGps:SDict begin [ /View [/XYZ H.V] /Dest (291) cvn H.B /DEST pdfmark endstartstheTCP/UDPtracmonitorforthespeciedinterfaceps:SDict begin H.S endps:SDict begin 11 H.A endGps:SDict begin [ /View [/XYZ H.V] /Dest (293) cvn H.B /DEST pdfmark endps:SDict begin H.S endps:SDict begin 11 H.A endGps:SDict begin [ /View [/XYZ H.V] /Dest (294) cvn H.B /DEST pdfmark end0-zffps:SDict begin H.S endps:SDict begin 11 H.A endGps:SDict begin [ /View [/XYZ H.V] /Dest (295) cvn H.B /DEST pdfmark endiface0`ps:SDict begin H.S endps:SDict begin 11 H.A endGps:SDict begin [ /View [/XYZ H.V] /Dest (296) cvn H.B /DEST pdfmark endϠ0color push Black color popDps:SDict begin H.S endps:SDict begin 11 H.A endGps:SDict begin [ /View [/XYZ H.V] /Dest (297) cvn H.B /DEST pdfmark endstartsthepacketsizebreakdownforthespeciedinterfaceps:SDict begin H.S endps:SDict begin 11 H.A endGps:SDict begin [ /View [/XYZ H.V] /Dest (299) cvn H.B /DEST pdfmark endps:SDict begin H.S endps:SDict begin 11 H.A endGps:SDict begin [ /View [/XYZ H.V] /Dest (300) cvn H.B /DEST pdfmark end0-lffps:SDict begin H.S endps:SDict begin 11 H.A endGps:SDict begin [ /View [/XYZ H.V] /Dest (301) cvn H.B /DEST pdfmark endiface0`ps:SDict begin H.S endps:SDict begin 11 H.A endGps:SDict begin [ /View [/XYZ H.V] /Dest (302) cvn H.B /DEST pdfmark endϠ0color push Black color popDps:SDict begin H.S endps:SDict begin 11 H.A endGps:SDict begin [ /View [/XYZ H.V] /Dest (303) cvn H.B /DEST pdfmark endVstartstheLANSstationmonitoronthespeciedinterface.Ifps:SDict begin H.S endps:SDict begin 11 H.A endGps:SDict begin [ /View [/XYZ H.V] /Dest (304) cvn H.B /DEST pdfmark end-lffallisspecied, DallLANinterfacesaremonitored. 7ps:SDict begin H.S endps:SDict begin 11 H.A endGps:SDict begin [ /View [/XYZ H.V] /Dest (306) cvn H.B /DEST pdfmark endps:SDict begin H.S endps:SDict begin 11 H.A endGps:SDict begin [ /View [/XYZ H.V] /Dest (307) cvn H.B /DEST pdfmark end 0-tffps:SDict begin H.S endps:SDict begin 11 H.A endGps:SDict begin [ /View [/XYZ H.V] /Dest (308) cvn H.B /DEST pdfmark endtimeoutps:SDict begin H.S endps:SDict begin 11 H.A endGps:SDict begin [ /View [/XYZ H.V] /Dest (309) cvn H.B /DEST pdfmark end0color push Black color popDps:SDict begin H.S endps:SDict begin 11 H.A endGps:SDict begin [ /View [/XYZ H.V] /Dest (310) cvn H.B /DEST pdfmark end>>Theps:SDict begin H.S endps:SDict begin 11 H.A endGps:SDict begin [ /View [/XYZ H.V] /Dest (311) cvn H.B /DEST pdfmark end-tparameterB,whenusedwithoneoftheotherparametersthatspecifya DfacilityU^tostart,tellsIPTraftoruntheindicatedfacilityforonlytimeoutminutes,Dafterwhichthefacilityexits.Theps:SDict begin H.S endps:SDict begin 11 H.A endGps:SDict begin [ /View [/XYZ H.V] /Dest (312) cvn H.B /DEST pdfmark end-tparameterisignoredinmenumode.ps:SDict begin H.S endps:SDict begin 11 H.A endGps:SDict begin [ /View [/XYZ H.V] /Dest (313) cvn H.B /DEST pdfmark end.DIf6?thisparameterisnotspecied,thefacilityrunsuntiltheexitkeystrokeisDpressed. ps:SDict begin H.S endps:SDict begin 11 H.A endGps:SDict begin [ /View [/XYZ H.V] /Dest (315) cvn H.B /DEST pdfmark endps:SDict begin H.S endps:SDict begin 11 H.A endGps:SDict begin [ /View [/XYZ H.V] /Dest (316) cvn H.B /DEST pdfmark end0-Bps:SDict begin H.S endps:SDict begin 11 H.A endGps:SDict begin [ /View [/XYZ H.V] /Dest (317) cvn H.B /DEST pdfmark end0color push Black color popDps:SDict begin H.S endps:SDict begin 11 H.A endGps:SDict begin [ /View [/XYZ H.V] /Dest (318) cvn H.B /DEST pdfmark endҾRedirectsallterminaloutputtothe"bitbucket"ps:SDict begin H.S endps:SDict begin 11 H.A endGps:SDict begin [ /View [/XYZ H.V] /Dest (319) cvn H.B /DEST pdfmark end/dev/null,closesstandardin-Dput,$andplacestheprograminthebackground.ThisparametercanbeusedonlyDwithoneoftheps:SDict begin H.S endps:SDict begin 11 H.A endGps:SDict begin [ /View [/XYZ H.V] /Dest (320) cvn H.B /DEST pdfmark end-i,ps:SDict begin H.S endps:SDict begin 11 H.A endGps:SDict begin [ /View [/XYZ H.V] /Dest (321) cvn H.B /DEST pdfmark end-g,ps:SDict begin H.S endps:SDict begin 11 H.A endGps:SDict begin [ /View [/XYZ H.V] /Dest (322) cvn H.B /DEST pdfmark end-d,ps:SDict begin H.S endps:SDict begin 11 H.A endGps:SDict begin [ /View [/XYZ H.V] /Dest (323) cvn H.B /DEST pdfmark end-s,ps:SDict begin H.S endps:SDict begin 11 H.A endGps:SDict begin [ /View [/XYZ H.V] /Dest (324) cvn H.B /DEST pdfmark end-z,orps:SDict begin H.S endps:SDict begin 11 H.A endGps:SDict begin [ /View [/XYZ H.V] /Dest (325) cvn H.B /DEST pdfmark end-lparameters.Seecolor push gray 0ps:SDict begin H.S endBackgroundOperationps:SDict begin 11 H.L endlps:SDict begin [ /Subtype /Link /Dest (BACKOP) cvn /H /I /Border [0 0 0] /Color [1 0 0] H.B /ANN pdfmark end color popDinChapter9.ps:SDict begin H.S endps:SDict begin 11 H.A endGps:SDict begin [ /View [/XYZ H.V] /Dest (327) cvn H.B /DEST pdfmark end-Bisignoredinmenumode. ps:SDict begin H.S endps:SDict begin 11 H.A endGps:SDict begin [ /View [/XYZ H.V] /Dest (329) cvn H.B /DEST pdfmark endps:SDict begin H.S endps:SDict begin 11 H.A endGps:SDict begin [ /View [/XYZ H.V] /Dest (330) cvn H.B /DEST pdfmark end.0-Lffps:SDict begin H.S endps:SDict begin 11 H.A endGps:SDict begin [ /View [/XYZ H.V] /Dest (331) cvn H.B /DEST pdfmark endfilename0`ps:SDict begin H.S endps:SDict begin 11 H.A endGps:SDict begin [ /View [/XYZ H.V] /Dest (332) cvn H.B /DEST pdfmark endϠ0color push Black color popDps:SDict begin H.S endps:SDict begin 11 H.A endGps:SDict begin [ /View [/XYZ H.V] /Dest (333) cvn H.B /DEST pdfmark end[bAllowsyoutospecifyanalternateloglenamewhentheanyfacilityisdirectlyDstartedfromthecommandline,whetherinforegroundorbackgroundmode.IfDspeciedinforegroundmode,theloglenamepromptisbypassed,evenwhenDloggingXisturnedonintheps:SDict begin H.S endps:SDict begin 11 H.A endGps:SDict begin [ /View [/XYZ H.V] /Dest (334) cvn H.B /DEST pdfmark endCongure...menu.Ifthisparameterisomittedinback-Dgroundmode,thedefaultloglenameisused.ps:SDict begin H.S endps:SDict begin 11 H.A endGps:SDict begin [ /View [/XYZ H.V] /Dest (335) cvn H.B /DEST pdfmark endDThisparameteralwaysturnsonlogging.ps:SDict begin H.S endps:SDict begin 11 H.A endGps:SDict begin [ /View [/XYZ H.V] /Dest (336) cvn H.B /DEST pdfmark endDIfZanabsolutepathisnotspecied,theloglewillbecreatedinthedefaultlog Dledirectory ps:SDict begin H.S endps:SDict begin 11 H.A endGps:SDict begin [ /View [/XYZ H.V] /Dest (338) cvn H.B /DEST pdfmark endps:SDict begin H.S endps:SDict begin 11 H.A endGps:SDict begin [ /View [/XYZ H.V] /Dest (339) cvn H.B /DEST pdfmark end0-Iffps:SDict begin H.S endps:SDict begin 11 H.A endGps:SDict begin [ /View [/XYZ H.V] /Dest (340) cvn H.B /DEST pdfmark endinterval0`ps:SDict begin H.S endps:SDict begin 11 H.A endGps:SDict begin [ /View [/XYZ H.V] /Dest (341) cvn H.B /DEST pdfmark endϠ0color push Black color popDps:SDict begin H.S endps:SDict begin 11 H.A endGps:SDict begin [ /View [/XYZ H.V] /Dest (342) cvn H.B /DEST pdfmark enda.Setsthelogginginterval(inminutes)whentheps:SDict begin H.S endps:SDict begin 11 H.A endGps:SDict begin [ /View [/XYZ H.V] /Dest (343) cvn H.B /DEST pdfmark end-La¶meterisused.Thisover-DridesZtheps:SDict begin H.S endps:SDict begin 11 H.A endGps:SDict begin [ /View [/XYZ H.V] /Dest (344) cvn H.B /DEST pdfmark endLoginterval...settingintheps:SDict begin H.S endps:SDict begin 11 H.A endGps:SDict begin [ /View [/XYZ H.V] /Dest (345) cvn H.B /DEST pdfmark endCongure...menu.Ifomitted,thecongured0`color push Black13 color pop;ё⟷ps:SDict begin /product where{pop product(Distiller)search{pop pop pop version(.)search{exch pop exch pop(3011)eq{gsave newpath 0 0 moveto closepath clip/Courier findfont 10 scalefont setfont 72 72 moveto(.)show grestore}if}{pop}ifelse}{pop}ifelse}if end 0`color push Blackcolor push gray 0ps:SDict begin H.S endcolor push gray 0 color popps:SDict begin H.R endKps:SDict begin [ /View [/XYZ H.V] /Dest (page.14) cvn H.B /DEST pdfmark end color popfdps:SDict begin H.S endps:SDict begin 11 H.A endGps:SDict begin [ /View [/XYZ H.V] /Dest (379) cvn H.B /DEST pdfmark endfdChapter1.GettingStarted color popvalueZisused.Thisparameterisignoredwhentheps:SDict begin H.S endps:SDict begin 11 H.A endGps:SDict begin [ /View [/XYZ H.V] /Dest (346) cvn H.B /DEST pdfmark end-LDparameterisomittedand loggingisdisabled.`ps:SDict begin H.S endps:SDict begin 11 H.A endGps:SDict begin [ /View [/XYZ H.V] /Dest (347) cvn H.B /DEST pdfmark end.DThevaluespeciedherewillaectallfacilitiesexceptfortheIPtracmonitorB. ps:SDict begin H.S endps:SDict begin 11 H.A endGps:SDict begin [ /View [/XYZ H.V] /Dest (349) cvn H.B /DEST pdfmark endps:SDict begin H.S endps:SDict begin 11 H.A endGps:SDict begin [ /View [/XYZ H.V] /Dest (350) cvn H.B /DEST pdfmark end0-qips:SDict begin H.S endps:SDict begin 11 H.A endGps:SDict begin [ /View [/XYZ H.V] /Dest (351) cvn H.B /DEST pdfmark endI0color push Black color popDps:SDict begin H.S endps:SDict begin 11 H.A endGps:SDict begin [ /View [/XYZ H.V] /Dest (352) cvn H.B /DEST pdfmark endCPreviouslyusedtosuppressthewarningscreenwhenIPTrafisrunonkernelsDwithIPmasquerading.SincethemasqueradingcodenowprocessespacketsinDapwaybettersuitedtorawcapture,thisparameterisnolongerneededandisDretainedonlyforcompatibility. ps:SDict begin H.S endps:SDict begin 11 H.A endGps:SDict begin [ /View [/XYZ H.V] /Dest (354) cvn H.B /DEST pdfmark endps:SDict begin H.S endps:SDict begin 11 H.A endGps:SDict begin [ /View [/XYZ H.V] /Dest (355) cvn H.B /DEST pdfmark end0-fps:SDict begin H.S endps:SDict begin 11 H.A endGps:SDict begin [ /View [/XYZ H.V] /Dest (356) cvn H.B /DEST pdfmark end0color push Black color popDps:SDict begin H.S endps:SDict begin 11 H.A endGps:SDict begin [ /View [/XYZ H.V] /Dest (357) cvn H.B /DEST pdfmark end0ForcesIPTraftoclearalllocklesandresetallinstancecounterstozerobeforeDrunninganyfacilities.IPTrafwillthenthinkit'stherstinstanceofitself.ps:SDict begin H.S endps:SDict begin 11 H.A endGps:SDict begin [ /View [/XYZ H.V] /Dest (358) cvn H.B /DEST pdfmark endDTheDps:SDict begin H.S endps:SDict begin 11 H.A endGps:SDict begin [ /View [/XYZ H.V] /Dest (359) cvn H.B /DEST pdfmark end-fparameteroverridestheexistinglocksandcountersimposedbytheIP-DTrafzprocessandbythevariousfacilities,causingthisinstancetothinkitistheDrst0IPTrafinitiallyreturnsexactcountsofbytesandpackets.HoweverB,astheygrow 0largerB,IPTrafbeginsdisplayingtheminincreasinglyhigherdenominations.ps:SDict begin H.S endps:SDict begin 11 H.A endGps:SDict begin [ /View [/XYZ H.V] /Dest (389) cvn H.B /DEST pdfmark end.0A2numberYstandingalonewithnosuxrepresentsYanexactcount.AnumberwithaK0followingisakilo(thousand)gure.AnM,G,andTsuxrepresentsmega(million),0giga(billion),andtera(trillion)respectively.Thefollowingtableshowsexamples.ps:SDict begin H.S endps:SDict begin 11 H.A endGps:SDict begin [ /View [/XYZ H.V] /Dest (390) cvn H.B /DEST pdfmark end.0Table2-1.NumericDisplayNotations Xps:SDict begin H.S endps:SDict begin 11 H.A endGps:SDict begin [ /View [/XYZ H.V] /Dest (392) cvn H.B /DEST pdfmark endps:SDict begin H.S endps:SDict begin 11 H.A endKps:SDict begin [ /View [/XYZ H.V] /Dest (table.1) cvn H.B /DEST pdfmark endff0fft̎0fft̎ k~0k~ff1024067ffexactly1024067ffk~ffk~0k~ff1024Kffapproximately1024000ffk~ff0k~ff1024Mffapproximately1024000000ffk~ff0k~ff1024Gffapproximately1024000000000ffk~ff0k~ff1024Tffapproximately1024000000000000ffk~ffff0fft̎0fft̎` ps:SDict begin H.S endps:SDict begin 11 H.A endGps:SDict begin [ /View [/XYZ H.V] /Dest (409) cvn H.B /DEST pdfmark end 0Thesenotationsapplytobothpacketandbytecounts.ps:SDict begin H.S endps:SDict begin 11 H.A endMps:SDict begin [ /View [/XYZ H.V] /Dest (INSTANCES) cvn H.B /DEST pdfmark end1Instances6andLoggingps:SDict begin H.S endps:SDict begin 14.641 H.A endJps:SDict begin [ /View [/XYZ H.V] /Dest (4.11.1) cvn H.B /DEST pdfmark end ps:SDict begin H.S endps:SDict begin 11 H.A endGps:SDict begin [ /View [/XYZ H.V] /Dest (412) cvn H.B /DEST pdfmark end 卑0Sincepversion2.4,IPTrafallowsmultipleinstancesofthefacilitiesatthesametimein0dierent[processes(forexample,youcannowruntwoormoreIP[TracMonitorsat0theS2sametime).Howeveronlyonecanlistenonaspecicinterfaceorallinterfacesat0once.ETheonlyexceptionisthegeneralinterfacestatistics,whichisstillrestrictedto0onlyoneinstanceatatime.ps:SDict begin H.S endps:SDict begin 11 H.A endGps:SDict begin [ /View [/XYZ H.V] /Dest (413) cvn H.B /DEST pdfmark end.0Because6ofthisrelaxation,eachinstancenowgenerateslogleswithuniquenames0forinstances,dependingoneithertheirinstanceortheinterfacethey'relisteningon.0If`theps:SDict begin H.S endps:SDict begin 11 H.A endGps:SDict begin [ /View [/XYZ H.V] /Dest (414) cvn H.B /DEST pdfmark endLoggingoptionisturnedon(seethecolor push gray 0ps:SDict begin H.S endCongurationps:SDict begin 11 H.L endlps:SDict begin [ /Subtype /Link /Dest (CONFIG) cvn /H /I /Border [0 0 0] /Color [1 0 0] H.B /ANN pdfmark end color popC*chapter),IPTrafwillprompt0youforaloglenamewhilepresentingadefault.Youmayacceptthisdefaultor0change;it.PressEntertoaccept,orCtrl+Xtocancel.Cancelingwillturnloggingo0forthatparticularsession.ps:SDict begin H.S endps:SDict begin 11 H.A endGps:SDict begin [ /View [/XYZ H.V] /Dest (416) cvn H.B /DEST pdfmark end.0IfQyoudon'tspecifyanabsolutepath,theloglewillbeplacedinps:SDict begin H.S endps:SDict begin 11 H.A endGps:SDict begin [ /View [/XYZ H.V] /Dest (417) cvn H.B /DEST pdfmark end/var/log/iptraf.ps:SDict begin H.S endps:SDict begin 11 H.A endGps:SDict begin [ /View [/XYZ H.V] /Dest (418) cvn H.B /DEST pdfmark endps:SDict begin H.S endps:SDict begin 11 H.A endGps:SDict begin [ /View [/XYZ H.V] /Dest (420) cvn H.B /DEST pdfmark endME0Mps: currentpoint currentpoint translate 1 1 scale neg exch neg exch translate@PSfile="iptraf-logprompt.eps" llx=0 lly=0 urx=72 ury=72 rwi=720 Yps: currentpoint currentpoint translate 1 1 div 1 1 div scale neg exch neg exch translate0Figure2-1.Theloglepromptdialog0`color push Black17 color pop;sX⟷ps:SDict begin /product where{pop product(Distiller)search{pop pop pop version(.)search{exch pop exch pop(3011)eq{gsave newpath 0 0 moveto closepath clip/Courier findfont 10 scalefont setfont 72 72 moveto(.)show grestore}if}{pop}ifelse}{pop}ifelse}if end 0`color push Blackcolor push gray 0ps:SDict begin H.S endcolor push gray 0 color popps:SDict begin H.R endKps:SDict begin [ /View [/XYZ H.V] /Dest (page.18) cvn H.B /DEST pdfmark end color popfdps:SDict begin H.S endps:SDict begin 11 H.A endGps:SDict begin [ /View [/XYZ H.V] /Dest (506) cvn H.B /DEST pdfmark endfdChapter2.PreparingtoUseIPTraf color pop`ps:SDict begin H.S endps:SDict begin 11 H.A endGps:SDict begin [ /View [/XYZ H.V] /Dest (421) cvn H.B /DEST pdfmark end 0SeeDtheLoggingsectioninthecolor push gray 0ps:SDict begin H.S endCongurationps:SDict begin 11 H.L endlps:SDict begin [ /Subtype /Link /Dest (CONFIG) cvn /H /I /Border [0 0 0] /Color [1 0 0] H.B /ANN pdfmark end color popBchapterfordetailedinformationonlog- 0ging.Seealsothedocumentationoneachstatisticalfacilityforthedefaultlogle0names.7ps:SDict begin H.S endps:SDict begin 11 H.A endGps:SDict begin [ /View [/XYZ H.V] /Dest (423) cvn H.B /DEST pdfmark end 0The}7defaultloglenameswillalsobeusediftheps:SDict begin H.S endps:SDict begin 11 H.A endGps:SDict begin [ /View [/XYZ H.V] /Dest (424) cvn H.B /DEST pdfmark end-B|parameterisusedtorunIP-0Trafʽinthebackground.Youcanoverridethedefaultswiththeps:SDict begin H.S endps:SDict begin 11 H.A endGps:SDict begin [ /View [/XYZ H.V] /Dest (425) cvn H.B /DEST pdfmark end-LhparameterB.See0color push gray 0ps:SDict begin H.S endBackgroundOperationps:SDict begin 11 H.L endlps:SDict begin [ /Subtype /Link /Dest (BACKOP) cvn /H /I /Border [0 0 0] /Color [1 0 0] H.B /ANN pdfmark end color popBinChapter9.ps:SDict begin H.S endps:SDict begin 11 H.A endKps:SDict begin [ /View [/XYZ H.V] /Dest (UPDATES) cvn H.B /DEST pdfmark end1Screen6UpdateDelaysps:SDict begin H.S endps:SDict begin 14.641 H.A endJps:SDict begin [ /View [/XYZ H.V] /Dest (4.12.1) cvn H.B /DEST pdfmark end hps:SDict begin H.S endps:SDict begin 11 H.A endGps:SDict begin [ /View [/XYZ H.V] /Dest (429) cvn H.B /DEST pdfmark end>0Older versionsofIPTrafupdatedthescreenassoonasapacketwasreceived.How-0everB,screenupdateisoneoftheslowestoperationstheprogramperforms.Since0versionJV1.3,acongurationoptionhasbeenavailabletocontrolscreenupdatespeed.ps:SDict begin H.S endps:SDict begin 11 H.A endGps:SDict begin [ /View [/XYZ H.V] /Dest (430) cvn H.B /DEST pdfmark end.0Seetheps:SDict begin H.S endps:SDict begin 11 H.A endGps:SDict begin [ /View [/XYZ H.V] /Dest (431) cvn H.B /DEST pdfmark endScreenupdateinterval...congurationoptionunderthecolor push gray 0ps:SDict begin H.S endCongurationps:SDict begin 11 H.L endlps:SDict begin [ /Subtype /Link /Dest (CONFIG) cvn /H /I /Border [0 0 0] /Color [1 0 0] H.B /ANN pdfmark end color popCx_chapter0ofthismanual.7ps:SDict begin H.S endps:SDict begin 11 H.A endJps:SDict begin [ /View [/XYZ H.V] /Dest (IFACES) cvn H.B /DEST pdfmark end"mSupporD!ted6NetworkInterfacesps:SDict begin H.S endps:SDict begin 14.641 H.A endJps:SDict begin [ /View [/XYZ H.V] /Dest (4.13.1) cvn H.B /DEST pdfmark end hps:SDict begin H.S endps:SDict begin 11 H.A endGps:SDict begin [ /View [/XYZ H.V] /Dest (435) cvn H.B /DEST pdfmark end>0IPTrafcurrentlysupportsthefollowingnetworkinterfacetypesandnames.ps:SDict begin H.S endps:SDict begin 11 H.A endGps:SDict begin [ /View [/XYZ H.V] /Dest (436) cvn H.B /DEST pdfmark endps:SDict begin H.S endps:SDict begin 11 H.A endGps:SDict begin [ /View [/XYZ H.V] /Dest (438) cvn H.B /DEST pdfmark endps:SDict begin H.S endps:SDict begin 11 H.A endGps:SDict begin [ /View [/XYZ H.V] /Dest (439) cvn H.B /DEST pdfmark end0lo0`ps:SDict begin H.S endps:SDict begin 11 H.A endGps:SDict begin [ /View [/XYZ H.V] /Dest (440) cvn H.B /DEST pdfmark endϠ0color push Black color popDps:SDict begin H.S endps:SDict begin 11 H.A endGps:SDict begin [ /View [/XYZ H.V] /Dest (441) cvn H.B /DEST pdfmark endhTheloopbackinterface.Everymachinehasone,andhasanIPAaddressof127.0.0.1.Dps:SDict begin H.S endps:SDict begin 11 H.A endGps:SDict begin [ /View [/XYZ H.V] /Dest (442) cvn H.B /DEST pdfmark endloisalsoindicatedifdataisdetectedontheps:SDict begin H.S endps:SDict begin 11 H.A endGps:SDict begin [ /View [/XYZ H.V] /Dest (443) cvn H.B /DEST pdfmark enddummyps:SDict begin H.S endps:SDict begin 11 H.A endGps:SDict begin [ /View [/XYZ H.V] /Dest (444) cvn H.B /DEST pdfmark endninterface(s). Pps:SDict begin H.S endps:SDict begin 11 H.A endGps:SDict begin [ /View [/XYZ H.V] /Dest (446) cvn H.B /DEST pdfmark endps:SDict begin H.S endps:SDict begin 11 H.A endGps:SDict begin [ /View [/XYZ H.V] /Dest (447) cvn H.B /DEST pdfmark end簍0ethps:SDict begin H.S endps:SDict begin 11 H.A endGps:SDict begin [ /View [/XYZ H.V] /Dest (448) cvn H.B /DEST pdfmark endnps:SDict begin H.S endps:SDict begin 11 H.A endGps:SDict begin [ /View [/XYZ H.V] /Dest (449) cvn H.B /DEST pdfmark endϠ0color push Black color popDps:SDict begin H.S endps:SDict begin 11 H.A endGps:SDict begin [ /View [/XYZ H.V] /Dest (450) cvn H.B /DEST pdfmark end?WAnEthernetinterface.ps:SDict begin H.S endps:SDict begin 11 H.A endGps:SDict begin [ /View [/XYZ H.V] /Dest (451) cvn H.B /DEST pdfmark endnstartsfrom0.Therefore,ps:SDict begin H.S endps:SDict begin 11 H.A endGps:SDict begin [ /View [/XYZ H.V] /Dest (452) cvn H.B /DEST pdfmark endeth0referstotherstEthernetDinterface,ps:SDict begin H.S endps:SDict begin 11 H.A endGps:SDict begin [ /View [/XYZ H.V] /Dest (453) cvn H.B /DEST pdfmark endeth1tothesecond,andsoon.Mostmachinesonlyhaveone. ps:SDict begin H.S endps:SDict begin 11 H.A endGps:SDict begin [ /View [/XYZ H.V] /Dest (455) cvn H.B /DEST pdfmark endps:SDict begin H.S endps:SDict begin 11 H.A endGps:SDict begin [ /View [/XYZ H.V] /Dest (456) cvn H.B /DEST pdfmark end.0fddips:SDict begin H.S endps:SDict begin 11 H.A endGps:SDict begin [ /View [/XYZ H.V] /Dest (457) cvn H.B /DEST pdfmark endnps:SDict begin H.S endps:SDict begin 11 H.A endGps:SDict begin [ /View [/XYZ H.V] /Dest (458) cvn H.B /DEST pdfmark endϠ0color push Black color popDps:SDict begin H.S endps:SDict begin 11 H.A endGps:SDict begin [ /View [/XYZ H.V] /Dest (459) cvn H.B /DEST pdfmark endAnFDDIinterface.ps:SDict begin H.S endps:SDict begin 11 H.A endGps:SDict begin [ /View [/XYZ H.V] /Dest (460) cvn H.B /DEST pdfmark endnstartsfrom0. 7ps:SDict begin H.S endps:SDict begin 11 H.A endGps:SDict begin [ /View [/XYZ H.V] /Dest (462) cvn H.B /DEST pdfmark endps:SDict begin H.S endps:SDict begin 11 H.A endGps:SDict begin [ /View [/XYZ H.V] /Dest (463) cvn H.B /DEST pdfmark end 0trps:SDict begin H.S endps:SDict begin 11 H.A endGps:SDict begin [ /View [/XYZ H.V] /Dest (464) cvn H.B /DEST pdfmark endnps:SDict begin H.S endps:SDict begin 11 H.A endGps:SDict begin [ /View [/XYZ H.V] /Dest (465) cvn H.B /DEST pdfmark end0color push Black color popDps:SDict begin H.S endps:SDict begin 11 H.A endGps:SDict begin [ /View [/XYZ H.V] /Dest (466) cvn H.B /DEST pdfmark endATokenRinginterface,whereps:SDict begin H.S endps:SDict begin 11 H.A endGps:SDict begin [ /View [/XYZ H.V] /Dest (467) cvn H.B /DEST pdfmark endnstartsfrom0. ps:SDict begin H.S endps:SDict begin 11 H.A endGps:SDict begin [ /View [/XYZ H.V] /Dest (469) cvn H.B /DEST pdfmark endps:SDict begin H.S endps:SDict begin 11 H.A endGps:SDict begin [ /View [/XYZ H.V] /Dest (470) cvn H.B /DEST pdfmark end.0pppps:SDict begin H.S endps:SDict begin 11 H.A endGps:SDict begin [ /View [/XYZ H.V] /Dest (471) cvn H.B /DEST pdfmark endnips:SDict begin H.S endps:SDict begin 11 H.A endGps:SDict begin [ /View [/XYZ H.V] /Dest (472) cvn H.B /DEST pdfmark endI0color push Black color popDps:SDict begin H.S endps:SDict begin 11 H.A endGps:SDict begin [ /View [/XYZ H.V] /Dest (473) cvn H.B /DEST pdfmark endAPPPinterface.ps:SDict begin H.S endps:SDict begin 11 H.A endGps:SDict begin [ /View [/XYZ H.V] /Dest (474) cvn H.B /DEST pdfmark endnstartsfrom0. 7ps:SDict begin H.S endps:SDict begin 11 H.A endGps:SDict begin [ /View [/XYZ H.V] /Dest (476) cvn H.B /DEST pdfmark endps:SDict begin H.S endps:SDict begin 11 H.A endGps:SDict begin [ /View [/XYZ H.V] /Dest (477) cvn H.B /DEST pdfmark end 0slips:SDict begin H.S endps:SDict begin 11 H.A endGps:SDict begin [ /View [/XYZ H.V] /Dest (478) cvn H.B /DEST pdfmark endnps:SDict begin H.S endps:SDict begin 11 H.A endGps:SDict begin [ /View [/XYZ H.V] /Dest (479) cvn H.B /DEST pdfmark end0color push Black color popDps:SDict begin H.S endps:SDict begin 11 H.A endGps:SDict begin [ /View [/XYZ H.V] /Dest (480) cvn H.B /DEST pdfmark endASLIPinterface.ps:SDict begin H.S endps:SDict begin 11 H.A endGps:SDict begin [ /View [/XYZ H.V] /Dest (481) cvn H.B /DEST pdfmark endnstartsfrom0. 7ps:SDict begin H.S endps:SDict begin 11 H.A endGps:SDict begin [ /View [/XYZ H.V] /Dest (483) cvn H.B /DEST pdfmark endps:SDict begin H.S endps:SDict begin 11 H.A endGps:SDict begin [ /View [/XYZ H.V] /Dest (484) cvn H.B /DEST pdfmark end 0ipppps:SDict begin H.S endps:SDict begin 11 H.A endGps:SDict begin [ /View [/XYZ H.V] /Dest (485) cvn H.B /DEST pdfmark endnips:SDict begin H.S endps:SDict begin 11 H.A endGps:SDict begin [ /View [/XYZ H.V] /Dest (486) cvn H.B /DEST pdfmark endI0color push Black color popDps:SDict begin H.S endps:SDict begin 11 H.A endGps:SDict begin [ /View [/XYZ H.V] /Dest (487) cvn H.B /DEST pdfmark endAsynchronousPPPinterfaceusingISDN.ps:SDict begin H.S endps:SDict begin 11 H.A endGps:SDict begin [ /View [/XYZ H.V] /Dest (488) cvn H.B /DEST pdfmark endnstartsfrom0. ps:SDict begin H.S endps:SDict begin 11 H.A endGps:SDict begin [ /View [/XYZ H.V] /Dest (490) cvn H.B /DEST pdfmark endps:SDict begin H.S endps:SDict begin 11 H.A endGps:SDict begin [ /View [/XYZ H.V] /Dest (491) cvn H.B /DEST pdfmark end.0isdnps:SDict begin H.S endps:SDict begin 11 H.A endGps:SDict begin [ /View [/XYZ H.V] /Dest (492) cvn H.B /DEST pdfmark endnps:SDict begin H.S endps:SDict begin 11 H.A endGps:SDict begin [ /View [/XYZ H.V] /Dest (493) cvn H.B /DEST pdfmark end0color push Black color popDps:SDict begin H.S endps:SDict begin 11 H.A endGps:SDict begin [ /View [/XYZ H.V] /Dest (494) cvn H.B /DEST pdfmark end}*ISDN|interfacescanbegivenarbitrarynames,butforthemtoworkwithIP- DTraf,(Ytheymustbenamedps:SDict begin H.S endps:SDict begin 11 H.A endGps:SDict begin [ /View [/XYZ H.V] /Dest (495) cvn H.B /DEST pdfmark endisdnps:SDict begin H.S endps:SDict begin 11 H.A endGps:SDict begin [ /View [/XYZ H.V] /Dest (496) cvn H.B /DEST pdfmark endn.IPTrafsupportssynchronousPPP(.(theps:SDict begin H.S endps:SDict begin 11 H.A endGps:SDict begin [ /View [/XYZ H.V] /Dest (497) cvn H.B /DEST pdfmark endipppps:SDict begin H.S endps:SDict begin 11 H.A endGps:SDict begin [ /View [/XYZ H.V] /Dest (498) cvn H.B /DEST pdfmark endnDinterfacesabove),rawIP,andCisco-HDLCencapsulation.0`color push Black18 color pop;⟷ps:SDict begin /product where{pop product(Distiller)search{pop pop pop version(.)search{exch pop exch pop(3011)eq{gsave newpath 0 0 moveto closepath clip/Courier findfont 10 scalefont setfont 72 72 moveto(.)show grestore}if}{pop}ifelse}{pop}ifelse}if end 0`color push Blackcolor push gray 0ps:SDict begin H.S endcolor push gray 0 color popps:SDict begin H.R endKps:SDict begin [ /View [/XYZ H.V] /Dest (page.19) cvn H.B /DEST pdfmark end color popfd+Chapter2.PreparingtoUseIPTraf color pop`ps:SDict begin H.S endps:SDict begin 11 H.A endGps:SDict begin [ /View [/XYZ H.V] /Dest (500) cvn H.B /DEST pdfmark endps:SDict begin H.S endps:SDict begin 11 H.A endGps:SDict begin [ /View [/XYZ H.V] /Dest (501) cvn H.B /DEST pdfmark end 0plipps:SDict begin H.S endps:SDict begin 11 H.A endGps:SDict begin [ /View [/XYZ H.V] /Dest (502) cvn H.B /DEST pdfmark endnips:SDict begin H.S endps:SDict begin 11 H.A endGps:SDict begin [ /View [/XYZ H.V] /Dest (503) cvn H.B /DEST pdfmark endI0color push Black color popDps:SDict begin H.S endps:SDict begin 11 H.A endGps:SDict begin [ /View [/XYZ H.V] /Dest (504) cvn H.B /DEST pdfmark endZ;PLIPZinterfaces.Thesearepoint-to-pointIPconnectionsusingthePCparallel Dport.0ipsecnps:SDict begin H.S endps:SDict begin 11 H.A endGps:SDict begin [ /View [/XYZ H.V] /Dest (509) cvn H.B /DEST pdfmark end0color push Black color popDps:SDict begin H.S endps:SDict begin 11 H.A endGps:SDict begin [ /View [/XYZ H.V] /Dest (510) cvn H.B /DEST pdfmark endThisreferstoFrees/WAN(andpossiblyother)logicalVPNinterfaces. ps:SDict begin H.S endps:SDict begin 11 H.A endGps:SDict begin [ /View [/XYZ H.V] /Dest (512) cvn H.B /DEST pdfmark endps:SDict begin H.S endps:SDict begin 11 H.A endGps:SDict begin [ /View [/XYZ H.V] /Dest (513) cvn H.B /DEST pdfmark end.0sbnips:SDict begin H.S endps:SDict begin 11 H.A endGps:SDict begin [ /View [/XYZ H.V] /Dest (514) cvn H.B /DEST pdfmark endn0`ps:SDict begin H.S endps:SDict begin 11 H.A endGps:SDict begin [ /View [/XYZ H.V] /Dest (515) cvn H.B /DEST pdfmark endϠ0color push Black color popDps:SDict begin H.S endps:SDict begin 11 H.A endGps:SDict begin [ /View [/XYZ H.V] /Dest (516) cvn H.B /DEST pdfmark endSBNIlong-rangemodeminterfacesps:SDict begin H.S endps:SDict begin 11 H.A endGps:SDict begin [ /View [/XYZ H.V] /Dest (518) cvn H.B /DEST pdfmark endps:SDict begin H.S endps:SDict begin 11 H.A endGps:SDict begin [ /View [/XYZ H.V] /Dest (519) cvn H.B /DEST pdfmark end0dvbps:SDict begin H.S endps:SDict begin 11 H.A endGps:SDict begin [ /View [/XYZ H.V] /Dest (520) cvn H.B /DEST pdfmark endn,ps:SDict begin H.S endps:SDict begin 11 H.A endGps:SDict begin [ /View [/XYZ H.V] /Dest (521) cvn H.B /DEST pdfmark endsm200,ps:SDict begin H.S endps:SDict begin 11 H.A endGps:SDict begin [ /View [/XYZ H.V] /Dest (522) cvn H.B /DEST pdfmark endsm300ps:SDict begin H.S endps:SDict begin 11 H.A endGps:SDict begin [ /View [/XYZ H.V] /Dest (523) cvn H.B /DEST pdfmark end\-0color push Black color popDps:SDict begin H.S endps:SDict begin 11 H.A endGps:SDict begin [ /View [/XYZ H.V] /Dest (524) cvn H.B /DEST pdfmark endDVBsatellite-receiveinterfaces 7ps:SDict begin H.S endps:SDict begin 11 H.A endGps:SDict begin [ /View [/XYZ H.V] /Dest (526) cvn H.B /DEST pdfmark endps:SDict begin H.S endps:SDict begin 11 H.A endGps:SDict begin [ /View [/XYZ H.V] /Dest (527) cvn H.B /DEST pdfmark end 0wlanps:SDict begin H.S endps:SDict begin 11 H.A endGps:SDict begin [ /View [/XYZ H.V] /Dest (528) cvn H.B /DEST pdfmark endn,ps:SDict begin H.S endps:SDict begin 11 H.A endGps:SDict begin [ /View [/XYZ H.V] /Dest (529) cvn H.B /DEST pdfmark endwvlanps:SDict begin H.S endps:SDict begin 11 H.A endGps:SDict begin [ /View [/XYZ H.V] /Dest (530) cvn H.B /DEST pdfmark endnps:SDict begin H.S endps:SDict begin 11 H.A endGps:SDict begin [ /View [/XYZ H.V] /Dest (531) cvn H.B /DEST pdfmark end0color push Black color popDps:SDict begin H.S endps:SDict begin 11 H.A endGps:SDict begin [ /View [/XYZ H.V] /Dest (532) cvn H.B /DEST pdfmark endWs8irelessLANinterfaces 7ps:SDict begin H.S endps:SDict begin 11 H.A endGps:SDict begin [ /View [/XYZ H.V] /Dest (534) cvn H.B /DEST pdfmark endps:SDict begin H.S endps:SDict begin 11 H.A endGps:SDict begin [ /View [/XYZ H.V] /Dest (535) cvn H.B /DEST pdfmark end 0tunps:SDict begin H.S endps:SDict begin 11 H.A endGps:SDict begin [ /View [/XYZ H.V] /Dest (536) cvn H.B /DEST pdfmark endn0`ps:SDict begin H.S endps:SDict begin 11 H.A endGps:SDict begin [ /View [/XYZ H.V] /Dest (537) cvn H.B /DEST pdfmark endϠ0color push Black color popDps:SDict begin H.S endps:SDict begin 11 H.A endGps:SDict begin [ /View [/XYZ H.V] /Dest (538) cvn H.B /DEST pdfmark endgenerallogicaltunnelinterfaces ps:SDict begin H.S endps:SDict begin 11 H.A endGps:SDict begin [ /View [/XYZ H.V] /Dest (540) cvn H.B /DEST pdfmark endps:SDict begin H.S endps:SDict begin 11 H.A endGps:SDict begin [ /View [/XYZ H.V] /Dest (541) cvn H.B /DEST pdfmark end.0brgps:SDict begin H.S endps:SDict begin 11 H.A endGps:SDict begin [ /View [/XYZ H.V] /Dest (542) cvn H.B /DEST pdfmark endnips:SDict begin H.S endps:SDict begin 11 H.A endGps:SDict begin [ /View [/XYZ H.V] /Dest (543) cvn H.B /DEST pdfmark endI0color push Black color popDps:SDict begin H.S endps:SDict begin 11 H.A endGps:SDict begin [ /View [/XYZ H.V] /Dest (544) cvn H.B /DEST pdfmark endgenerallogicalbridgeinterfacesps:SDict begin H.S endps:SDict begin 11 H.A endGps:SDict begin [ /View [/XYZ H.V] /Dest (546) cvn H.B /DEST pdfmark endps:SDict begin H.S endps:SDict begin 11 H.A endGps:SDict begin [ /View [/XYZ H.V] /Dest (547) cvn H.B /DEST pdfmark end0hdlcps:SDict begin H.S endps:SDict begin 11 H.A endGps:SDict begin [ /View [/XYZ H.V] /Dest (548) cvn H.B /DEST pdfmark endn0`ps:SDict begin H.S endps:SDict begin 11 H.A endGps:SDict begin [ /View [/XYZ H.V] /Dest (549) cvn H.B /DEST pdfmark endϠ0color push Black color popDps:SDict begin H.S endps:SDict begin 11 H.A endGps:SDict begin [ /View [/XYZ H.V] /Dest (550) cvn H.B /DEST pdfmark endFrameRelaybase(FRAD)interfaces(non-PVC)ps:SDict begin H.S endps:SDict begin 11 H.A endGps:SDict begin [ /View [/XYZ H.V] /Dest (552) cvn H.B /DEST pdfmark endps:SDict begin H.S endps:SDict begin 11 H.A endGps:SDict begin [ /View [/XYZ H.V] /Dest (553) cvn H.B /DEST pdfmark end0pvcps:SDict begin H.S endps:SDict begin 11 H.A endGps:SDict begin [ /View [/XYZ H.V] /Dest (554) cvn H.B /DEST pdfmark endnips:SDict begin H.S endps:SDict begin 11 H.A endGps:SDict begin [ /View [/XYZ H.V] /Dest (555) cvn H.B /DEST pdfmark endI0color push Black color popDps:SDict begin H.S endps:SDict begin 11 H.A endGps:SDict begin [ /View [/XYZ H.V] /Dest (556) cvn H.B /DEST pdfmark endFrameRelayPermanentVs8irtualCircuitinterfacesps:SDict begin H.S endps:SDict begin 11 H.A endGps:SDict begin [ /View [/XYZ H.V] /Dest (557) cvn H.B /DEST pdfmark end0Your|`system'snetworkinterfacesmustbenamedaccordingtotheschemesspecied 0above.0`color push Black19 color pop;⟷ps:SDict begin /product where{pop product(Distiller)search{pop pop pop version(.)search{exch pop exch pop(3011)eq{gsave newpath 0 0 moveto closepath clip/Courier findfont 10 scalefont setfont 72 72 moveto(.)show grestore}if}{pop}ifelse}{pop}ifelse}if end 0`color push Blackcolor push gray 0ps:SDict begin H.S endcolor push gray 0 color popps:SDict begin H.R endKps:SDict begin [ /View [/XYZ H.V] /Dest (page.20) cvn H.B /DEST pdfmark end color popfdChapter2.PreparingtoUseIPTraf color pop0`color push Black20 color pop;.⟷ps:SDict begin /product where{pop product(Distiller)search{pop pop pop version(.)search{exch pop exch pop(3011)eq{gsave newpath 0 0 moveto closepath clip/Courier findfont 10 scalefont setfont 72 72 moveto(.)show grestore}if}{pop}ifelse}{pop}ifelse}if end 0`color push Blackcolor push gray 0ps:SDict begin H.S endcolor push gray 0 color popps:SDict begin H.R endKps:SDict begin [ /View [/XYZ H.V] /Dest (page.21) cvn H.B /DEST pdfmark end color pop color pop`ps:SDict begin H.S endps:SDict begin 11 H.A endLps:SDict begin [ /View [/XYZ H.V] /Dest (ITRAFMON) cvn H.B /DEST pdfmark end ;Chapter3.TheIPT-racMonitorps:SDict begin H.S endps:SDict begin 16.105 H.A endGps:SDict begin [ /View [/XYZ H.V] /Dest (5.0) cvn H.B /DEST pdfmark endWps:SDict begin H.S endps:SDict begin 11 H.A endGps:SDict begin [ /View [/XYZ H.V] /Dest (560) cvn H.B /DEST pdfmark end*0Executing)htherstmenuitemorspecifyingps:SDict begin H.S endps:SDict begin 11 H.A endGps:SDict begin [ /View [/XYZ H.V] /Dest (561) cvn H.B /DEST pdfmark end-itotheps:SDict begin H.S endps:SDict begin 11 H.A endGps:SDict begin [ /View [/XYZ H.V] /Dest (562) cvn H.B /DEST pdfmark endiptrafcommandtakesyouto 0thex:IPwtracmonitorB.Thetracmonitorisareal-timemonitoringsystemthatin-0tercepts,allpacketsonalldetectednetworkinterfaces,decodestheIPinformation0onַallIP֠packetsanddisplaystheappropriateinformation,mostnotablythesource0and0TheVupperwindowofthetracmonitordisplaysthecurrentlydetectedTCPVLcon-0nections.7InformationaboutTCP7}packetsaredisplayedhere.Thewindowcontains0thesepiecesofinformation:ps:SDict begin H.S endps:SDict begin 11 H.A endGps:SDict begin [ /View [/XYZ H.V] /Dest (571) cvn H.B /DEST pdfmark endps:SDict begin H.S endps:SDict begin 11 H.A endGps:SDict begin [ /View [/XYZ H.V] /Dest (572) cvn H.B /DEST pdfmark end.0color push Blackˀ color pop:ps:SDict begin H.S endps:SDict begin 11 H.A endGps:SDict begin [ /View [/XYZ H.V] /Dest (573) cvn H.B /DEST pdfmark endSourceaddressandportps:SDict begin H.S endps:SDict begin 11 H.A endGps:SDict begin [ /View [/XYZ H.V] /Dest (574) cvn H.B /DEST pdfmark end.0color push Blackˀ color pop:ps:SDict begin H.S endps:SDict begin 11 H.A endGps:SDict begin [ /View [/XYZ H.V] /Dest (575) cvn H.B /DEST pdfmark endPacketcount7ps:SDict begin H.S endps:SDict begin 11 H.A endGps:SDict begin [ /View [/XYZ H.V] /Dest (576) cvn H.B /DEST pdfmark end 0color push Blackˀ color pop:ps:SDict begin H.S endps:SDict begin 11 H.A endGps:SDict begin [ /View [/XYZ H.V] /Dest (577) cvn H.B /DEST pdfmark endBytecountps:SDict begin H.S endps:SDict begin 11 H.A endGps:SDict begin [ /View [/XYZ H.V] /Dest (578) cvn H.B /DEST pdfmark end0color push Blackˀ color pop:ps:SDict begin H.S endps:SDict begin 11 H.A endGps:SDict begin [ /View [/XYZ H.V] /Dest (579) cvn H.B /DEST pdfmark endSourceMACaddress7ps:SDict begin H.S endps:SDict begin 11 H.A endGps:SDict begin [ /View [/XYZ H.V] /Dest (580) cvn H.B /DEST pdfmark end 0color push Blackˀ color pop:ps:SDict begin H.S endps:SDict begin 11 H.A endGps:SDict begin [ /View [/XYZ H.V] /Dest (581) cvn H.B /DEST pdfmark endPacketSizeps:SDict begin H.S endps:SDict begin 11 H.A endGps:SDict begin [ /View [/XYZ H.V] /Dest (582) cvn H.B /DEST pdfmark end0color push Blackˀ color pop:ps:SDict begin H.S endps:SDict begin 11 H.A endGps:SDict begin [ /View [/XYZ H.V] /Dest (583) cvn H.B /DEST pdfmark endWs8indowSizeps:SDict begin H.S endps:SDict begin 11 H.A endGps:SDict begin [ /View [/XYZ H.V] /Dest (584) cvn H.B /DEST pdfmark end0color push Blackˀ color pop:ps:SDict begin H.S endps:SDict begin 11 H.A endGps:SDict begin [ /View [/XYZ H.V] /Dest (585) cvn H.B /DEST pdfmark endTCPagstatusesps:SDict begin H.S endps:SDict begin 11 H.A endGps:SDict begin [ /View [/XYZ H.V] /Dest (586) cvn H.B /DEST pdfmark end.0color push Blackˀ color pop:ps:SDict begin H.S endps:SDict begin 11 H.A endGps:SDict begin [ /View [/XYZ H.V] /Dest (587) cvn H.B /DEST pdfmark endInterfaceps:SDict begin H.S endps:SDict begin 9.9 H.A endGps:SDict begin [ /View [/XYZ H.V] /Dest (588) cvn H.B /DEST pdfmark endps:SDict begin H.S endps:SDict begin 9.9 H.A endGps:SDict begin [ /View [/XYZ H.V] /Dest (590) cvn H.B /DEST pdfmark end ^DNote:9PreviousvfersionsofIPTrafshovwedboththesourceanddestinationaddresseson fDeachlinev.IPTraf2andhighershowonlytheps:SDict begin H.S endps:SDict begin 9.9 H.A endGps:SDict begin [ /View [/XYZ H.V] /Dest (591) cvn H.B /DEST pdfmark endps:SDict begin H.S endps:SDict begin 9.9 H.A endGps:SDict begin [ /View [/XYZ H.V] /Dest (592) cvn H.B /DEST pdfmark end( pcrro8tsource)host:ps:SDict begin H.S endps:SDict begin 9.9 H.A endGps:SDict begin [ /View [/XYZ H.V] /Dest (593) cvn H.B /DEST pdfmark endportcombinationtosavfeonDscreenQrealestatev.TCP3connectionendpointsarestillindicatedwiththegreenbracketsD(on}colorter9minals)alongtheleftedgeofthescreen. ps:SDict begin H.S endps:SDict begin 11 H.A endGps:SDict begin [ /View [/XYZ H.V] /Dest (594) cvn H.B /DEST pdfmark end 0TheUpandDowncursorkeysmoveanindicatorbarbetweenentriesintheTCP0monitorB,scrollingthewindowifnecessary.ThePgUpandPgDnkeysdisplaythe0previousandnextscreenfulsofentriesrespectively.ps:SDict begin H.S endps:SDict begin 11 H.A endGps:SDict begin [ /View [/XYZ H.V] /Dest (595) cvn H.B /DEST pdfmark end0TheIPtracmonitorcomputesthedataowrateofthecurrentlyhighlightedTCP0owEanddisplaysitonthelower-rightcornerofthescreen.Theowrateisinkilo-0bitsorkilobytesperseconddependingontheps:SDict begin H.S endps:SDict begin 11 H.A endGps:SDict begin [ /View [/XYZ H.V] /Dest (596) cvn H.B /DEST pdfmark endActivitymodeswitchintheps:SDict begin H.S endps:SDict begin 11 H.A endGps:SDict begin [ /View [/XYZ H.V] /Dest (597) cvn H.B /DEST pdfmark endcolor push gray 0ps:SDict begin H.S endCongure...ps:SDict begin 11 H.L endlps:SDict begin [ /Subtype /Link /Dest (CONFIG) cvn /H /I /Border [0 0 0] /Color [1 0 0] H.B /ANN pdfmark end color pop0menu.0`color push Black21 color pop;ב⟷ps:SDict begin /product where{pop product(Distiller)search{pop pop pop version(.)search{exch pop exch pop(3011)eq{gsave newpath 0 0 moveto closepath clip/Courier findfont 10 scalefont setfont 72 72 moveto(.)show grestore}if}{pop}ifelse}{pop}ifelse}if end 0`color push Blackcolor push gray 0ps:SDict begin H.S endcolor push gray 0 color popps:SDict begin H.R endKps:SDict begin [ /View [/XYZ H.V] /Dest (page.22) cvn H.B /DEST pdfmark end color popfdps:SDict begin H.S endps:SDict begin 11 H.A endGps:SDict begin [ /View [/XYZ H.V] /Dest (656) cvn H.B /DEST pdfmark endfdChapter3.TheIPTracMonitor color pop`ps:SDict begin H.S endps:SDict begin 11 H.A endGps:SDict begin [ /View [/XYZ H.V] /Dest (599) cvn H.B /DEST pdfmark end 0BecauseA`thismonitoringsystemreliessolelyonpacketinformation,itdoesnotde- 0termineD\whichendpointinitiatedtheconnection.Inotherwords,itdoesnotknow0whichendpointsaretheclientandserverB.Thisisnecessarybecauseitcanoperatein0promiscuousmode,andassuchcannotdeterminethesocketstatusesforotherma-0chines(ontheLAN.HoweverB,alittleknowledgeofthewell-knownTCPportnum-0berscangiveagoodideaaboutwhichaddressisthatoftheserverB.ps:SDict begin H.S endps:SDict begin 11 H.A endGps:SDict begin [ /View [/XYZ H.V] /Dest (600) cvn H.B /DEST pdfmark end.0Theisystemthereforeidisplaystwoentriesforeachconnection,oneforeachdirection0of[ctheTCP[Zconnection.Tomakeiteasiertodeterminethedirectionpairsofeachcon-0nection,~abracketisusedto"join"bothtogetherB.Thisbracketappearsattheleftmost0partofeachentry.ps:SDict begin H.S endps:SDict begin 11 H.A endGps:SDict begin [ /View [/XYZ H.V] /Dest (601) cvn H.B /DEST pdfmark end.0Just@sbecauseahostentryappearsattheupperendofaconnectionbracketdoesn't0meanitwastheinitiatoroftheconnection.7ps:SDict begin H.S endps:SDict begin 11 H.A endGps:SDict begin [ /View [/XYZ H.V] /Dest (602) cvn H.B /DEST pdfmark end 0Eachentryinthewindowcontainstheseelds:ps:SDict begin H.S endps:SDict begin 11 H.A endGps:SDict begin [ /View [/XYZ H.V] /Dest (603) cvn H.B /DEST pdfmark endps:SDict begin H.S endps:SDict begin 11 H.A endGps:SDict begin [ /View [/XYZ H.V] /Dest (605) cvn H.B /DEST pdfmark endps:SDict begin H.S endps:SDict begin 11 H.A endGps:SDict begin [ /View [/XYZ H.V] /Dest (606) cvn H.B /DEST pdfmark end0Sourceaddressandport‡ps:SDict begin H.S endps:SDict begin 11 H.A endGps:SDict begin [ /View [/XYZ H.V] /Dest (607) cvn H.B /DEST pdfmark end =y0color push Black color popDps:SDict begin H.S endps:SDict begin 11 H.A endGps:SDict begin [ /View [/XYZ H.V] /Dest (608) cvn H.B /DEST pdfmark endSzThesourceaddressandportindicatorisinps:SDict begin H.S endps:SDict begin 11 H.A endGps:SDict begin [ /View [/XYZ H.V] /Dest (609) cvn H.B /DEST pdfmark endaddress:ps:SDict begin H.S endps:SDict begin 11 H.A endGps:SDict begin [ /View [/XYZ H.V] /Dest (610) cvn H.B /DEST pdfmark endportformat.Thisindi-DcatesthesourcemachineandTCPportonthatmachinefromwhichthisdataisDcoming.ps:SDict begin H.S endps:SDict begin 11 H.A endGps:SDict begin [ /View [/XYZ H.V] /Dest (611) cvn H.B /DEST pdfmark endDThedestinationisthehost:portattheotherendofthebracket. ps:SDict begin H.S endps:SDict begin 11 H.A endGps:SDict begin [ /View [/XYZ H.V] /Dest (613) cvn H.B /DEST pdfmark endps:SDict begin H.S endps:SDict begin 11 H.A endGps:SDict begin [ /View [/XYZ H.V] /Dest (614) cvn H.B /DEST pdfmark end0Packetcountps:SDict begin H.S endps:SDict begin 11 H.A endGps:SDict begin [ /View [/XYZ H.V] /Dest (615) cvn H.B /DEST pdfmark end%0color push Black color popDps:SDict begin H.S endps:SDict begin 11 H.A endGps:SDict begin [ /View [/XYZ H.V] /Dest (616) cvn H.B /DEST pdfmark endThenumberofpacketsreceivedforthisdirectionoftheTCPconnection ps:SDict begin H.S endps:SDict begin 11 H.A endGps:SDict begin [ /View [/XYZ H.V] /Dest (618) cvn H.B /DEST pdfmark endps:SDict begin H.S endps:SDict begin 11 H.A endGps:SDict begin [ /View [/XYZ H.V] /Dest (619) cvn H.B /DEST pdfmark end0Bytecount‡ps:SDict begin H.S endps:SDict begin 11 H.A endGps:SDict begin [ /View [/XYZ H.V] /Dest (620) cvn H.B /DEST pdfmark end =y0color push Black color popDps:SDict begin H.S endps:SDict begin 11 H.A endGps:SDict begin [ /View [/XYZ H.V] /Dest (621) cvn H.B /DEST pdfmark endc[ThenumberofbytesreceivedforthisdirectionoftheTCPc connection.TheseDbytesincludetotalIPandTCPheaderinformation,inadditiontotheactualdata.DDatalinkheader(e.g.EthernetandFDDI)dataarenotincluded. ps:SDict begin H.S endps:SDict begin 11 H.A endGps:SDict begin [ /View [/XYZ H.V] /Dest (623) cvn H.B /DEST pdfmark endps:SDict begin H.S endps:SDict begin 11 H.A endGps:SDict begin [ /View [/XYZ H.V] /Dest (624) cvn H.B /DEST pdfmark end0SourceMACaddressps:SDict begin H.S endps:SDict begin 11 H.A endGps:SDict begin [ /View [/XYZ H.V] /Dest (625) cvn H.B /DEST pdfmark end%0color push Black color popDps:SDict begin H.S endps:SDict begin 11 H.A endGps:SDict begin [ /View [/XYZ H.V] /Dest (626) cvn H.B /DEST pdfmark endޟTheaddressofthehostonyourlocalLANއthatdeliveredthispacket.ThiscanDbeηviewedbypressingM΢onceifps:SDict begin H.S endps:SDict begin 11 H.A endGps:SDict begin [ /View [/XYZ H.V] /Dest (627) cvn H.B /DEST pdfmark endSourceMAC΢addrsintracmonitorisenabledDintheps:SDict begin H.S endps:SDict begin 11 H.A endGps:SDict begin [ /View [/XYZ H.V] /Dest (628) cvn H.B /DEST pdfmark endcolor push gray 0ps:SDict begin H.S endCongure...ps:SDict begin 11 H.L endlps:SDict begin [ /Subtype /Link /Dest (CONFIG) cvn /H /I /Border [0 0 0] /Color [1 0 0] H.B /ANN pdfmark end color pop2menu. ‡ps:SDict begin H.S endps:SDict begin 11 H.A endGps:SDict begin [ /View [/XYZ H.V] /Dest (631) cvn H.B /DEST pdfmark endps:SDict begin H.S endps:SDict begin 11 H.A endGps:SDict begin [ /View [/XYZ H.V] /Dest (632) cvn H.B /DEST pdfmark end=y0PacketSizeps:SDict begin H.S endps:SDict begin 11 H.A endGps:SDict begin [ /View [/XYZ H.V] /Dest (633) cvn H.B /DEST pdfmark end%0color push Black color popDps:SDict begin H.S endps:SDict begin 11 H.A endGps:SDict begin [ /View [/XYZ H.V] /Dest (634) cvn H.B /DEST pdfmark endoThesizeofthemostrecentlyreceivedpacket.ThisitemisvisibleifyoupressMDforFmoreTCPFinformation.ThisisthesizeoftheIPdatagramonly,notincludingDthedatalinkheaderB. 7ps:SDict begin H.S endps:SDict begin 11 H.A endGps:SDict begin [ /View [/XYZ H.V] /Dest (636) cvn H.B /DEST pdfmark endps:SDict begin H.S endps:SDict begin 11 H.A endGps:SDict begin [ /View [/XYZ H.V] /Dest (637) cvn H.B /DEST pdfmark end 0WindowSizeps:SDict begin H.S endps:SDict begin 11 H.A endGps:SDict begin [ /View [/XYZ H.V] /Dest (638) cvn H.B /DEST pdfmark end%0color push Black color popDps:SDict begin H.S endps:SDict begin 11 H.A endGps:SDict begin [ /View [/XYZ H.V] /Dest (639) cvn H.B /DEST pdfmark endTheadvertisedwindowsizeofthemostrecentlyreceivedpacket.ThisitemisDvisibleifyoupressMformoreTCPinformation. ps:SDict begin H.S endps:SDict begin 11 H.A endGps:SDict begin [ /View [/XYZ H.V] /Dest (641) cvn H.B /DEST pdfmark endps:SDict begin H.S endps:SDict begin 11 H.A endGps:SDict begin [ /View [/XYZ H.V] /Dest (642) cvn H.B /DEST pdfmark end.0Flagstatuses‡ps:SDict begin H.S endps:SDict begin 11 H.A endGps:SDict begin [ /View [/XYZ H.V] /Dest (643) cvn H.B /DEST pdfmark end =y0color push Black color popDps:SDict begin H.S endps:SDict begin 11 H.A endGps:SDict begin [ /View [/XYZ H.V] /Dest (644) cvn H.B /DEST pdfmark endTheagsofthemostrecentlyreceivedpacket.ps:SDict begin H.S endps:SDict begin 11 H.A endGps:SDict begin [ /View [/XYZ H.V] /Dest (645) cvn H.B /DEST pdfmark endps:SDict begin H.S endps:SDict begin 11 H.A endGps:SDict begin [ /View [/XYZ H.V] /Dest (647) cvn H.B /DEST pdfmark endps:SDict begin H.S endps:SDict begin 11 H.A endGps:SDict begin [ /View [/XYZ H.V] /Dest (648) cvn H.B /DEST pdfmark endDS0`ps:SDict begin H.S endps:SDict begin 11 H.A endGps:SDict begin [ /View [/XYZ H.V] /Dest (649) cvn H.B /DEST pdfmark endϠDcolor push Black color popXps:SDict begin H.S endps:SDict begin 11 H.A endGps:SDict begin [ /View [/XYZ H.V] /Dest (650) cvn H.B /DEST pdfmark endnSYN.Ansynchronizationistakingplaceinpreparationforconnectiones- Xtablishment.6Ifonlyanps:SDict begin H.S endps:SDict begin 11 H.A endGps:SDict begin [ /View [/XYZ H.V] /Dest (651) cvn H.B /DEST pdfmark endS6dispresent(ps:SDict begin H.S endps:SDict begin 11 H.A endGps:SDict begin [ /View [/XYZ H.V] /Dest (652) cvn H.B /DEST pdfmark endS---)thesourceistryingtoinitiatea0`color push Black22 color pop;v⟷ps:SDict begin /product where{pop product(Distiller)search{pop pop pop version(.)search{exch pop exch pop(3011)eq{gsave newpath 0 0 moveto closepath clip/Courier findfont 10 scalefont setfont 72 72 moveto(.)show grestore}if}{pop}ifelse}{pop}ifelse}if end 0`color push Blackcolor push gray 0ps:SDict begin H.S endcolor push gray 0 color popps:SDict begin H.R endKps:SDict begin [ /View [/XYZ H.V] /Dest (page.23) cvn H.B /DEST pdfmark end color popfdZChapter3.TheIPTracMonitor color popconnection.Ifanps:SDict begin H.S endps:SDict begin 11 H.A endGps:SDict begin [ /View [/XYZ H.V] /Dest (653) cvn H.B /DEST pdfmark endAnisalsopresent(ps:SDict begin H.S endps:SDict begin 11 H.A endGps:SDict begin [ /View [/XYZ H.V] /Dest (654) cvn H.B /DEST pdfmark endS-A-),thisisanacknowledgmentofa previousconnectionrequest,andisresponding.A`ps:SDict begin H.S endps:SDict begin 11 H.A endGps:SDict begin [ /View [/XYZ H.V] /Dest (658) cvn H.B /DEST pdfmark endDcolor push Black color popXps:SDict begin H.S endps:SDict begin 11 H.A endGps:SDict begin [ /View [/XYZ H.V] /Dest (659) cvn H.B /DEST pdfmark endACK.Thisisanacknowledgmentofapreviouslyreceivedpacket ps:SDict begin H.S endps:SDict begin 11 H.A endGps:SDict begin [ /View [/XYZ H.V] /Dest (661) cvn H.B /DEST pdfmark endps:SDict begin H.S endps:SDict begin 11 H.A endGps:SDict begin [ /View [/XYZ H.V] /Dest (662) cvn H.B /DEST pdfmark end.DPps:SDict begin H.S endps:SDict begin 11 H.A endGps:SDict begin [ /View [/XYZ H.V] /Dest (663) cvn H.B /DEST pdfmark endDcolor push Black color popXps:SDict begin H.S endps:SDict begin 11 H.A endGps:SDict begin [ /View [/XYZ H.V] /Dest (664) cvn H.B /DEST pdfmark endPSH.Arequesttopushalldatatothetopofthereceivingqueueps:SDict begin H.S endps:SDict begin 11 H.A endGps:SDict begin [ /View [/XYZ H.V] /Dest (666) cvn H.B /DEST pdfmark endps:SDict begin H.S endps:SDict begin 11 H.A endGps:SDict begin [ /View [/XYZ H.V] /Dest (667) cvn H.B /DEST pdfmark end.DU0`ps:SDict begin H.S endps:SDict begin 11 H.A endGps:SDict begin [ /View [/XYZ H.V] /Dest (668) cvn H.B /DEST pdfmark endϠDcolor push Black color popXps:SDict begin H.S endps:SDict begin 11 H.A endGps:SDict begin [ /View [/XYZ H.V] /Dest (669) cvn H.B /DEST pdfmark endURG.Thispacketcontainsurgentdataps:SDict begin H.S endps:SDict begin 11 H.A endGps:SDict begin [ /View [/XYZ H.V] /Dest (671) cvn H.B /DEST pdfmark endps:SDict begin H.S endps:SDict begin 11 H.A endGps:SDict begin [ /View [/XYZ H.V] /Dest (672) cvn H.B /DEST pdfmark endDRESET0`ps:SDict begin H.S endps:SDict begin 11 H.A endGps:SDict begin [ /View [/XYZ H.V] /Dest (673) cvn H.B /DEST pdfmark endϠDcolor push Black color popXps:SDict begin H.S endps:SDict begin 11 H.A endGps:SDict begin [ /View [/XYZ H.V] /Dest (674) cvn H.B /DEST pdfmark endn+RSTB.Thesourcemachineindicatedinthisdirectionresettheentireconnec- Xtion.zThedirectionentriesforresetconnectionsbecomeavailablefornewXconnections. 7ps:SDict begin H.S endps:SDict begin 11 H.A endGps:SDict begin [ /View [/XYZ H.V] /Dest (676) cvn H.B /DEST pdfmark endps:SDict begin H.S endps:SDict begin 11 H.A endGps:SDict begin [ /View [/XYZ H.V] /Dest (677) cvn H.B /DEST pdfmark end DDONEps:SDict begin H.S endps:SDict begin 11 H.A endGps:SDict begin [ /View [/XYZ H.V] /Dest (678) cvn H.B /DEST pdfmark endϠDcolor push Black color popXps:SDict begin H.S endps:SDict begin 11 H.A endGps:SDict begin [ /View [/XYZ H.V] /Dest (679) cvn H.B /DEST pdfmark end!XTheconnectionisdonesendingdatainthisdirection,andhassentaFINX(nished)packet,buthasnotyetbeenacknowledgedbytheotherhost. ps:SDict begin H.S endps:SDict begin 11 H.A endGps:SDict begin [ /View [/XYZ H.V] /Dest (681) cvn H.B /DEST pdfmark endps:SDict begin H.S endps:SDict begin 11 H.A endGps:SDict begin [ /View [/XYZ H.V] /Dest (682) cvn H.B /DEST pdfmark end.DCLOSEDps:SDict begin H.S endps:SDict begin 11 H.A endGps:SDict begin [ /View [/XYZ H.V] /Dest (683) cvn H.B /DEST pdfmark endϠDcolor push Black color popXps:SDict begin H.S endps:SDict begin 11 H.A endGps:SDict begin [ /View [/XYZ H.V] /Dest (684) cvn H.B /DEST pdfmark end3TheFIN3hasbeenacknowledgedbytheotherhost.WhenbothdirectionsofXawconnectionaremarkedCLOSED,theentriestheyoccupybecomeavailableXfornewconnectionentries. 7ps:SDict begin H.S endps:SDict begin 11 H.A endGps:SDict begin [ /View [/XYZ H.V] /Dest (686) cvn H.B /DEST pdfmark endps:SDict begin H.S endps:SDict begin 11 H.A endGps:SDict begin [ /View [/XYZ H.V] /Dest (687) cvn H.B /DEST pdfmark end D-ps:SDict begin H.S endps:SDict begin 11 H.A endGps:SDict begin [ /View [/XYZ H.V] /Dest (688) cvn H.B /DEST pdfmark endDcolor push Black color popXps:SDict begin H.S endps:SDict begin 11 H.A endGps:SDict begin [ /View [/XYZ H.V] /Dest (689) cvn H.B /DEST pdfmark endTheagisnotset ps:SDict begin H.S endps:SDict begin 11 H.A endGps:SDict begin [ /View [/XYZ H.V] /Dest (690) cvn H.B /DEST pdfmark end.0Some4otherpiecesofinformationcanbeviewedaswell.TheM4bkeydisplaysmore0TCP information. ,PressingMoncedisplaystheMACaddressesoftheLANhoststhat0deliveredthepackets(iftheps:SDict begin H.S endps:SDict begin 11 H.A endGps:SDict begin [ /View [/XYZ H.V] /Dest (691) cvn H.B /DEST pdfmark endSourceMACaddrsintracmonitoroptionisenabledinthe0ps:SDict begin H.S endps:SDict begin 11 H.A endGps:SDict begin [ /View [/XYZ H.V] /Dest (692) cvn H.B /DEST pdfmark endcolor push gray 0ps:SDict begin H.S endCongure...ps:SDict begin 11 H.L endlps:SDict begin [ /Subtype /Link /Dest (CONFIG) cvn /H /I /Border [0 0 0] /Color [1 0 0] H.B /ANN pdfmark end color pop2Omenu).sHps:SDict begin H.S endps:SDict begin 11 H.A endGps:SDict begin [ /View [/XYZ H.V] /Dest (694) cvn H.B /DEST pdfmark endN/AsEisdisplayedifnopacketshavebeenreceivedfromthesource0yet,oriftheinterfacedoesn'tsupportMACaddresses(suchasPPPinterfaces).ps:SDict begin H.S endps:SDict begin 11 H.A endGps:SDict begin [ /View [/XYZ H.V] /Dest (695) cvn H.B /DEST pdfmark end0Iftheps:SDict begin H.S endps:SDict begin 11 H.A endGps:SDict begin [ /View [/XYZ H.V] /Dest (696) cvn H.B /DEST pdfmark endSourceMAC~addrsintracmonitoroptionisnotenabled,pressingM~simply0togglesbetweenthecountsandthepacketandwindowsizes.ps:SDict begin H.S endps:SDict begin 11 H.A endGps:SDict begin [ /View [/XYZ H.V] /Dest (697) cvn H.B /DEST pdfmark end0ByHdefault,onlyIP4addressesaredisplayed,butifyouhaveaccesstoanameserver0orBhosttable,youmayenablereverselookupfortheIPBaddresses.Justenablereverse0lookupintheps:SDict begin H.S endps:SDict begin 11 H.A endGps:SDict begin [ /View [/XYZ H.V] /Dest (698) cvn H.B /DEST pdfmark endcolor push gray 0ps:SDict begin H.S endCongure...ps:SDict begin 11 H.L endlps:SDict begin [ /Subtype /Link /Dest (CONFIG) cvn /H /I /Border [0 0 0] /Color [1 0 0] H.B /ANN pdfmark end color pop2menu.0`color push Black23 color pop;%⟷ps:SDict begin /product where{pop product(Distiller)search{pop pop pop version(.)search{exch pop exch pop(3011)eq{gsave newpath 0 0 moveto closepath clip/Courier findfont 10 scalefont setfont 72 72 moveto(.)show grestore}if}{pop}ifelse}{pop}ifelse}if end 0`color push Blackcolor push gray 0ps:SDict begin H.S endcolor push gray 0 color popps:SDict begin H.R endKps:SDict begin [ /View [/XYZ H.V] /Dest (page.24) cvn H.B /DEST pdfmark end color popfdChapter3.TheIPTracMonitor color pop: VL Yps:SDict begin H.S endps:SDict begin 11 H.A endGps:SDict begin [ /View [/XYZ H.V] /Dest (700) cvn H.B /DEST pdfmark end9ThervnamedProcesskps:SDict begin H.S endps:SDict begin 11 H.A endGps:SDict begin [ /View [/XYZ H.V] /Dest (702) cvn H.B /DEST pdfmark end ╍TheIPtracmonitorstartsadaemoncalledps:SDict begin H.S endps:SDict begin 11 H.A endGps:SDict begin [ /View [/XYZ H.V] /Dest (703) cvn H.B /DEST pdfmark endrvnamedtohelpspeedup reverse- lookupswithoutsacricingtoomuchkeyboardcontrolandaccu-racyPofthecounts.Whilereverselookupisbeingconductedintheback-ground,IPaddresseswillbeuseduntiltheresolutioniscomplete.ps:SDict begin H.S endps:SDict begin 11 H.A endGps:SDict begin [ /View [/XYZ H.V] /Dest (704) cvn H.B /DEST pdfmark end.If;lforsomereasonps:SDict begin H.S endps:SDict begin 11 H.A endGps:SDict begin [ /View [/XYZ H.V] /Dest (705) cvn H.B /DEST pdfmark endrvnamedcannotstart(probablyduetoimproperin-stallationorlackofmemory),andyouareontheInternet,andyouenablereverse?lookup,yourkeyboardcontrolcanbecomeveryslow.Thisisbe-causethestandardlookupfunctionsdonotreturnuntiltheyhavecom-pletedtheirtasks,anditcantakeseveralsecondsforanameresolutionintheforegroundtocomplete.ps:SDict begin H.S endps:SDict begin 11 H.A endGps:SDict begin [ /View [/XYZ H.V] /Dest (706) cvn H.B /DEST pdfmark endps:SDict begin H.S endps:SDict begin 11 H.A endGps:SDict begin [ /View [/XYZ H.V] /Dest (707) cvn H.B /DEST pdfmark end.rvnamedwillspawnupto200childrentoprocessreverseDNSqueries.J Lހps:SDict begin H.S endps:SDict begin 9.9 H.A endGps:SDict begin [ /View [/XYZ H.V] /Dest (708) cvn H.B /DEST pdfmark end`ps:SDict begin H.S endps:SDict begin 9.9 H.A endGps:SDict begin [ /View [/XYZ H.V] /Dest (710) cvn H.B /DEST pdfmark endDTip:IfyounoticeunusualSYNactivity(toomanvyinitial(ps:SDict begin H.S endps:SDict begin 9.9 H.A endGps:SDict begin [ /View [/XYZ H.V] /Dest (711) cvn H.B /DEST pdfmark endS---)butfrozvenSYNentr"ies,or fDrapidly`increasinginitialSYNKpackets`forasingleconnection),youmaybeunderaSYNDoodingcattackorTCP\por\#tscan.Applyappropr"iatemeasuresv,orthetargetedmachinesDmay}begindenvyingnetwor"kserEvices. ps:SDict begin H.S endps:SDict begin 11 H.A endGps:SDict begin [ /View [/XYZ H.V] /Dest (712) cvn H.B /DEST pdfmark end 0Entriesnotupdatedwithinauser-congurableamountoftimemaygetreplaced0with7newconnections.Thedefaulttimeis15minutes.Thisisregardless7ofwhether0the?connectionisclosedornot.(Someunclosedconnectionsmaybeduetoextremely0slowlinksorcrashesateitherendoftheconnection.)Thisgurecanbechangedat0theps:SDict begin H.S endps:SDict begin 11 H.A endGps:SDict begin [ /View [/XYZ H.V] /Dest (713) cvn H.B /DEST pdfmark endcolor push gray 0ps:SDict begin H.S endCongure...ps:SDict begin 11 H.L endlps:SDict begin [ /Subtype /Link /Dest (CONFIG) cvn /H /I /Border [0 0 0] /Color [1 0 0] H.B /ANN pdfmark end color pop2menu.‡ps:SDict begin H.S endps:SDict begin 11 H.A endGps:SDict begin [ /View [/XYZ H.V] /Dest (715) cvn H.B /DEST pdfmark end=y0Someearlyentriesmayhavea b> cmmi10>symbolinfrontofitspacketcount.Thismeans0theconnectionwasalreadyestablishedwhenthemonitorstarted.Inotherwords,0the guresindicateddonotreectthecountssincethestartoftheTCPconnection,0but^ratherB,sincethestartofthetracmonitor.Eventually,these>entrieswillclose0(ortimeout)anddisappearB.TCPentrieswithoutthe>wereinitiatedafterthetraf-0c4monitorstarted,andthecountsindicatethetotalsoftheconnectionitself.Just0considerentrieswith>partial.ps:SDict begin H.S endps:SDict begin 11 H.A endGps:SDict begin [ /View [/XYZ H.V] /Dest (716) cvn H.B /DEST pdfmark end.0Some\>entriesmaygoidleifthetracmonitorwasstartedwhentheseconnections0wereLalreadyhalf-closed(FINLsentbyonehost,butdatastillbeingsentbytheother).0ThisLisbecausethetracmonitorcannotdetermineifaconnectionwasalreadyhalf-0closedwhenitstarted.Theseentrieswilleventuallytimeout.(Tominimizethese0entries,(anentryisnotaddedbythemonitoruntilapacketwithdataoraSYN(~packet0isreceived.)Pps:SDict begin H.S endps:SDict begin 11 H.A endGps:SDict begin [ /View [/XYZ H.V] /Dest (717) cvn H.B /DEST pdfmark end簍0Direction(entriesalsobecomeavailableforreuseifanICMP(DestinationUnreachable0messageisreceivedfortheconnection.ps:SDict begin H.S endps:SDict begin 11 H.A endGps:SDict begin [ /View [/XYZ H.V] /Dest (718) cvn H.B /DEST pdfmark end.0TherlowerpartofthescreencontainsasummarylineshowingtheIP,TCP,UDP,0ICMP,handnon-IPAbytecountssincethestartofthemonitorB.TheIP,TCP,UDP,and0ICMPcountsincludeonlytheIPdatagramheaderanddata,notthedata-linkhead-0ers.Thenon-IPcountincludesthedata-linkheaders.7ps:SDict begin H.S endps:SDict begin 9.9 H.A endGps:SDict begin [ /View [/XYZ H.V] /Dest (719) cvn H.B /DEST pdfmark endps:SDict begin H.S endps:SDict begin 9.9 H.A endGps:SDict begin [ /View [/XYZ H.V] /Dest (721) cvn H.B /DEST pdfmark end ^DTuechnicalnote:IPForwardingandMasquerading:PreviousvfersionsofIPTrafissued fDacwvar9ningifthekernelhadIPcmasqueradingenabledduetothewvaytheker9nelmasquer-DadedandtranslatedtheIPTaddressesv.Thenewker9nelsnolongerdoitasbeforeandDIPTrafWnovwgivfesoutputproper"lyonmasqueradingmachinesv.Theps:SDict begin H.S endps:SDict begin 9.9 H.A endGps:SDict begin [ /View [/XYZ H.V] /Dest (722) cvn H.B /DEST pdfmark end-qparameterisnoDlonger}requiredtosuppressthewvar9ningscreen.0`color push Black24 color pop;C⟷ps:SDict begin /product where{pop product(Distiller)search{pop pop pop version(.)search{exch pop exch pop(3011)eq{gsave newpath 0 0 moveto closepath clip/Courier findfont 10 scalefont setfont 72 72 moveto(.)show grestore}if}{pop}ifelse}{pop}ifelse}if end 0`color push Blackcolor push gray 0ps:SDict begin H.S endcolor push gray 0 color popps:SDict begin H.R endKps:SDict begin [ /View [/XYZ H.V] /Dest (page.25) cvn H.B /DEST pdfmark end color popfdZChapter3.TheIPTracMonitor color pop`ps:SDict begin H.S endps:SDict begin 9.9 H.A endGps:SDict begin [ /View [/XYZ H.V] /Dest (723) cvn H.B /DEST pdfmark end DOn1forwvarding(non-masquerading)machinespackets1andTCP1connectionssimplyap- fDpeartwicev,oneeachfortheincomingandoutgoinginterfacesifallinterafacesarebeingDmonitored.zps:SDict begin H.S endps:SDict begin 9.9 H.A endGps:SDict begin [ /View [/XYZ H.V] /Dest (724) cvn H.B /DEST pdfmark end 썑DOnUmasqueradingmachinesv,packetsUandconnectionsfromtheinter9nalnetwor"ktotheDexter9nal9networ"kalsoappeartwicev,onefortheinter9nalandexter9nalinterfacev.PacketsDcomingbfromtheinter9nalnetwor"kwillbeindicatedascomingfromtheinternalIPbaddressDthatsourcedthem,andalsoascomingfromtheIPaddressoftheexter9nalinterfaceonDyourd=masqueradingmachinev.Inmuchthesamewvay,packetsd=cominginfromtheexter9nalDnetwor"ka+willlooklikethey'redestinedfortheexter9nalinterface'sIPa#addressv,andagainasDdestined}forthenalhostontheinter9nalnetwor"k.ps:SDict begin H.S endps:SDict begin 11 H.A endGps:SDict begin [ /View [/XYZ H.V] /Dest (725) cvn H.B /DEST pdfmark end!O\Closed/Idle/Timed]OutConnectionsps:SDict begin H.S endps:SDict begin 13.31 H.A endLps:SDict begin [ /View [/XYZ H.V] /Dest (5.14.5.2) cvn H.B /DEST pdfmark end3ps:SDict begin H.S endps:SDict begin 11 H.A endGps:SDict begin [ /View [/XYZ H.V] /Dest (727) cvn H.B /DEST pdfmark end M0AATCPconnectionAentrythatcloses,getsreset,orstaysidletoolongnormallygets 0replacedjwithnewconnections.HoweverB,iftherearetoomanyofthese,activecon-0nectionsmaybecomeinterspersedamongclosed,reset,oridleentries.ps:SDict begin H.S endps:SDict begin 11 H.A endGps:SDict begin [ /View [/XYZ H.V] /Dest (728) cvn H.B /DEST pdfmark end.0IPTrafecanbesettoautomaticallyremoveallclosed,reset,andidleentrieswiththe0ps:SDict begin H.S endps:SDict begin 11 H.A endGps:SDict begin [ /View [/XYZ H.V] /Dest (729) cvn H.B /DEST pdfmark endTCP^closed/idlespersistence...congurationoption.YoucanalsopresstheFkeytoim-0mediatelyclearthematanytime.ps:SDict begin H.S endps:SDict begin 9.9 H.A endGps:SDict begin [ /View [/XYZ H.V] /Dest (730) cvn H.B /DEST pdfmark endps:SDict begin H.S endps:SDict begin 9.9 H.A endGps:SDict begin [ /View [/XYZ H.V] /Dest (732) cvn H.B /DEST pdfmark end~DNote:O#Theps:SDict begin H.S endps:SDict begin 9.9 H.A endGps:SDict begin [ /View [/XYZ H.V] /Dest (733) cvn H.B /DEST pdfmark end8ځ phvro8tTCPOtimeout...optiononlytellsIPTrafhovwlongitshouldtakebeforeaconnec- fDtionshouldbeconsideredidleandopentoreplacementbynewconnectionsv.ThisdoesDnotdeter9minehovwlongitremainson-screen.Theps:SDict begin H.S endps:SDict begin 9.9 H.A endGps:SDict begin [ /View [/XYZ H.V] /Dest (734) cvn H.B /DEST pdfmark endTCPclosed/idlepersistence...param-Deterjushesentr"iesthathavfebeenidleforthenumberofminutesdenedbytheps:SDict begin H.S endps:SDict begin 9.9 H.A endGps:SDict begin [ /View [/XYZ H.V] /Dest (735) cvn H.B /DEST pdfmark endTCPDtimeout...}option. ps:SDict begin H.S endps:SDict begin 11 H.A endGps:SDict begin [ /View [/XYZ H.V] /Dest (736) cvn H.B /DEST pdfmark end!O\Sor=ting]TCPEntriesps:SDict begin H.S endps:SDict begin 13.31 H.A endLps:SDict begin [ /View [/XYZ H.V] /Dest (5.14.6.2) cvn H.B /DEST pdfmark endps:SDict begin H.S endps:SDict begin 11 H.A endGps:SDict begin [ /View [/XYZ H.V] /Dest (738) cvn H.B /DEST pdfmark endNЍ0TheTCPconnectionentriescanbesortedbypressingtheSkey,thenbyselectinga 0sortcriterion.PressingSwilldisplayaboxshowingtheavailablesortcriteria.Press0Ptosortbypacketcount,Btosortbybytecount.Pressinganyotherkeycancelsthe0sort.7ps:SDict begin H.S endps:SDict begin 11 H.A endGps:SDict begin [ /View [/XYZ H.V] /Dest (739) cvn H.B /DEST pdfmark end 0The.^sortoperationcomparesthelargervaluesineachconnectionentrypairandsorts0thecountsindescendingorderB.ps:SDict begin H.S endps:SDict begin 11 H.A endGps:SDict begin [ /View [/XYZ H.V] /Dest (740) cvn H.B /DEST pdfmark end.0Over_time,theentrieswillgooutoforderascountsproceedatvaryingrates.Sorting0isnotdoneautomaticallysoasnottodegradeperformanceandaccuracy.ps:SDict begin H.S endps:SDict begin 11 H.A endGps:SDict begin [ /View [/XYZ H.V] /Dest (741) cvn H.B /DEST pdfmark endps:SDict begin H.S endps:SDict begin 11 H.A endGps:SDict begin [ /View [/XYZ H.V] /Dest (743) cvn H.B /DEST pdfmark endME0Mps: currentpoint currentpoint translate 1 1 scale neg exch neg exch translate?PSfile="iptraf-iptmsort.eps" llx=0 lly=0 urx=72 ury=72 rwi=720 Yps: currentpoint currentpoint translate 1 1 div 1 1 div scale neg exch neg exch translate0Figure3-2.TheIPtracmonitorsortcriteria0`color push Black25 color pop;`⟷ps:SDict begin /product where{pop product(Distiller)search{pop pop pop version(.)search{exch pop exch pop(3011)eq{gsave newpath 0 0 moveto closepath clip/Courier findfont 10 scalefont setfont 72 72 moveto(.)show grestore}if}{pop}ifelse}{pop}ifelse}if end 0`color push Blackcolor push gray 0ps:SDict begin H.S endcolor push gray 0 color popps:SDict begin H.R endKps:SDict begin [ /View [/XYZ H.V] /Dest (page.26) cvn H.B /DEST pdfmark end color popfdps:SDict begin H.S endps:SDict begin 11 H.A endGps:SDict begin [ /View [/XYZ H.V] /Dest (814) cvn H.B /DEST pdfmark endfdChapter3.TheIPTracMonitor color pop`ps:SDict begin H.S endps:SDict begin 11 H.A endLps:SDict begin [ /View [/XYZ H.V] /Dest (LOWERWIN) cvn H.B /DEST pdfmark end Lower6Windowps:SDict begin H.S endps:SDict begin 14.641 H.A endJps:SDict begin [ /View [/XYZ H.V] /Dest (5.15.1) cvn H.B /DEST pdfmark end@ps:SDict begin H.S endps:SDict begin 11 H.A endGps:SDict begin [ /View [/XYZ H.V] /Dest (746) cvn H.B /DEST pdfmark end n0Thelowerwindowdisplaysinformationabouttheothertypesoftraconyournet- 0work.Thefollowingprotocolsaredetectedinternally:ps:SDict begin H.S endps:SDict begin 11 H.A endGps:SDict begin [ /View [/XYZ H.V] /Dest (747) cvn H.B /DEST pdfmark endps:SDict begin H.S endps:SDict begin 11 H.A endGps:SDict begin [ /View [/XYZ H.V] /Dest (748) cvn H.B /DEST pdfmark end.0color push Blackˀ color pop:ps:SDict begin H.S endps:SDict begin 11 H.A endGps:SDict begin [ /View [/XYZ H.V] /Dest (749) cvn H.B /DEST pdfmark endUserDatagramProtocol(UDP)ps:SDict begin H.S endps:SDict begin 11 H.A endGps:SDict begin [ /View [/XYZ H.V] /Dest (750) cvn H.B /DEST pdfmark end.0color push Blackˀ color pop:ps:SDict begin H.S endps:SDict begin 11 H.A endGps:SDict begin [ /View [/XYZ H.V] /Dest (751) cvn H.B /DEST pdfmark endInternetControlMessageProtocol(ICMP)ps:SDict begin H.S endps:SDict begin 11 H.A endGps:SDict begin [ /View [/XYZ H.V] /Dest (752) cvn H.B /DEST pdfmark end0color push Blackˀ color pop:ps:SDict begin H.S endps:SDict begin 11 H.A endGps:SDict begin [ /View [/XYZ H.V] /Dest (753) cvn H.B /DEST pdfmark endOpenShortest-PathFirst(OSPF)ps:SDict begin H.S endps:SDict begin 11 H.A endGps:SDict begin [ /View [/XYZ H.V] /Dest (754) cvn H.B /DEST pdfmark end0color push Blackˀ color pop:ps:SDict begin H.S endps:SDict begin 11 H.A endGps:SDict begin [ /View [/XYZ H.V] /Dest (755) cvn H.B /DEST pdfmark endInteriorGatewayRoutingProtocol(IGRP)ps:SDict begin H.S endps:SDict begin 11 H.A endGps:SDict begin [ /View [/XYZ H.V] /Dest (756) cvn H.B /DEST pdfmark end0color push Blackˀ color pop:ps:SDict begin H.S endps:SDict begin 11 H.A endGps:SDict begin [ /View [/XYZ H.V] /Dest (757) cvn H.B /DEST pdfmark endInteriorGatewayProtocol(IGP)ps:SDict begin H.S endps:SDict begin 11 H.A endGps:SDict begin [ /View [/XYZ H.V] /Dest (758) cvn H.B /DEST pdfmark end0color push Blackˀ color pop:ps:SDict begin H.S endps:SDict begin 11 H.A endGps:SDict begin [ /View [/XYZ H.V] /Dest (759) cvn H.B /DEST pdfmark endInternetGroupManagementProtocol(IGMP)ps:SDict begin H.S endps:SDict begin 11 H.A endGps:SDict begin [ /View [/XYZ H.V] /Dest (760) cvn H.B /DEST pdfmark end0color push Blackˀ color pop:ps:SDict begin H.S endps:SDict begin 11 H.A endGps:SDict begin [ /View [/XYZ H.V] /Dest (761) cvn H.B /DEST pdfmark endGeneralRoutingEncapsulation(GRE)ps:SDict begin H.S endps:SDict begin 11 H.A endGps:SDict begin [ /View [/XYZ H.V] /Dest (762) cvn H.B /DEST pdfmark end0color push Blackˀ color pop:ps:SDict begin H.S endps:SDict begin 11 H.A endGps:SDict begin [ /View [/XYZ H.V] /Dest (763) cvn H.B /DEST pdfmark endLayer2TunnelingProtocol(L2TP)ps:SDict begin H.S endps:SDict begin 11 H.A endGps:SDict begin [ /View [/XYZ H.V] /Dest (764) cvn H.B /DEST pdfmark end0color push Blackˀ color pop:ps:SDict begin H.S endps:SDict begin 11 H.A endGps:SDict begin [ /View [/XYZ H.V] /Dest (765) cvn H.B /DEST pdfmark endIPSecAHandESPprotocols(IPSecAHandIPSecESP)ps:SDict begin H.S endps:SDict begin 11 H.A endGps:SDict begin [ /View [/XYZ H.V] /Dest (766) cvn H.B /DEST pdfmark end0color push Blackˀ color pop:ps:SDict begin H.S endps:SDict begin 11 H.A endGps:SDict begin [ /View [/XYZ H.V] /Dest (767) cvn H.B /DEST pdfmark endAddressResolutionProtocol(ARP)Pps:SDict begin H.S endps:SDict begin 11 H.A endGps:SDict begin [ /View [/XYZ H.V] /Dest (768) cvn H.B /DEST pdfmark end簍0color push Blackˀ color pop:ps:SDict begin H.S endps:SDict begin 11 H.A endGps:SDict begin [ /View [/XYZ H.V] /Dest (769) cvn H.B /DEST pdfmark endReverseAddressResolutionProtocol(RARP)Pps:SDict begin H.S endps:SDict begin 11 H.A endGps:SDict begin [ /View [/XYZ H.V] /Dest (770) cvn H.B /DEST pdfmark end0OtherÔIPAprotocolsarelookedupfromtheps:SDict begin H.S endps:SDict begin 11 H.A endGps:SDict begin [ /View [/XYZ H.V] /Dest (771) cvn H.B /DEST pdfmark end/etc/servicesle.Ifps:SDict begin H.S endps:SDict begin 11 H.A endGps:SDict begin [ /View [/XYZ H.V] /Dest (772) cvn H.B /DEST pdfmark end/etc/services 0doesn'tcontaininformationaboutthatprotocol,theprotocolnumberisindicated.ps:SDict begin H.S endps:SDict begin 11 H.A endGps:SDict begin [ /View [/XYZ H.V] /Dest (773) cvn H.B /DEST pdfmark end0Non-IPpacketsareindicatedasps:SDict begin H.S endps:SDict begin 11 H.A endGps:SDict begin [ /View [/XYZ H.V] /Dest (774) cvn H.B /DEST pdfmark endNon-IPinthelowerwindow.ps:SDict begin H.S endps:SDict begin 9.9 H.A endGps:SDict begin [ /View [/XYZ H.V] /Dest (775) cvn H.B /DEST pdfmark endps:SDict begin H.S endps:SDict begin 9.9 H.A endGps:SDict begin [ /View [/XYZ H.V] /Dest (777) cvn H.B /DEST pdfmark end~DNote:reThesourceanddestinationaddressesforARPr'andRARPentr"iesareMACad- fDdressesv.zps:SDict begin H.S endps:SDict begin 9.9 H.A endGps:SDict begin [ /View [/XYZ H.V] /Dest (778) cvn H.B /DEST pdfmark end 썑DStr"ictly@speaking,ARP@dandRARPpackets@aren'tIPpacketsv,@sincetheyarenotencap-Dsulated inanIP datagram. They'rejustindicatedbecausetheyareintegral toproperIPDoperation}onLANsv. ps:SDict begin H.S endps:SDict begin 11 H.A endGps:SDict begin [ /View [/XYZ H.V] /Dest (779) cvn H.B /DEST pdfmark end 0ForAallpacketsinthelowerwindow,onlytherstIPAfragmentisindicated(sincethat0containsitheheaderoftheIP-encapsulatedprotocol)butwithnofurtherinformation0fromtheencapsulatedprotocol.ps:SDict begin H.S endps:SDict begin 11 H.A endGps:SDict begin [ /View [/XYZ H.V] /Dest (780) cvn H.B /DEST pdfmark end0UDPpacketsJarealsodisplayedinps:SDict begin H.S endps:SDict begin 11 H.A endGps:SDict begin [ /View [/XYZ H.V] /Dest (781) cvn H.B /DEST pdfmark endps:SDict begin H.S endps:SDict begin 11 H.A endGps:SDict begin [ /View [/XYZ H.V] /Dest (782) cvn H.B /DEST pdfmark endaddress:ps:SDict begin H.S endps:SDict begin 11 H.A endGps:SDict begin [ /View [/XYZ H.V] /Dest (783) cvn H.B /DEST pdfmark endportformatwhileICMPentriesalso0contain]?theICMP]messagetype.Foreasierlocation,eachtypeofprotocoliscolor-0coded(onlyoncolorterminalssuchastheLinuxconsole).ps:SDict begin H.S endps:SDict begin 11 H.A endGps:SDict begin [ /View [/XYZ H.V] /Dest (784) cvn H.B /DEST pdfmark endps:SDict begin H.S endps:SDict begin 11 H.A endGps:SDict begin [ /View [/XYZ H.V] /Dest (786) cvn H.B /DEST pdfmark end0UDP7ps:SDict begin H.S endps:SDict begin 11 H.A endGps:SDict begin [ /View [/XYZ H.V] /Dest (787) cvn H.B /DEST pdfmark end0color push Black color popDps:SDict begin H.S endps:SDict begin 11 H.A endGps:SDict begin [ /View [/XYZ H.V] /Dest (788) cvn H.B /DEST pdfmark endRedonWhite 7ps:SDict begin H.S endps:SDict begin 11 H.A endGps:SDict begin [ /View [/XYZ H.V] /Dest (790) cvn H.B /DEST pdfmark end 0ICMPps:SDict begin H.S endps:SDict begin 11 H.A endGps:SDict begin [ /View [/XYZ H.V] /Dest (791) cvn H.B /DEST pdfmark end0color push Black color popDps:SDict begin H.S endps:SDict begin 11 H.A endGps:SDict begin [ /View [/XYZ H.V] /Dest (792) cvn H.B /DEST pdfmark endYellowonBlue 7ps:SDict begin H.S endps:SDict begin 11 H.A endGps:SDict begin [ /View [/XYZ H.V] /Dest (794) cvn H.B /DEST pdfmark end 0OSPFps:SDict begin H.S endps:SDict begin 11 H.A endGps:SDict begin [ /View [/XYZ H.V] /Dest (795) cvn H.B /DEST pdfmark end0color push Black color popDps:SDict begin H.S endps:SDict begin 11 H.A endGps:SDict begin [ /View [/XYZ H.V] /Dest (796) cvn H.B /DEST pdfmark endBlackonCyan ps:SDict begin H.S endps:SDict begin 11 H.A endGps:SDict begin [ /View [/XYZ H.V] /Dest (798) cvn H.B /DEST pdfmark end.0IGRPps:SDict begin H.S endps:SDict begin 11 H.A endGps:SDict begin [ /View [/XYZ H.V] /Dest (799) cvn H.B /DEST pdfmark end0color push Black color popDps:SDict begin H.S endps:SDict begin 11 H.A endGps:SDict begin [ /View [/XYZ H.V] /Dest (800) cvn H.B /DEST pdfmark endBrightwhiteonCyan ps:SDict begin H.S endps:SDict begin 11 H.A endGps:SDict begin [ /View [/XYZ H.V] /Dest (802) cvn H.B /DEST pdfmark end.0IGPps:SDict begin H.S endps:SDict begin 11 H.A endGps:SDict begin [ /View [/XYZ H.V] /Dest (803) cvn H.B /DEST pdfmark end0color push Black color popDps:SDict begin H.S endps:SDict begin 11 H.A endGps:SDict begin [ /View [/XYZ H.V] /Dest (804) cvn H.B /DEST pdfmark endRedonCyan ps:SDict begin H.S endps:SDict begin 11 H.A endGps:SDict begin [ /View [/XYZ H.V] /Dest (806) cvn H.B /DEST pdfmark end.0IGMPps:SDict begin H.S endps:SDict begin 11 H.A endGps:SDict begin [ /View [/XYZ H.V] /Dest (807) cvn H.B /DEST pdfmark end0color push Black color popDps:SDict begin H.S endps:SDict begin 11 H.A endGps:SDict begin [ /View [/XYZ H.V] /Dest (808) cvn H.B /DEST pdfmark endBrightgreenonBlue0`color push Black26 color pop;y⟷ps:SDict begin /product where{pop product(Distiller)search{pop pop pop version(.)search{exch pop exch pop(3011)eq{gsave newpath 0 0 moveto closepath clip/Courier findfont 10 scalefont setfont 72 72 moveto(.)show grestore}if}{pop}ifelse}{pop}ifelse}if end 0`color push Blackcolor push gray 0ps:SDict begin H.S endcolor push gray 0 color popps:SDict begin H.R endKps:SDict begin [ /View [/XYZ H.V] /Dest (page.27) cvn H.B /DEST pdfmark end color popfdps:SDict begin H.S endps:SDict begin 11 H.A endGps:SDict begin [ /View [/XYZ H.V] /Dest (862) cvn H.B /DEST pdfmark endfdZChapter3.TheIPTracMonitor color pop`ps:SDict begin H.S endps:SDict begin 11 H.A endGps:SDict begin [ /View [/XYZ H.V] /Dest (810) cvn H.B /DEST pdfmark end 0GRE7ps:SDict begin H.S endps:SDict begin 11 H.A endGps:SDict begin [ /View [/XYZ H.V] /Dest (811) cvn H.B /DEST pdfmark end0color push Black color popDps:SDict begin H.S endps:SDict begin 11 H.A endGps:SDict begin [ /View [/XYZ H.V] /Dest (812) cvn H.B /DEST pdfmark endBlueonwhite0ARPps:SDict begin H.S endps:SDict begin 11 H.A endGps:SDict begin [ /View [/XYZ H.V] /Dest (815) cvn H.B /DEST pdfmark endU0color push Black color popDps:SDict begin H.S endps:SDict begin 11 H.A endGps:SDict begin [ /View [/XYZ H.V] /Dest (816) cvn H.B /DEST pdfmark endBrightwhiteonRed ps:SDict begin H.S endps:SDict begin 11 H.A endGps:SDict begin [ /View [/XYZ H.V] /Dest (818) cvn H.B /DEST pdfmark end.0RARPps:SDict begin H.S endps:SDict begin 11 H.A endGps:SDict begin [ /View [/XYZ H.V] /Dest (819) cvn H.B /DEST pdfmark end0color push Black color popDps:SDict begin H.S endps:SDict begin 11 H.A endGps:SDict begin [ /View [/XYZ H.V] /Dest (820) cvn H.B /DEST pdfmark endBrightwhiteonRed ps:SDict begin H.S endps:SDict begin 11 H.A endGps:SDict begin [ /View [/XYZ H.V] /Dest (822) cvn H.B /DEST pdfmark end.0OtherIP7ps:SDict begin H.S endps:SDict begin 11 H.A endGps:SDict begin [ /View [/XYZ H.V] /Dest (823) cvn H.B /DEST pdfmark end0color push Black color popDps:SDict begin H.S endps:SDict begin 11 H.A endGps:SDict begin [ /View [/XYZ H.V] /Dest (824) cvn H.B /DEST pdfmark endYellowonred 7ps:SDict begin H.S endps:SDict begin 11 H.A endGps:SDict begin [ /View [/XYZ H.V] /Dest (826) cvn H.B /DEST pdfmark end 0Non-IPps:SDict begin H.S endps:SDict begin 11 H.A endGps:SDict begin [ /View [/XYZ H.V] /Dest (827) cvn H.B /DEST pdfmark end0color push Black color popDps:SDict begin H.S endps:SDict begin 11 H.A endGps:SDict begin [ /View [/XYZ H.V] /Dest (828) cvn H.B /DEST pdfmark endYellowonRed7ps:SDict begin H.S endps:SDict begin 11 H.A endGps:SDict begin [ /View [/XYZ H.V] /Dest (829) cvn H.B /DEST pdfmark end 0Thelowerwindowcanholdupto512entries.Youcanscrollthelowerwindowbyus- 0ing[theW[zkeytomovetheActiveindicatortoit,andbyusingtheUpandDowncur-0sorzkeys.Thelowerwindowautomaticallyscrollseverytimeanewentryisadded,0and8eithertherstentryorlastentryisvisible.Uponreaching512entries,oldentries0arethrownoutasnewentriesareadded.ps:SDict begin H.S endps:SDict begin 11 H.A endGps:SDict begin [ /View [/XYZ H.V] /Dest (830) cvn H.B /DEST pdfmark end 0Someentriesmaybetoolongtocompletelytinascreenline.Youcanusethe0Left UandRightcursorkeystoverticallyscrollthelowerwindowwhenitismarked0ps:SDict begin H.S endps:SDict begin 11 H.A endGps:SDict begin [ /View [/XYZ H.V] /Dest (831) cvn H.B /DEST pdfmark endActive.4]Ifyourterminalcanberesized(e.g.xterm),youmaydosobeforestarting0IPTraf.ps:SDict begin H.S endps:SDict begin 11 H.A endGps:SDict begin [ /View [/XYZ H.V] /Dest (832) cvn H.B /DEST pdfmark end U0Entries| forpacketsreceivedonLAN|interfacesalsoincludethesourceMAC|address0ofGtheLAN*hostwhichdeliveredit.ThisbehaviorisenabledbyturningontheSource0MACaddrsintracmonitortoggleintheps:SDict begin H.S endps:SDict begin 11 H.A endGps:SDict begin [ /View [/XYZ H.V] /Dest (833) cvn H.B /DEST pdfmark endcolor push gray 0ps:SDict begin H.S endCongure...ps:SDict begin 11 H.L endlps:SDict begin [ /Subtype /Link /Dest (CONFIG) cvn /H /I /Border [0 0 0] /Color [1 0 0] H.B /ANN pdfmark end color pop2menu.ps:SDict begin H.S endps:SDict begin 11 H.A endGps:SDict begin [ /View [/XYZ H.V] /Dest (835) cvn H.B /DEST pdfmark endEntry]Detailsps:SDict begin H.S endps:SDict begin 13.31 H.A endLps:SDict begin [ /View [/XYZ H.V] /Dest (5.15.7.2) cvn H.B /DEST pdfmark endps:SDict begin H.S endps:SDict begin 11 H.A endGps:SDict begin [ /View [/XYZ H.V] /Dest (837) cvn H.B /DEST pdfmark end~Ѝ0Inkgeneral,theentriesinthelowerwindowindicatetheprotocol,theIPkcdatagram0size]o(fullframesizefornon-IP,includingARP]6andRARP),thesourceaddress,the0destination: address,andthenetworkinterfacethepacketwasdetectedon.HoweverB,0someprotocolshavealittlemoreinformation.ps:SDict begin H.S endps:SDict begin 11 H.A endGps:SDict begin [ /View [/XYZ H.V] /Dest (838) cvn H.B /DEST pdfmark end0ICMPps:SDict begin H.S endps:SDict begin 12.1 H.A endNps:SDict begin [ /View [/XYZ H.V] /Dest (5.15.7.4.3) cvn H.B /DEST pdfmark end.ps:SDict begin H.S endps:SDict begin 11 H.A endGps:SDict begin [ /View [/XYZ H.V] /Dest (840) cvn H.B /DEST pdfmark end ҍ0ICMPentriesaredisplayedinthisformat: ps:SDict begin H.S endps:SDict begin 9.9 H.A endGps:SDict begin [ /View [/XYZ H.V] /Dest (841) cvn H.B /DEST pdfmark end~0ICMPffps:SDict begin H.S endps:SDict begin 9.9 H.A endGps:SDict begin [ /View [/XYZ H.V] /Dest (842) cvn H.B /DEST pdfmark endtype[(ps:SDict begin H.S endps:SDict begin 9.9 H.A endGps:SDict begin [ /View [/XYZ H.V] /Dest (843) cvn H.B /DEST pdfmark endsubtype)](ps:SDict begin H.S endps:SDict begin 9.9 H.A endGps:SDict begin [ /View [/XYZ H.V] /Dest (844) cvn H.B /DEST pdfmark endsizebytes)fromps:SDict begin H.S endps:SDict begin 9.9 H.A endGps:SDict begin [ /View [/XYZ H.V] /Dest (845) cvn H.B /DEST pdfmark endsourcetops:SDict begin H.S endps:SDict begin 9.9 H.A endGps:SDict begin [ /View [/XYZ H.V] /Dest (846) cvn H.B /DEST pdfmark enddestination f0[(srcffHWaddrps:SDict begin H.S endps:SDict begin 9.9 H.A endGps:SDict begin [ /View [/XYZ H.V] /Dest (847) cvn H.B /DEST pdfmark endsrcMACaddress)]onps:SDict begin H.S endps:SDict begin 9.9 H.A endGps:SDict begin [ /View [/XYZ H.V] /Dest (848) cvn H.B /DEST pdfmark endinterface ps:SDict begin H.S endps:SDict begin 11 H.A endGps:SDict begin [ /View [/XYZ H.V] /Dest (849) cvn H.B /DEST pdfmark end s0wheretypecouldbeanyofthefollowing:ps:SDict begin H.S endps:SDict begin 11 H.A endGps:SDict begin [ /View [/XYZ H.V] /Dest (850) cvn H.B /DEST pdfmark endps:SDict begin H.S endps:SDict begin 11 H.A endGps:SDict begin [ /View [/XYZ H.V] /Dest (852) cvn H.B /DEST pdfmark endps:SDict begin H.S endps:SDict begin 11 H.A endGps:SDict begin [ /View [/XYZ H.V] /Dest (853) cvn H.B /DEST pdfmark end.0echoffreq,echorplyips:SDict begin H.S endps:SDict begin 11 H.A endGps:SDict begin [ /View [/XYZ H.V] /Dest (854) cvn H.B /DEST pdfmark endI0color push Black color popDps:SDict begin H.S endps:SDict begin 11 H.A endGps:SDict begin [ /View [/XYZ H.V] /Dest (855) cvn H.B /DEST pdfmark endICMPechorequestandreply.UsuallyusedbythepingprogramandotherDnetworkmonitoringanddiagnosticprogram. ps:SDict begin H.S endps:SDict begin 11 H.A endGps:SDict begin [ /View [/XYZ H.V] /Dest (857) cvn H.B /DEST pdfmark endps:SDict begin H.S endps:SDict begin 11 H.A endGps:SDict begin [ /View [/XYZ H.V] /Dest (858) cvn H.B /DEST pdfmark end0destffunrch0`ps:SDict begin H.S endps:SDict begin 11 H.A endGps:SDict begin [ /View [/XYZ H.V] /Dest (859) cvn H.B /DEST pdfmark endϠ0color push Black color popDps:SDict begin H.S endps:SDict begin 11 H.A endGps:SDict begin [ /View [/XYZ H.V] /Dest (860) cvn H.B /DEST pdfmark end(ICMP(destinationunreachable.Somethingfailedtoreachitstarget.Thedestun-Dreachtypeissupplementedwithafurtherindicatoroftheproblem.Destination0`color push Black27 color pop;⟷ps:SDict begin /product where{pop product(Distiller)search{pop pop pop version(.)search{exch pop exch pop(3011)eq{gsave newpath 0 0 moveto closepath clip/Courier findfont 10 scalefont setfont 72 72 moveto(.)show grestore}if}{pop}ifelse}{pop}ifelse}if end 0`color push Blackcolor push gray 0ps:SDict begin H.S endcolor push gray 0 color popps:SDict begin H.R endKps:SDict begin [ /View [/XYZ H.V] /Dest (page.28) cvn H.B /DEST pdfmark end color popfdps:SDict begin H.S endps:SDict begin 11 H.A endGps:SDict begin [ /View [/XYZ H.V] /Dest (939) cvn H.B /DEST pdfmark endfdChapter3.TheIPTracMonitor color popunreachableemessagesforTCPetraccausesthecorrespondingTCPeentryinthe upperwindowtobemadeavailableforreusebynewconnections.redirct`0`ps:SDict begin H.S endps:SDict begin 11 H.A endGps:SDict begin [ /View [/XYZ H.V] /Dest (864) cvn H.B /DEST pdfmark endϠ0color push Black color popDps:SDict begin H.S endps:SDict begin 11 H.A endGps:SDict begin [ /View [/XYZ H.V] /Dest (865) cvn H.B /DEST pdfmark endgTICMPgNredirect.UsuallygeneratedbyaroutertotellahostthatabettergatewayDisavailable. 7ps:SDict begin H.S endps:SDict begin 11 H.A endGps:SDict begin [ /View [/XYZ H.V] /Dest (867) cvn H.B /DEST pdfmark endps:SDict begin H.S endps:SDict begin 11 H.A endGps:SDict begin [ /View [/XYZ H.V] /Dest (868) cvn H.B /DEST pdfmark end 0srcffqnchips:SDict begin H.S endps:SDict begin 11 H.A endGps:SDict begin [ /View [/XYZ H.V] /Dest (869) cvn H.B /DEST pdfmark endI0color push Black color popDps:SDict begin H.S endps:SDict begin 11 H.A endGps:SDict begin [ /View [/XYZ H.V] /Dest (870) cvn H.B /DEST pdfmark endg)TheICMPfsourcequenchisusedtostopahostfromtransmitting.It'saowDcontrolmechanismforIP.ps:SDict begin H.S endps:SDict begin 11 H.A endGps:SDict begin [ /View [/XYZ H.V] /Dest (872) cvn H.B /DEST pdfmark endps:SDict begin H.S endps:SDict begin 11 H.A endGps:SDict begin [ /View [/XYZ H.V] /Dest (873) cvn H.B /DEST pdfmark end 0timeffexcd0`ps:SDict begin H.S endps:SDict begin 11 H.A endGps:SDict begin [ /View [/XYZ H.V] /Dest (874) cvn H.B /DEST pdfmark endϠ0color push Black color popDps:SDict begin H.S endps:SDict begin 11 H.A endGps:SDict begin [ /View [/XYZ H.V] /Dest (875) cvn H.B /DEST pdfmark endIndicatesapacket'stime-to-livevalueexpiredbeforeitgottoitsdestination.DMostlyk;happensifadestinationistoofaraway.Alsousedbythetraceroutepro-Dgram. ps:SDict begin H.S endps:SDict begin 11 H.A endGps:SDict begin [ /View [/XYZ H.V] /Dest (877) cvn H.B /DEST pdfmark endps:SDict begin H.S endps:SDict begin 11 H.A endGps:SDict begin [ /View [/XYZ H.V] /Dest (878) cvn H.B /DEST pdfmark end.0routerffadvps:SDict begin H.S endps:SDict begin 11 H.A endGps:SDict begin [ /View [/XYZ H.V] /Dest (879) cvn H.B /DEST pdfmark endϠ0color push Black color popDps:SDict begin H.S endps:SDict begin 11 H.A endGps:SDict begin [ /View [/XYZ H.V] /Dest (880) cvn H.B /DEST pdfmark endICMProuteradvertisement 7ps:SDict begin H.S endps:SDict begin 11 H.A endGps:SDict begin [ /View [/XYZ H.V] /Dest (882) cvn H.B /DEST pdfmark endps:SDict begin H.S endps:SDict begin 11 H.A endGps:SDict begin [ /View [/XYZ H.V] /Dest (883) cvn H.B /DEST pdfmark end 0routerffsolps:SDict begin H.S endps:SDict begin 11 H.A endGps:SDict begin [ /View [/XYZ H.V] /Dest (884) cvn H.B /DEST pdfmark end0color push Black color popDps:SDict begin H.S endps:SDict begin 11 H.A endGps:SDict begin [ /View [/XYZ H.V] /Dest (885) cvn H.B /DEST pdfmark endICMProutersolicitation 7ps:SDict begin H.S endps:SDict begin 11 H.A endGps:SDict begin [ /View [/XYZ H.V] /Dest (887) cvn H.B /DEST pdfmark endps:SDict begin H.S endps:SDict begin 11 H.A endGps:SDict begin [ /View [/XYZ H.V] /Dest (888) cvn H.B /DEST pdfmark end 0timestmpffreqips:SDict begin H.S endps:SDict begin 11 H.A endGps:SDict begin [ /View [/XYZ H.V] /Dest (889) cvn H.B /DEST pdfmark endI0color push Black color popDps:SDict begin H.S endps:SDict begin 11 H.A endGps:SDict begin [ /View [/XYZ H.V] /Dest (890) cvn H.B /DEST pdfmark endICMPtimestamprequest ps:SDict begin H.S endps:SDict begin 11 H.A endGps:SDict begin [ /View [/XYZ H.V] /Dest (892) cvn H.B /DEST pdfmark endps:SDict begin H.S endps:SDict begin 11 H.A endGps:SDict begin [ /View [/XYZ H.V] /Dest (893) cvn H.B /DEST pdfmark end.0timestmpffrepps:SDict begin H.S endps:SDict begin 11 H.A endGps:SDict begin [ /View [/XYZ H.V] /Dest (894) cvn H.B /DEST pdfmark end0color push Black color popDps:SDict begin H.S endps:SDict begin 11 H.A endGps:SDict begin [ /View [/XYZ H.V] /Dest (895) cvn H.B /DEST pdfmark endICMPtimestampreply ps:SDict begin H.S endps:SDict begin 11 H.A endGps:SDict begin [ /View [/XYZ H.V] /Dest (897) cvn H.B /DEST pdfmark endps:SDict begin H.S endps:SDict begin 11 H.A endGps:SDict begin [ /View [/XYZ H.V] /Dest (898) cvn H.B /DEST pdfmark end.0infoffreqps:SDict begin H.S endps:SDict begin 11 H.A endGps:SDict begin [ /View [/XYZ H.V] /Dest (899) cvn H.B /DEST pdfmark end0color push Black color popDps:SDict begin H.S endps:SDict begin 11 H.A endGps:SDict begin [ /View [/XYZ H.V] /Dest (900) cvn H.B /DEST pdfmark endICMPinformationrequest ps:SDict begin H.S endps:SDict begin 11 H.A endGps:SDict begin [ /View [/XYZ H.V] /Dest (902) cvn H.B /DEST pdfmark endps:SDict begin H.S endps:SDict begin 11 H.A endGps:SDict begin [ /View [/XYZ H.V] /Dest (903) cvn H.B /DEST pdfmark end.0infoffrepps:SDict begin H.S endps:SDict begin 11 H.A endGps:SDict begin [ /View [/XYZ H.V] /Dest (904) cvn H.B /DEST pdfmark end0color push Black color popDps:SDict begin H.S endps:SDict begin 11 H.A endGps:SDict begin [ /View [/XYZ H.V] /Dest (905) cvn H.B /DEST pdfmark endICMPinformationreply ps:SDict begin H.S endps:SDict begin 11 H.A endGps:SDict begin [ /View [/XYZ H.V] /Dest (907) cvn H.B /DEST pdfmark endps:SDict begin H.S endps:SDict begin 11 H.A endGps:SDict begin [ /View [/XYZ H.V] /Dest (908) cvn H.B /DEST pdfmark end.0addrffmaskreqps:SDict begin H.S endps:SDict begin 11 H.A endGps:SDict begin [ /View [/XYZ H.V] /Dest (909) cvn H.B /DEST pdfmark end0color push Black color popDps:SDict begin H.S endps:SDict begin 11 H.A endGps:SDict begin [ /View [/XYZ H.V] /Dest (910) cvn H.B /DEST pdfmark endICMPaddressmaskrequest ps:SDict begin H.S endps:SDict begin 11 H.A endGps:SDict begin [ /View [/XYZ H.V] /Dest (912) cvn H.B /DEST pdfmark endps:SDict begin H.S endps:SDict begin 11 H.A endGps:SDict begin [ /View [/XYZ H.V] /Dest (913) cvn H.B /DEST pdfmark end.0addrffmaskrepps:SDict begin H.S endps:SDict begin 11 H.A endGps:SDict begin [ /View [/XYZ H.V] /Dest (914) cvn H.B /DEST pdfmark end0color push Black color popDps:SDict begin H.S endps:SDict begin 11 H.A endGps:SDict begin [ /View [/XYZ H.V] /Dest (915) cvn H.B /DEST pdfmark endICMPaddressmaskreply ps:SDict begin H.S endps:SDict begin 11 H.A endGps:SDict begin [ /View [/XYZ H.V] /Dest (917) cvn H.B /DEST pdfmark endps:SDict begin H.S endps:SDict begin 11 H.A endGps:SDict begin [ /View [/XYZ H.V] /Dest (918) cvn H.B /DEST pdfmark end.0paramffprobps:SDict begin H.S endps:SDict begin 11 H.A endGps:SDict begin [ /View [/XYZ H.V] /Dest (919) cvn H.B /DEST pdfmark end0color push Black color popDps:SDict begin H.S endps:SDict begin 11 H.A endGps:SDict begin [ /View [/XYZ H.V] /Dest (920) cvn H.B /DEST pdfmark endICMPparameterproblem ps:SDict begin H.S endps:SDict begin 11 H.A endGps:SDict begin [ /View [/XYZ H.V] /Dest (922) cvn H.B /DEST pdfmark endps:SDict begin H.S endps:SDict begin 11 H.A endGps:SDict begin [ /View [/XYZ H.V] /Dest (923) cvn H.B /DEST pdfmark end.0bad/unknownps:SDict begin H.S endps:SDict begin 11 H.A endGps:SDict begin [ /View [/XYZ H.V] /Dest (924) cvn H.B /DEST pdfmark endJ0color push Black color popDps:SDict begin H.S endps:SDict begin 11 H.A endGps:SDict begin [ /View [/XYZ H.V] /Dest (925) cvn H.B /DEST pdfmark endAnunrecognizedICMPpacketwasreceived,orthepacketiscorrupted.ps:SDict begin H.S endps:SDict begin 11 H.A endGps:SDict begin [ /View [/XYZ H.V] /Dest (926) cvn H.B /DEST pdfmark end0The%destinationunreachablemessagealsoincludesinformationonthetypeoferror 0encountered.Herearethedestinationunreachablecodes:7ps:SDict begin H.S endps:SDict begin 11 H.A endGps:SDict begin [ /View [/XYZ H.V] /Dest (927) cvn H.B /DEST pdfmark endps:SDict begin H.S endps:SDict begin 11 H.A endGps:SDict begin [ /View [/XYZ H.V] /Dest (929) cvn H.B /DEST pdfmark endps:SDict begin H.S endps:SDict begin 11 H.A endGps:SDict begin [ /View [/XYZ H.V] /Dest (930) cvn H.B /DEST pdfmark end 0ntwk0`ps:SDict begin H.S endps:SDict begin 11 H.A endGps:SDict begin [ /View [/XYZ H.V] /Dest (931) cvn H.B /DEST pdfmark endϠ0color push Black color popDps:SDict begin H.S endps:SDict begin 11 H.A endGps:SDict begin [ /View [/XYZ H.V] /Dest (932) cvn H.B /DEST pdfmark endnetworkunreachable0`color push Black28 color pop;⟷ps:SDict begin /product where{pop product(Distiller)search{pop pop pop version(.)search{exch pop exch pop(3011)eq{gsave newpath 0 0 moveto closepath clip/Courier findfont 10 scalefont setfont 72 72 moveto(.)show grestore}if}{pop}ifelse}{pop}ifelse}if end 0`color push Blackcolor push gray 0ps:SDict begin H.S endcolor push gray 0 color popps:SDict begin H.R endKps:SDict begin [ /View [/XYZ H.V] /Dest (page.29) cvn H.B /DEST pdfmark end color popfdZChapter3.TheIPTracMonitor color pop`ps:SDict begin H.S endps:SDict begin 11 H.A endGps:SDict begin [ /View [/XYZ H.V] /Dest (934) cvn H.B /DEST pdfmark endps:SDict begin H.S endps:SDict begin 11 H.A endGps:SDict begin [ /View [/XYZ H.V] /Dest (935) cvn H.B /DEST pdfmark end 0host0`ps:SDict begin H.S endps:SDict begin 11 H.A endGps:SDict begin [ /View [/XYZ H.V] /Dest (936) cvn H.B /DEST pdfmark endϠ0color push Black color popDps:SDict begin H.S endps:SDict begin 11 H.A endGps:SDict begin [ /View [/XYZ H.V] /Dest (937) cvn H.B /DEST pdfmark endhostunreachable0protoips:SDict begin H.S endps:SDict begin 11 H.A endGps:SDict begin [ /View [/XYZ H.V] /Dest (941) cvn H.B /DEST pdfmark endI0color push Black color popDps:SDict begin H.S endps:SDict begin 11 H.A endGps:SDict begin [ /View [/XYZ H.V] /Dest (942) cvn H.B /DEST pdfmark endprotocolunreachable ps:SDict begin H.S endps:SDict begin 11 H.A endGps:SDict begin [ /View [/XYZ H.V] /Dest (944) cvn H.B /DEST pdfmark endps:SDict begin H.S endps:SDict begin 11 H.A endGps:SDict begin [ /View [/XYZ H.V] /Dest (945) cvn H.B /DEST pdfmark end.0portps:SDict begin H.S endps:SDict begin 11 H.A endGps:SDict begin [ /View [/XYZ H.V] /Dest (946) cvn H.B /DEST pdfmark end0color push Black color popDps:SDict begin H.S endps:SDict begin 11 H.A endGps:SDict begin [ /View [/XYZ H.V] /Dest (947) cvn H.B /DEST pdfmark endportunreachable ps:SDict begin H.S endps:SDict begin 11 H.A endGps:SDict begin [ /View [/XYZ H.V] /Dest (949) cvn H.B /DEST pdfmark endps:SDict begin H.S endps:SDict begin 11 H.A endGps:SDict begin [ /View [/XYZ H.V] /Dest (950) cvn H.B /DEST pdfmark end.0pktfffltrdps:SDict begin H.S endps:SDict begin 11 H.A endGps:SDict begin [ /View [/XYZ H.V] /Dest (951) cvn H.B /DEST pdfmark end0color push Black color popDps:SDict begin H.S endps:SDict begin 11 H.A endGps:SDict begin [ /View [/XYZ H.V] /Dest (952) cvn H.B /DEST pdfmark endpacketltered(normallybyanaccessruleonarouterorrewall) ps:SDict begin H.S endps:SDict begin 11 H.A endGps:SDict begin [ /View [/XYZ H.V] /Dest (954) cvn H.B /DEST pdfmark endps:SDict begin H.S endps:SDict begin 11 H.A endGps:SDict begin [ /View [/XYZ H.V] /Dest (955) cvn H.B /DEST pdfmark end.0DFffset0`ps:SDict begin H.S endps:SDict begin 11 H.A endGps:SDict begin [ /View [/XYZ H.V] /Dest (956) cvn H.B /DEST pdfmark endϠ0color push Black color popDps:SDict begin H.S endps:SDict begin 11 H.A endGps:SDict begin [ /View [/XYZ H.V] /Dest (957) cvn H.B /DEST pdfmark endthepackethastobefragmentedsomewhere,butitsdon'tfragment(DF)mbitis Dset. 7ps:SDict begin H.S endps:SDict begin 11 H.A endGps:SDict begin [ /View [/XYZ H.V] /Dest (959) cvn H.B /DEST pdfmark endps:SDict begin H.S endps:SDict begin 11 H.A endGps:SDict begin [ /View [/XYZ H.V] /Dest (960) cvn H.B /DEST pdfmark end 0srcffrtefailps:SDict begin H.S endps:SDict begin 11 H.A endGps:SDict begin [ /View [/XYZ H.V] /Dest (961) cvn H.B /DEST pdfmark end0color push Black color popDps:SDict begin H.S endps:SDict begin 11 H.A endGps:SDict begin [ /View [/XYZ H.V] /Dest (962) cvn H.B /DEST pdfmark endsourceroutefailed 7ps:SDict begin H.S endps:SDict begin 11 H.A endGps:SDict begin [ /View [/XYZ H.V] /Dest (964) cvn H.B /DEST pdfmark endps:SDict begin H.S endps:SDict begin 11 H.A endGps:SDict begin [ /View [/XYZ H.V] /Dest (965) cvn H.B /DEST pdfmark end 0srcffisltdps:SDict begin H.S endps:SDict begin 11 H.A endGps:SDict begin [ /View [/XYZ H.V] /Dest (966) cvn H.B /DEST pdfmark end0color push Black color popDps:SDict begin H.S endps:SDict begin 11 H.A endGps:SDict begin [ /View [/XYZ H.V] /Dest (967) cvn H.B /DEST pdfmark endsourceisolated(obsolete) Pps:SDict begin H.S endps:SDict begin 11 H.A endGps:SDict begin [ /View [/XYZ H.V] /Dest (969) cvn H.B /DEST pdfmark endps:SDict begin H.S endps:SDict begin 11 H.A endGps:SDict begin [ /View [/XYZ H.V] /Dest (970) cvn H.B /DEST pdfmark end簍0netffcommdeniedps:SDict begin H.S endps:SDict begin 11 H.A endGps:SDict begin [ /View [/XYZ H.V] /Dest (971) cvn H.B /DEST pdfmark end0color push Black color popDps:SDict begin H.S endps:SDict begin 11 H.A endGps:SDict begin [ /View [/XYZ H.V] /Dest (972) cvn H.B /DEST pdfmark endnetworkcommunicationdenied 7ps:SDict begin H.S endps:SDict begin 11 H.A endGps:SDict begin [ /View [/XYZ H.V] /Dest (974) cvn H.B /DEST pdfmark endps:SDict begin H.S endps:SDict begin 11 H.A endGps:SDict begin [ /View [/XYZ H.V] /Dest (975) cvn H.B /DEST pdfmark end 0hostffcommdeniedps:SDict begin H.S endps:SDict begin 11 H.A endGps:SDict begin [ /View [/XYZ H.V] /Dest (976) cvn H.B /DEST pdfmark end0color push Black color popDps:SDict begin H.S endps:SDict begin 11 H.A endGps:SDict begin [ /View [/XYZ H.V] /Dest (977) cvn H.B /DEST pdfmark endhostcommunicationdenied 7ps:SDict begin H.S endps:SDict begin 11 H.A endGps:SDict begin [ /View [/XYZ H.V] /Dest (979) cvn H.B /DEST pdfmark endps:SDict begin H.S endps:SDict begin 11 H.A endGps:SDict begin [ /View [/XYZ H.V] /Dest (980) cvn H.B /DEST pdfmark end 0netffunrchforTOSps:SDict begin H.S endps:SDict begin 11 H.A endGps:SDict begin [ /View [/XYZ H.V] /Dest (981) cvn H.B /DEST pdfmark end0color push Black color popDps:SDict begin H.S endps:SDict begin 11 H.A endGps:SDict begin [ /View [/XYZ H.V] /Dest (982) cvn H.B /DEST pdfmark endnetworkunreachableforspeciedIPtype-of-service ps:SDict begin H.S endps:SDict begin 11 H.A endGps:SDict begin [ /View [/XYZ H.V] /Dest (984) cvn H.B /DEST pdfmark endps:SDict begin H.S endps:SDict begin 11 H.A endGps:SDict begin [ /View [/XYZ H.V] /Dest (985) cvn H.B /DEST pdfmark end.0hostffunrchforTOSps:SDict begin H.S endps:SDict begin 11 H.A endGps:SDict begin [ /View [/XYZ H.V] /Dest (986) cvn H.B /DEST pdfmark end0color push Black color popDps:SDict begin H.S endps:SDict begin 11 H.A endGps:SDict begin [ /View [/XYZ H.V] /Dest (987) cvn H.B /DEST pdfmark endhostunreachableforspeciedIPtype-of-service ps:SDict begin H.S endps:SDict begin 11 H.A endGps:SDict begin [ /View [/XYZ H.V] /Dest (989) cvn H.B /DEST pdfmark endps:SDict begin H.S endps:SDict begin 11 H.A endGps:SDict begin [ /View [/XYZ H.V] /Dest (990) cvn H.B /DEST pdfmark end.0precffvioltnips:SDict begin H.S endps:SDict begin 11 H.A endGps:SDict begin [ /View [/XYZ H.V] /Dest (991) cvn H.B /DEST pdfmark endI0color push Black color popDps:SDict begin H.S endps:SDict begin 11 H.A endGps:SDict begin [ /View [/XYZ H.V] /Dest (992) cvn H.B /DEST pdfmark endprecedenceviolationps:SDict begin H.S endps:SDict begin 11 H.A endGps:SDict begin [ /View [/XYZ H.V] /Dest (994) cvn H.B /DEST pdfmark endps:SDict begin H.S endps:SDict begin 11 H.A endGps:SDict begin [ /View [/XYZ H.V] /Dest (995) cvn H.B /DEST pdfmark end0precffcutoffips:SDict begin H.S endps:SDict begin 11 H.A endGps:SDict begin [ /View [/XYZ H.V] /Dest (996) cvn H.B /DEST pdfmark endI0color push Black color popDps:SDict begin H.S endps:SDict begin 11 H.A endGps:SDict begin [ /View [/XYZ H.V] /Dest (997) cvn H.B /DEST pdfmark endprecedencecutops:SDict begin H.S endps:SDict begin 11 H.A endGps:SDict begin [ /View [/XYZ H.V] /Dest (999) cvn H.B /DEST pdfmark endps:SDict begin H.S endps:SDict begin 11 H.A endHps:SDict begin [ /View [/XYZ H.V] /Dest (1000) cvn H.B /DEST pdfmark end0destffnetunkn0`ps:SDict begin H.S endps:SDict begin 11 H.A endHps:SDict begin [ /View [/XYZ H.V] /Dest (1001) cvn H.B /DEST pdfmark endϠ0color push Black color popDps:SDict begin H.S endps:SDict begin 11 H.A endHps:SDict begin [ /View [/XYZ H.V] /Dest (1002) cvn H.B /DEST pdfmark enddestinationnetworkunknown 7ps:SDict begin H.S endps:SDict begin 11 H.A endHps:SDict begin [ /View [/XYZ H.V] /Dest (1004) cvn H.B /DEST pdfmark endps:SDict begin H.S endps:SDict begin 11 H.A endHps:SDict begin [ /View [/XYZ H.V] /Dest (1005) cvn H.B /DEST pdfmark end 0destffhostunknps:SDict begin H.S endps:SDict begin 11 H.A endHps:SDict begin [ /View [/XYZ H.V] /Dest (1006) cvn H.B /DEST pdfmark end0color push Black color popDps:SDict begin H.S endps:SDict begin 11 H.A endHps:SDict begin [ /View [/XYZ H.V] /Dest (1007) cvn H.B /DEST pdfmark enddestinationnetworkunknown7ps:SDict begin H.S endps:SDict begin 11 H.A endHps:SDict begin [ /View [/XYZ H.V] /Dest (1008) cvn H.B /DEST pdfmark end 0FormoreinformationonICMP,seeRFC792.ps:SDict begin H.S endps:SDict begin 11 H.A endHps:SDict begin [ /View [/XYZ H.V] /Dest (1009) cvn H.B /DEST pdfmark end0`color push Black29 color pop;\⟷ps:SDict begin /product where{pop product(Distiller)search{pop pop pop version(.)search{exch pop exch pop(3011)eq{gsave newpath 0 0 moveto closepath clip/Courier findfont 10 scalefont setfont 72 72 moveto(.)show grestore}if}{pop}ifelse}{pop}ifelse}if end 0`color push Blackcolor push gray 0ps:SDict begin H.S endcolor push gray 0 color popps:SDict begin H.R endKps:SDict begin [ /View [/XYZ H.V] /Dest (page.30) cvn H.B /DEST pdfmark end color popfdChapter3.TheIPTracMonitor color popOSPFps:SDict begin H.S endps:SDict begin 12.1 H.A endNps:SDict begin [ /View [/XYZ H.V] /Dest (5.15.7.5.3) cvn H.B /DEST pdfmark end`.ps:SDict begin H.S endps:SDict begin 11 H.A endHps:SDict begin [ /View [/XYZ H.V] /Dest (1011) cvn H.B /DEST pdfmark end ҍ0OSPFmessagesalsoincludealittlemoreinformation.TheformatofanOSPFmes- 0sageinthewindowis: ps:SDict begin H.S endps:SDict begin 9.9 H.A endHps:SDict begin [ /View [/XYZ H.V] /Dest (1012) cvn H.B /DEST pdfmark end~0OSPFffps:SDict begin H.S endps:SDict begin 9.9 H.A endHps:SDict begin [ /View [/XYZ H.V] /Dest (1013) cvn H.B /DEST pdfmark endtype(a=ps:SDict begin H.S endps:SDict begin 9.9 H.A endHps:SDict begin [ /View [/XYZ H.V] /Dest (1014) cvn H.B /DEST pdfmark endarear=ps:SDict begin H.S endps:SDict begin 9.9 H.A endHps:SDict begin [ /View [/XYZ H.V] /Dest (1015) cvn H.B /DEST pdfmark endrouterR)(ps:SDict begin H.S endps:SDict begin 9.9 H.A endHps:SDict begin [ /View [/XYZ H.V] /Dest (1016) cvn H.B /DEST pdfmark endsizebytes)fromps:SDict begin H.S endps:SDict begin 9.9 H.A endHps:SDict begin [ /View [/XYZ H.V] /Dest (1017) cvn H.B /DEST pdfmark endsourcetops:SDict begin H.S endps:SDict begin 9.9 H.A endHps:SDict begin [ /View [/XYZ H.V] /Dest (1018) cvn H.B /DEST pdfmark enddestination f0[(srcffHWaddrps:SDict begin H.S endps:SDict begin 9.9 H.A endHps:SDict begin [ /View [/XYZ H.V] /Dest (1019) cvn H.B /DEST pdfmark endsrcMACaddress)]onps:SDict begin H.S endps:SDict begin 9.9 H.A endHps:SDict begin [ /View [/XYZ H.V] /Dest (1020) cvn H.B /DEST pdfmark endinterface ps:SDict begin H.S endps:SDict begin 11 H.A endHps:SDict begin [ /View [/XYZ H.V] /Dest (1021) cvn H.B /DEST pdfmark end s0Thetypecanbeoneofthefollowing:ps:SDict begin H.S endps:SDict begin 11 H.A endHps:SDict begin [ /View [/XYZ H.V] /Dest (1022) cvn H.B /DEST pdfmark endps:SDict begin H.S endps:SDict begin 11 H.A endHps:SDict begin [ /View [/XYZ H.V] /Dest (1024) cvn H.B /DEST pdfmark endps:SDict begin H.S endps:SDict begin 11 H.A endHps:SDict begin [ /View [/XYZ H.V] /Dest (1025) cvn H.B /DEST pdfmark end.0hlo0`ps:SDict begin H.S endps:SDict begin 11 H.A endHps:SDict begin [ /View [/XYZ H.V] /Dest (1026) cvn H.B /DEST pdfmark endϠ0color push Black color popDps:SDict begin H.S endps:SDict begin 11 H.A endHps:SDict begin [ /View [/XYZ H.V] /Dest (1027) cvn H.B /DEST pdfmark end ۾OSPF hello.HellomessagesestablishOSPFcommunicationsandkeeproutersDinformedofeachotherp'spresence.ps:SDict begin H.S endps:SDict begin 11 H.A endHps:SDict begin [ /View [/XYZ H.V] /Dest (1029) cvn H.B /DEST pdfmark endps:SDict begin H.S endps:SDict begin 11 H.A endHps:SDict begin [ /View [/XYZ H.V] /Dest (1030) cvn H.B /DEST pdfmark end.0DBffdesc0`ps:SDict begin H.S endps:SDict begin 11 H.A endHps:SDict begin [ /View [/XYZ H.V] /Dest (1031) cvn H.B /DEST pdfmark endϠ0color push Black color popDps:SDict begin H.S endps:SDict begin 11 H.A endHps:SDict begin [ /View [/XYZ H.V] /Dest (1032) cvn H.B /DEST pdfmark endOSPFDatabaseDescriptionps:SDict begin H.S endps:SDict begin 11 H.A endHps:SDict begin [ /View [/XYZ H.V] /Dest (1034) cvn H.B /DEST pdfmark endps:SDict begin H.S endps:SDict begin 11 H.A endHps:SDict begin [ /View [/XYZ H.V] /Dest (1035) cvn H.B /DEST pdfmark end0LSR0`ps:SDict begin H.S endps:SDict begin 11 H.A endHps:SDict begin [ /View [/XYZ H.V] /Dest (1036) cvn H.B /DEST pdfmark endϠ0color push Black color popDps:SDict begin H.S endps:SDict begin 11 H.A endHps:SDict begin [ /View [/XYZ H.V] /Dest (1037) cvn H.B /DEST pdfmark endOSPFLinkStateRequestps:SDict begin H.S endps:SDict begin 11 H.A endHps:SDict begin [ /View [/XYZ H.V] /Dest (1039) cvn H.B /DEST pdfmark endps:SDict begin H.S endps:SDict begin 11 H.A endHps:SDict begin [ /View [/XYZ H.V] /Dest (1040) cvn H.B /DEST pdfmark end0LSU0`ps:SDict begin H.S endps:SDict begin 11 H.A endHps:SDict begin [ /View [/XYZ H.V] /Dest (1041) cvn H.B /DEST pdfmark endϠ0color push Black color popDps:SDict begin H.S endps:SDict begin 11 H.A endHps:SDict begin [ /View [/XYZ H.V] /Dest (1042) cvn H.B /DEST pdfmark endM!OSPFLLinkStateUpdate.MessagesindicatingthestatesoftheOSPFnetwork Dlinks 7ps:SDict begin H.S endps:SDict begin 11 H.A endHps:SDict begin [ /View [/XYZ H.V] /Dest (1044) cvn H.B /DEST pdfmark endps:SDict begin H.S endps:SDict begin 11 H.A endHps:SDict begin [ /View [/XYZ H.V] /Dest (1045) cvn H.B /DEST pdfmark end 0LSAps:SDict begin H.S endps:SDict begin 11 H.A endHps:SDict begin [ /View [/XYZ H.V] /Dest (1046) cvn H.B /DEST pdfmark end0color push Black color popDps:SDict begin H.S endps:SDict begin 11 H.A endHps:SDict begin [ /View [/XYZ H.V] /Dest (1047) cvn H.B /DEST pdfmark endOSPFLinkStateAcknowledgmentps:SDict begin H.S endps:SDict begin 11 H.A endHps:SDict begin [ /View [/XYZ H.V] /Dest (1048) cvn H.B /DEST pdfmark end.0Theentriesinparentheses:ps:SDict begin H.S endps:SDict begin 11 H.A endHps:SDict begin [ /View [/XYZ H.V] /Dest (1049) cvn H.B /DEST pdfmark endps:SDict begin H.S endps:SDict begin 11 H.A endHps:SDict begin [ /View [/XYZ H.V] /Dest (1051) cvn H.B /DEST pdfmark endps:SDict begin H.S endps:SDict begin 11 H.A endHps:SDict begin [ /View [/XYZ H.V] /Dest (1052) cvn H.B /DEST pdfmark end0a=ps:SDict begin H.S endps:SDict begin 11 H.A endHps:SDict begin [ /View [/XYZ H.V] /Dest (1053) cvn H.B /DEST pdfmark endarea0`ps:SDict begin H.S endps:SDict begin 11 H.A endHps:SDict begin [ /View [/XYZ H.V] /Dest (1054) cvn H.B /DEST pdfmark end0color push Black color popDps:SDict begin H.S endps:SDict begin 11 H.A endHps:SDict begin [ /View [/XYZ H.V] /Dest (1055) cvn H.B /DEST pdfmark endTheareanumberoftheOSPFmessage ps:SDict begin H.S endps:SDict begin 11 H.A endHps:SDict begin [ /View [/XYZ H.V] /Dest (1057) cvn H.B /DEST pdfmark endps:SDict begin H.S endps:SDict begin 11 H.A endHps:SDict begin [ /View [/XYZ H.V] /Dest (1058) cvn H.B /DEST pdfmark end0r=ps:SDict begin H.S endps:SDict begin 11 H.A endHps:SDict begin [ /View [/XYZ H.V] /Dest (1059) cvn H.B /DEST pdfmark endrouter0`ps:SDict begin H.S endps:SDict begin 11 H.A endHps:SDict begin [ /View [/XYZ H.V] /Dest (1060) cvn H.B /DEST pdfmark end0color push Black color popDps:SDict begin H.S endps:SDict begin 11 H.A endHps:SDict begin [ /View [/XYZ H.V] /Dest (1061) cvn H.B /DEST pdfmark end_TheIP_addressoftherouterthatgeneratedthemessage.Itisnotnecessarilythe DsameasthesourceaddressoftheencapsulatingIPpacket.ps:SDict begin H.S endps:SDict begin 11 H.A endHps:SDict begin [ /View [/XYZ H.V] /Dest (1062) cvn H.B /DEST pdfmark end0Manytimes,thedestinationaddressesforOSPF3packetsareclassD3multicastad-0dressessinstandarddotteddecimalnotationor(ifreverselookupisenabled),hosts0undertheps:SDict begin H.S endps:SDict begin 11 H.A endHps:SDict begin [ /View [/XYZ H.V] /Dest (1063) cvn H.B /DEST pdfmark endMCAST.NETdomain.Suchmulticastaddressesaredenedasfollows:7ps:SDict begin H.S endps:SDict begin 11 H.A endHps:SDict begin [ /View [/XYZ H.V] /Dest (1064) cvn H.B /DEST pdfmark endps:SDict begin H.S endps:SDict begin 11 H.A endHps:SDict begin [ /View [/XYZ H.V] /Dest (1066) cvn H.B /DEST pdfmark endps:SDict begin H.S endps:SDict begin 11 H.A endHps:SDict begin [ /View [/XYZ H.V] /Dest (1067) cvn H.B /DEST pdfmark end 0224.0.0.5ff(OSPF-ALL.MCAST.NET) ps:SDict begin H.S endps:SDict begin 11 H.A endHps:SDict begin [ /View [/XYZ H.V] /Dest (1068) cvn H.B /DEST pdfmark ends0color push Black color popDps:SDict begin H.S endps:SDict begin 11 H.A endHps:SDict begin [ /View [/XYZ H.V] /Dest (1069) cvn H.B /DEST pdfmark endOSPFallrouters 7ps:SDict begin H.S endps:SDict begin 11 H.A endHps:SDict begin [ /View [/XYZ H.V] /Dest (1071) cvn H.B /DEST pdfmark endps:SDict begin H.S endps:SDict begin 11 H.A endHps:SDict begin [ /View [/XYZ H.V] /Dest (1072) cvn H.B /DEST pdfmark end0224.0.0.6ff(OSPF-DSIG.MCAST.NET)ps:SDict begin H.S endps:SDict begin 11 H.A endHps:SDict begin [ /View [/XYZ H.V] /Dest (1073) cvn H.B /DEST pdfmark ends0color push Black color popDps:SDict begin H.S endps:SDict begin 11 H.A endHps:SDict begin [ /View [/XYZ H.V] /Dest (1074) cvn H.B /DEST pdfmark endOSPFalldesignatedroutersps:SDict begin H.S endps:SDict begin 11 H.A endHps:SDict begin [ /View [/XYZ H.V] /Dest (1075) cvn H.B /DEST pdfmark end.0SeeRFC1247fordetailsontheOSPFprotocol.ps:SDict begin H.S endps:SDict begin 11 H.A endHps:SDict begin [ /View [/XYZ H.V] /Dest (1076) cvn H.B /DEST pdfmark end0`color push Black30 color pop;~⟷ps:SDict begin /product where{pop product(Distiller)search{pop pop pop version(.)search{exch pop exch pop(3011)eq{gsave newpath 0 0 moveto closepath clip/Courier findfont 10 scalefont setfont 72 72 moveto(.)show grestore}if}{pop}ifelse}{pop}ifelse}if end 0`color push Blackcolor push gray 0ps:SDict begin H.S endcolor push gray 0 color popps:SDict begin H.R endKps:SDict begin [ /View [/XYZ H.V] /Dest (page.31) cvn H.B /DEST pdfmark end color popfdZChapter3.TheIPTracMonitor color pop`Additional6Informationps:SDict begin H.S endps:SDict begin 14.641 H.A endJps:SDict begin [ /View [/XYZ H.V] /Dest (5.16.1) cvn H.B /DEST pdfmark end`@ps:SDict begin H.S endps:SDict begin 11 H.A endHps:SDict begin [ /View [/XYZ H.V] /Dest (1078) cvn H.B /DEST pdfmark end n0When startedfromthemainmenuandloggingisenabled,theIPtracmonitor 0promptsyouforaloglename.Thedefaultnameisps:SDict begin H.S endps:SDict begin 11 H.A endHps:SDict begin [ /View [/XYZ H.V] /Dest (1079) cvn H.B /DEST pdfmark endip_traffic-ps:SDict begin H.S endps:SDict begin 11 H.A endHps:SDict begin [ /View [/XYZ H.V] /Dest (1080) cvn H.B /DEST pdfmark endn.logff(whereps:SDict begin H.S endps:SDict begin 11 H.A endHps:SDict begin [ /View [/XYZ H.V] /Dest (1081) cvn H.B /DEST pdfmark endn0iswzwhatinstanceofthetracmonitorthisis(1,2,3,andsoon).(e.g.ifthisistherst0instance,thedefaultlenamewillbeps:SDict begin H.S endps:SDict begin 11 H.A endHps:SDict begin [ /View [/XYZ H.V] /Dest (1082) cvn H.B /DEST pdfmark endip_traffic-1.log.)Pps:SDict begin H.S endps:SDict begin 11 H.A endHps:SDict begin [ /View [/XYZ H.V] /Dest (1083) cvn H.B /DEST pdfmark end簍0WhenV3startedwiththeps:SDict begin H.S endps:SDict begin 11 H.A endHps:SDict begin [ /View [/XYZ H.V] /Dest (1084) cvn H.B /DEST pdfmark end-iparameterB,theloglenamecanbespeciedwiththeps:SDict begin H.S endps:SDict begin 11 H.A endHps:SDict begin [ /View [/XYZ H.V] /Dest (1085) cvn H.B /DEST pdfmark end-L0parameterB.Seethecolor push gray 0ps:SDict begin H.S endCommand-lineParametersps:SDict begin 11 H.L endmps:SDict begin [ /Subtype /Link /Dest (CMDLINE) cvn /H /I /Border [0 0 0] /Color [1 0 0] H.B /ANN pdfmark end color pop|?sectionaboveformoreinformation.ps:SDict begin H.S endps:SDict begin 11 H.A endHps:SDict begin [ /View [/XYZ H.V] /Dest (1087) cvn H.B /DEST pdfmark end.0Ongbusynetworks,thedisplaymaybecomeclutteredwithtracyou'renotinter-0ested}in.Tocontrolthetracmonitorp'soutput,youcanapplyaps:SDict begin H.S endps:SDict begin 11 H.A endHps:SDict begin [ /View [/XYZ H.V] /Dest (1088) cvn H.B /DEST pdfmark endlter.SeeChapter7,0color push gray 0ps:SDict begin H.S endFiltersps:SDict begin 11 H.L endmps:SDict begin [ /Subtype /Link /Dest (FILTERS) cvn /H /I /Border [0 0 0] /Color [1 0 0] H.B /ANN pdfmark end color popNformoreinformationonIPTraf'slters.7ps:SDict begin H.S endps:SDict begin 11 H.A endHps:SDict begin [ /View [/XYZ H.V] /Dest (1090) cvn H.B /DEST pdfmark end 0Atanytime,youcanpressXorQtoreturntothemainmenu(orbacktotheshellif0themonitorwasstartedwithps:SDict begin H.S endps:SDict begin 11 H.A endHps:SDict begin [ /View [/XYZ H.V] /Dest (1091) cvn H.B /DEST pdfmark endiptraf-i).0`color push Black31 color pop ;=⟷ps:SDict begin /product where{pop product(Distiller)search{pop pop pop version(.)search{exch pop exch pop(3011)eq{gsave newpath 0 0 moveto closepath clip/Courier findfont 10 scalefont setfont 72 72 moveto(.)show grestore}if}{pop}ifelse}{pop}ifelse}if end 0`color push Blackcolor push gray 0ps:SDict begin H.S endcolor push gray 0 color popps:SDict begin H.R endKps:SDict begin [ /View [/XYZ H.V] /Dest (page.32) cvn H.B /DEST pdfmark end color popfdChapter3.TheIPTracMonitor color pop0`color push Black32 color pop!;Lk⟷ps:SDict begin /product where{pop product(Distiller)search{pop pop pop version(.)search{exch pop exch pop(3011)eq{gsave newpath 0 0 moveto closepath clip/Courier findfont 10 scalefont setfont 72 72 moveto(.)show grestore}if}{pop}ifelse}{pop}ifelse}if end 0`color push Blackcolor push gray 0ps:SDict begin H.S endcolor push gray 0 color popps:SDict begin H.R endKps:SDict begin [ /View [/XYZ H.V] /Dest (page.33) cvn H.B /DEST pdfmark end color pop color pop`ps:SDict begin H.S endps:SDict begin 11 H.A endLps:SDict begin [ /View [/XYZ H.V] /Dest (NETSTATS) cvn H.B /DEST pdfmark end ;Chapter4.NetworkInterfaceStatisticsps:SDict begin H.S endps:SDict begin 16.105 H.A endGps:SDict begin [ /View [/XYZ H.V] /Dest (6.0) cvn H.B /DEST pdfmark endWps:SDict begin H.S endps:SDict begin 11 H.A endHps:SDict begin [ /View [/XYZ H.V] /Dest (1094) cvn H.B /DEST pdfmark end*0Theremaretwonetworkinterfacestatisticsfacilities:thegeneralinterfacestatistics, 0which%displaysastatisticalsummaryofallattachedinterfaces,andthedetailedin-0terfaceXstatistics,whichshowsmorestatisticalandloadinformationaboutasingle0selectedinterface.7ps:SDict begin H.S endps:SDict begin 11 H.A endLps:SDict begin [ /View [/XYZ H.V] /Dest (GENSTATS) cvn H.B /DEST pdfmark end"hGeneral6InterfaceStatisticsps:SDict begin H.S endps:SDict begin 14.641 H.A endJps:SDict begin [ /View [/XYZ H.V] /Dest (6.17.1) cvn H.B /DEST pdfmark end@ps:SDict begin H.S endps:SDict begin 11 H.A endHps:SDict begin [ /View [/XYZ H.V] /Dest (1097) cvn H.B /DEST pdfmark end n0Theкsecondmenuoptiondisplaysalistofattachednetworkinterfaces,andsome0generalrpacketcounts.Specically,itdisplayscountsofIP,non-IP,andbadIP^pack-0etsb(packetswithIPchecksumerrors).ItalsoincludesanactivityindicatorB,which0shows%thenumberofkilobitsandpacketstheinterfaceseespersecond.Allgures0are%forincomingandoutgoingpackets.(Again,consideringpromiscuousmodefor0LANinterfaces,whichsimplycausesthemachinetointerceptallpackets).Thisis0usefulq*forgeneralmonitoringofallattachedinterfaces.Ifbytecountsandadditional0informationNareneededforaspecicinterface,theps:SDict begin H.S endps:SDict begin 11 H.A endHps:SDict begin [ /View [/XYZ H.V] /Dest (1098) cvn H.B /DEST pdfmark endDetailedinterfacestatisticsoptionis0alsoavailable.7ps:SDict begin H.S endps:SDict begin 11 H.A endHps:SDict begin [ /View [/XYZ H.V] /Dest (1099) cvn H.B /DEST pdfmark end 0The)~activityindicatorscanbetoggledbetweenkbits/sandkbytes/swiththeps:SDict begin H.S endps:SDict begin 11 H.A endHps:SDict begin [ /View [/XYZ H.V] /Dest (1100) cvn H.B /DEST pdfmark endActivity0modecongurationoption.ps:SDict begin H.S endps:SDict begin 11 H.A endHps:SDict begin [ /View [/XYZ H.V] /Dest (1101) cvn H.B /DEST pdfmark end.0The(generalstatisticswindowwilldynamicallyaddnewentriesaspacketsfrom0newly-createdinterfaces(e.g.newPPPinterfaces)areintercepted.Longlistscanbe0scrolledwiththeUp,Down,PgUp,andPgDnkeys.ps:SDict begin H.S endps:SDict begin 11 H.A endHps:SDict begin [ /View [/XYZ H.V] /Dest (1102) cvn H.B /DEST pdfmark end.0ThismonitorisaectedbyIPTraf'scolor push gray 0ps:SDict begin H.S endltersps:SDict begin 11 H.L endmps:SDict begin [ /Subtype /Link /Dest (FILTERS) cvn /H /I /Border [0 0 0] /Color [1 0 0] H.B /ANN pdfmark end color pop3asdescribedinChapter7.ps:SDict begin H.S endps:SDict begin 11 H.A endHps:SDict begin [ /View [/XYZ H.V] /Dest (1104) cvn H.B /DEST pdfmark end0CopiesjQofthestatisticsarewrittentothelogleps:SDict begin H.S endps:SDict begin 11 H.A endHps:SDict begin [ /View [/XYZ H.V] /Dest (1105) cvn H.B /DEST pdfmark endiface_stats_general.logatregu- 0larintervalsifloggingisenabled.Seetheps:SDict begin H.S endps:SDict begin 11 H.A endHps:SDict begin [ /View [/XYZ H.V] /Dest (1106) cvn H.B /DEST pdfmark endLoggingoptionintthecolor push gray 0ps:SDict begin H.S endCongurationps:SDict begin 11 H.L endlps:SDict begin [ /Subtype /Link /Dest (CONFIG) cvn /H /I /Border [0 0 0] /Color [1 0 0] H.B /ANN pdfmark end color popCchap-0terB.7ps:SDict begin H.S endps:SDict begin 11 H.A endHps:SDict begin [ /View [/XYZ H.V] /Dest (1108) cvn H.B /DEST pdfmark end 0This%facilitycanbestarteddirectlyfromthecommandlinewiththeps:SDict begin H.S endps:SDict begin 11 H.A endHps:SDict begin [ /View [/XYZ H.V] /Dest (1109) cvn H.B /DEST pdfmark end-goptionto0theps:SDict begin H.S endps:SDict begin 11 H.A endHps:SDict begin [ /View [/XYZ H.V] /Dest (1110) cvn H.B /DEST pdfmark endiptrafcommand.Whenstartedfromthecommandline,theloglenameand0logintervalcanbespeciedwiththeps:SDict begin H.S endps:SDict begin 11 H.A endHps:SDict begin [ /View [/XYZ H.V] /Dest (1111) cvn H.B /DEST pdfmark end-Lgandps:SDict begin H.S endps:SDict begin 11 H.A endHps:SDict begin [ /View [/XYZ H.V] /Dest (1112) cvn H.B /DEST pdfmark end-Iparametersrespectively.Seethe0color push gray 0ps:SDict begin H.S endCommand-lineParametersps:SDict begin 11 H.L endmps:SDict begin [ /Subtype /Link /Dest (CMDLINE) cvn /H /I /Border [0 0 0] /Color [1 0 0] H.B /ANN pdfmark end color popsectionaboveformoreinformation.7ps:SDict begin H.S endps:SDict begin 11 H.A endHps:SDict begin [ /View [/XYZ H.V] /Dest (1114) cvn H.B /DEST pdfmark endps:SDict begin H.S endps:SDict begin 11 H.A endHps:SDict begin [ /View [/XYZ H.V] /Dest (1116) cvn H.B /DEST pdfmark endME0Mps: currentpoint currentpoint translate 1 1 scale neg exch neg exch translate=PSfile="iptraf-gstat1.eps" llx=0 lly=0 urx=72 ury=72 rwi=720 Yps: currentpoint currentpoint translate 1 1 div 1 1 div scale neg exch neg exch translate0Figure4-1.Thegeneralinterfacestatisticsscreen Xps:SDict begin H.S endps:SDict begin 11 H.A endHps:SDict begin [ /View [/XYZ H.V] /Dest (1117) cvn H.B /DEST pdfmark endp0YoucanpressXorQtoreturntothemainmenu.ps:SDict begin H.S endps:SDict begin 11 H.A endLps:SDict begin [ /View [/XYZ H.V] /Dest (DETSTATS) cvn H.B /DEST pdfmark end1Detailed6InterfaceStatisticsps:SDict begin H.S endps:SDict begin 14.641 H.A endJps:SDict begin [ /View [/XYZ H.V] /Dest (6.18.1) cvn H.B /DEST pdfmark end@ps:SDict begin H.S endps:SDict begin 11 H.A endHps:SDict begin [ /View [/XYZ H.V] /Dest (1120) cvn H.B /DEST pdfmark end n0Themthirdmenuoptiondisplayspacketstatisticsforanyselectedinterface.Itprovides0basicallythesameinformationastheps:SDict begin H.S endps:SDict begin 11 H.A endHps:SDict begin [ /View [/XYZ H.V] /Dest (1121) cvn H.B /DEST pdfmark endGeneralinterfacestatisticsoption,withadditional0`color push Black33 color pop";O⟷ps:SDict begin /product where{pop product(Distiller)search{pop pop pop version(.)search{exch pop exch pop(3011)eq{gsave newpath 0 0 moveto closepath clip/Courier findfont 10 scalefont setfont 72 72 moveto(.)show grestore}if}{pop}ifelse}{pop}ifelse}if end 0`color push Blackcolor push gray 0ps:SDict begin H.S endcolor push gray 0 color popps:SDict begin H.R endKps:SDict begin [ /View [/XYZ H.V] /Dest (page.34) cvn H.B /DEST pdfmark end color popfdps:SDict begin H.S endps:SDict begin 11 H.A endHps:SDict begin [ /View [/XYZ H.V] /Dest (1164) cvn H.B /DEST pdfmark endfdChapter4.NetworkInterfaceStatistics color popdetails.Thisfacilityprovidesthefollowinginformation:`ps:SDict begin H.S endps:SDict begin 11 H.A endHps:SDict begin [ /View [/XYZ H.V] /Dest (1122) cvn H.B /DEST pdfmark endps:SDict begin H.S endps:SDict begin 11 H.A endHps:SDict begin [ /View [/XYZ H.V] /Dest (1123) cvn H.B /DEST pdfmark end.0color push Blackˀ color pop:ps:SDict begin H.S endps:SDict begin 11 H.A endHps:SDict begin [ /View [/XYZ H.V] /Dest (1124) cvn H.B /DEST pdfmark endTotalpacketandbytecountsps:SDict begin H.S endps:SDict begin 11 H.A endHps:SDict begin [ /View [/XYZ H.V] /Dest (1125) cvn H.B /DEST pdfmark end.0color push Blackˀ color pop:ps:SDict begin H.S endps:SDict begin 11 H.A endHps:SDict begin [ /View [/XYZ H.V] /Dest (1126) cvn H.B /DEST pdfmark endIPpacketandbytecountsps:SDict begin H.S endps:SDict begin 11 H.A endHps:SDict begin [ /View [/XYZ H.V] /Dest (1127) cvn H.B /DEST pdfmark end0color push Blackˀ color pop:ps:SDict begin H.S endps:SDict begin 11 H.A endHps:SDict begin [ /View [/XYZ H.V] /Dest (1128) cvn H.B /DEST pdfmark endTCPpacketandbytecountsps:SDict begin H.S endps:SDict begin 11 H.A endHps:SDict begin [ /View [/XYZ H.V] /Dest (1129) cvn H.B /DEST pdfmark end0color push Blackˀ color pop:ps:SDict begin H.S endps:SDict begin 11 H.A endHps:SDict begin [ /View [/XYZ H.V] /Dest (1130) cvn H.B /DEST pdfmark endUDPpacketandbytecountps:SDict begin H.S endps:SDict begin 11 H.A endHps:SDict begin [ /View [/XYZ H.V] /Dest (1131) cvn H.B /DEST pdfmark end0color push Blackˀ color pop:ps:SDict begin H.S endps:SDict begin 11 H.A endHps:SDict begin [ /View [/XYZ H.V] /Dest (1132) cvn H.B /DEST pdfmark endICMPpacketandbytecountsps:SDict begin H.S endps:SDict begin 11 H.A endHps:SDict begin [ /View [/XYZ H.V] /Dest (1133) cvn H.B /DEST pdfmark end0color push Blackˀ color pop:ps:SDict begin H.S endps:SDict begin 11 H.A endHps:SDict begin [ /View [/XYZ H.V] /Dest (1134) cvn H.B /DEST pdfmark endOtherIP-typepacketandbytecountsps:SDict begin H.S endps:SDict begin 11 H.A endHps:SDict begin [ /View [/XYZ H.V] /Dest (1135) cvn H.B /DEST pdfmark end0color push Blackˀ color pop:ps:SDict begin H.S endps:SDict begin 11 H.A endHps:SDict begin [ /View [/XYZ H.V] /Dest (1136) cvn H.B /DEST pdfmark endNon-IPpacketandbytecountsps:SDict begin H.S endps:SDict begin 11 H.A endHps:SDict begin [ /View [/XYZ H.V] /Dest (1137) cvn H.B /DEST pdfmark end0color push Blackˀ color pop:ps:SDict begin H.S endps:SDict begin 11 H.A endHps:SDict begin [ /View [/XYZ H.V] /Dest (1138) cvn H.B /DEST pdfmark endChecksumerrorcount7ps:SDict begin H.S endps:SDict begin 11 H.A endHps:SDict begin [ /View [/XYZ H.V] /Dest (1139) cvn H.B /DEST pdfmark end 0color push Blackˀ color pop:ps:SDict begin H.S endps:SDict begin 11 H.A endHps:SDict begin [ /View [/XYZ H.V] /Dest (1140) cvn H.B /DEST pdfmark endInterfaceactivityps:SDict begin H.S endps:SDict begin 11 H.A endHps:SDict begin [ /View [/XYZ H.V] /Dest (1141) cvn H.B /DEST pdfmark end0color push Blackˀ color pop:ps:SDict begin H.S endps:SDict begin 11 H.A endHps:SDict begin [ /View [/XYZ H.V] /Dest (1142) cvn H.B /DEST pdfmark endBroadcastpacketandbytecountsps:SDict begin H.S endps:SDict begin 11 H.A endHps:SDict begin [ /View [/XYZ H.V] /Dest (1143) cvn H.B /DEST pdfmark end0AllhIPhbytecounts(IP,TCP,UDP,ICMP,otherIP)hincludeIPheaderdataandpay- 0load.fThedatalinkheaderisnotincluded.Thefullframelength(includingdata-link0header)zisincludedinthenon-IPzandTotalbytecount.Alldata-linkheadersarealso0includedintheTotalbytecounts.ps:SDict begin H.S endps:SDict begin 11 H.A endHps:SDict begin [ /View [/XYZ H.V] /Dest (1144) cvn H.B /DEST pdfmark endps:SDict begin H.S endps:SDict begin 11 H.A endHps:SDict begin [ /View [/XYZ H.V] /Dest (1146) cvn H.B /DEST pdfmark endME0Mps: currentpoint currentpoint translate 1 1 scale neg exch neg exch translate=PSfile="iptraf-dstat1.eps" llx=0 lly=0 urx=72 ury=72 rwi=720 Yps: currentpoint currentpoint translate 1 1 div 1 1 div scale neg exch neg exch translate0Figure4-2.Thedetailedinterfacestatisticsscreen Xps:SDict begin H.S endps:SDict begin 11 H.A endHps:SDict begin [ /View [/XYZ H.V] /Dest (1147) cvn H.B /DEST pdfmark endp0TheUAupperportionofthescreencontainsthepacketandbytecountsforallIPU and0non-IP`packetsninterceptedontheinterface.Thelowerportioncontainsthetotal,in-0coming,andoutgoinginterfacedatarates.ps:SDict begin H.S endps:SDict begin 11 H.A endHps:SDict begin [ /View [/XYZ H.V] /Dest (1148) cvn H.B /DEST pdfmark end0Thisfacilityalsodisplaysincomingandoutgoingcountsanddatarates.Thepacket0size<PSfile="iptraf-pktsize.eps" llx=0 lly=0 urx=72 ury=72 rwi=720 Yps: currentpoint currentpoint translate 1 1 div 1 1 div scale neg exch neg exch translate0Figure5-1.Thepacketsizestatisticalbreakdown Xps:SDict begin H.S endps:SDict begin 11 H.A endHps:SDict begin [ /View [/XYZ H.V] /Dest (1189) cvn H.B /DEST pdfmark endp0Ifploggingisenabled,copiesofthestatisticsarewrittenatregularintervalstoalog0le.'Thedefaultloglenameisps:SDict begin H.S endps:SDict begin 11 H.A endHps:SDict begin [ /View [/XYZ H.V] /Dest (1190) cvn H.B /DEST pdfmark endpacket_size-ps:SDict begin H.S endps:SDict begin 11 H.A endHps:SDict begin [ /View [/XYZ H.V] /Dest (1191) cvn H.B /DEST pdfmark endiface.logwhereps:SDict begin H.S endps:SDict begin 11 H.A endHps:SDict begin [ /View [/XYZ H.V] /Dest (1192) cvn H.B /DEST pdfmark endifaceisthese-0lectedinterfaceforthissession(forexample,ps:SDict begin H.S endps:SDict begin 11 H.A endHps:SDict begin [ /View [/XYZ H.V] /Dest (1193) cvn H.B /DEST pdfmark endpacket_size-eth0.log).ps:SDict begin H.S endps:SDict begin 11 H.A endHps:SDict begin [ /View [/XYZ H.V] /Dest (1194) cvn H.B /DEST pdfmark end.0IPTraf'sltersdonotaectthisfacility.ps:SDict begin H.S endps:SDict begin 11 H.A endHps:SDict begin [ /View [/XYZ H.V] /Dest (1195) cvn H.B /DEST pdfmark end0Thepacketsizebreakdowncanalsobeinvokedstraightfromthecommandlineby 0specifyingСtheps:SDict begin H.S endps:SDict begin 11 H.A endHps:SDict begin [ /View [/XYZ H.V] /Dest (1196) cvn H.B /DEST pdfmark end-zifaceparameterB.Theinterfaceparameterisrequired.СForexample,0thiscommandrunsthefacilityoninterfaceps:SDict begin H.S endps:SDict begin 11 H.A endHps:SDict begin [ /View [/XYZ H.V] /Dest (1197) cvn H.B /DEST pdfmark endeth0. ps:SDict begin H.S endps:SDict begin 9.9 H.A endHps:SDict begin [ /View [/XYZ H.V] /Dest (1198) cvn H.B /DEST pdfmark end~0iptrafff-zeth0 ips:SDict begin H.S endps:SDict begin 11 H.A endHps:SDict begin [ /View [/XYZ H.V] /Dest (1199) cvn H.B /DEST pdfmark end I0Whenstartedfromthecommandline,theloglenameandlogintervalcanbespec-0iedwiththeps:SDict begin H.S endps:SDict begin 11 H.A endHps:SDict begin [ /View [/XYZ H.V] /Dest (1200) cvn H.B /DEST pdfmark end-Landps:SDict begin H.S endps:SDict begin 11 H.A endHps:SDict begin [ /View [/XYZ H.V] /Dest (1201) cvn H.B /DEST pdfmark end-Iparametersrespectively.Seethecolor push gray 0ps:SDict begin H.S endCommand-lineParametersps:SDict begin 11 H.L endmps:SDict begin [ /Subtype /Link /Dest (CMDLINE) cvn /H /I /Border [0 0 0] /Color [1 0 0] H.B /ANN pdfmark end color pop0sectionaboveformoreinformation.7ps:SDict begin H.S endps:SDict begin 11 H.A endHps:SDict begin [ /View [/XYZ H.V] /Dest (1203) cvn H.B /DEST pdfmark end 0Toexit,pressXorCtrl+X.ps:SDict begin H.S endps:SDict begin 11 H.A endKps:SDict begin [ /View [/XYZ H.V] /Dest (SERVMON) cvn H.B /DEST pdfmark end1TCP6andUDPToracStatisticsps:SDict begin H.S endps:SDict begin 14.641 H.A endJps:SDict begin [ /View [/XYZ H.V] /Dest (7.20.1) cvn H.B /DEST pdfmark end@ps:SDict begin H.S endps:SDict begin 11 H.A endHps:SDict begin [ /View [/XYZ H.V] /Dest (1206) cvn H.B /DEST pdfmark end n0IPTraf)alsoincludesafacilitythatgeneratesstatisticsonTCP)andUDPtrac.This0facilitydisplayscountsofallTCPandUDPpacketswithsourceordestinationports0numberedjlessthan1024.Ports1to1023arereservedfortheTCP/IPapplication0protocols(well-knownports).ps:SDict begin H.S endps:SDict begin 11 H.A endHps:SDict begin [ /View [/XYZ H.V] /Dest (1207) cvn H.B /DEST pdfmark end0`color push Black37 color pop&;G⟷ps:SDict begin /product where{pop product(Distiller)search{pop pop pop version(.)search{exch pop exch pop(3011)eq{gsave newpath 0 0 moveto closepath clip/Courier findfont 10 scalefont setfont 72 72 moveto(.)show grestore}if}{pop}ifelse}{pop}ifelse}if end 0`color push Blackcolor push gray 0ps:SDict begin H.S endcolor push gray 0 color popps:SDict begin H.R endKps:SDict begin [ /View [/XYZ H.V] /Dest (page.38) cvn H.B /DEST pdfmark end color popfdps:SDict begin H.S endps:SDict begin 11 H.A endHps:SDict begin [ /View [/XYZ H.V] /Dest (1230) cvn H.B /DEST pdfmark endfdChapter5.StatisticalBreakdowns color pop`ps:SDict begin H.S endps:SDict begin 11 H.A endHps:SDict begin [ /View [/XYZ H.V] /Dest (1209) cvn H.B /DEST pdfmark endHE0Mps: currentpoint currentpoint translate 1 1 scale neg exch neg exch translate=PSfile="iptraf-tcpudp.eps" llx=0 lly=0 urx=72 ury=72 rwi=720 Yps: currentpoint currentpoint translate 1 1 div 1 1 div scale neg exch neg exch translate0Figure5-2.TheTCP/UDPservicemonitor Xps:SDict begin H.S endps:SDict begin 11 H.A endHps:SDict begin [ /View [/XYZ H.V] /Dest (1210) cvn H.B /DEST pdfmark endp0The'Kstatisticswindowindicatestheprotocol(TCP'4orUDP),theportnumberB,thetotal 0packetsWandbytescountedforthisparticularprotocol/portcombination,thepackets0and"tbytesdestinedforthatprotocolandport,andthepacketsandbytescomingfrom0thatprotocolandport.ps:SDict begin H.S endps:SDict begin 11 H.A endHps:SDict begin [ /View [/XYZ H.V] /Dest (1211) cvn H.B /DEST pdfmark end.0BytecountsincludetheIPheaderandpayloadonly.Thedatalinkheaderisnotin-0cluded.7ps:SDict begin H.S endps:SDict begin 11 H.A endHps:SDict begin [ /View [/XYZ H.V] /Dest (1212) cvn H.B /DEST pdfmark end 0Theprotocol/portindicatorsarecolor-codedforeasieridenticationoncolortermi-0nals.TCPindicatorsareinyellow,UDPinbrightgreen.ps:SDict begin H.S endps:SDict begin 11 H.A endHps:SDict begin [ /View [/XYZ H.V] /Dest (1213) cvn H.B /DEST pdfmark end.0Somenetworkapplicationsorprotocolsmayuseportnumbershigherthan1023.0Examplesjoftheseincludeapplicationproxyservers(HTTPCproxyserverstypically0use,valueslike8000,8080,8888,andthelike),andIRC,(IRCservers,commonlyaccept0connectionsonports6660to6669).Theseportsarebydefaultnotincludedinthe0counts.)hIfyoudowanttoincludeahigher-numbered)hportinthestatistics,youcan0add֭themyourselffromtheps:SDict begin H.S endps:SDict begin 11 H.A endHps:SDict begin [ /View [/XYZ H.V] /Dest (1214) cvn H.B /DEST pdfmark endcolor push gray 0ps:SDict begin H.S endCongure...ps:SDict begin 11 H.L endlps:SDict begin [ /Subtype /Link /Dest (CONFIG) cvn /H /I /Border [0 0 0] /Color [1 0 0] H.B /ANN pdfmark end color pop//Additionalports...menuitem.Seethesection0below.7ps:SDict begin H.S endps:SDict begin 11 H.A endHps:SDict begin [ /View [/XYZ H.V] /Dest (1216) cvn H.B /DEST pdfmark end 0If[loggingisenabled,Thestatisticsarealsowrittentoalogle(thedefaultname0isps:SDict begin H.S endps:SDict begin 11 H.A endHps:SDict begin [ /View [/XYZ H.V] /Dest (1217) cvn H.B /DEST pdfmark endtcp_udp_services-ps:SDict begin H.S endps:SDict begin 11 H.A endHps:SDict begin [ /View [/XYZ H.V] /Dest (1218) cvn H.B /DEST pdfmark endiface.log,whereifaceistheselectedinterface(forexample,0ps:SDict begin H.S endps:SDict begin 11 H.A endHps:SDict begin [ /View [/XYZ H.V] /Dest (1219) cvn H.B /DEST pdfmark endtcp_udp_services-eth0.log).Pps:SDict begin H.S endps:SDict begin 11 H.A endHps:SDict begin [ /View [/XYZ H.V] /Dest (1220) cvn H.B /DEST pdfmark end簍0IPTrafcomputesthetotal,incoming,outgoing,anddataratesoftheprotocolcur-0rently0indicatedbythefacility'shighlightbarB.Thedataratesareindicatedatthe0bottom8ofthescreen.Ifloggingisenabled,theaveragedataratessincethestartof0thefacilityareplacedinthelogle.ps:SDict begin H.S endps:SDict begin 11 H.A endHps:SDict begin [ /View [/XYZ H.V] /Dest (1221) cvn H.B /DEST pdfmark end.0The1UpandDowncursorkeysmovethehighlightbarB.PressingX0orCtrl+Xexitsand0returnstothemainmenu(ortheshellifitwasstartedfromthecommandline).Pps:SDict begin H.S endps:SDict begin 11 H.A endHps:SDict begin [ /View [/XYZ H.V] /Dest (1222) cvn H.B /DEST pdfmark endJ?Sor=ting]TCP/UDPEntriesps:SDict begin H.S endps:SDict begin 13.31 H.A endLps:SDict begin [ /View [/XYZ H.V] /Dest (7.20.8.2) cvn H.B /DEST pdfmark endps:SDict begin H.S endps:SDict begin 11 H.A endHps:SDict begin [ /View [/XYZ H.V] /Dest (1224) cvn H.B /DEST pdfmark endNЍ0PressingptheSpkeybringsupawindowwhichallowsyoutoselecttheeldbywhich0theentrieswillbesorted.YoucanpressRtosortbyport,Ptosortbytotalpackets,0B4@to4osortbytotalbytes,Ttosortbyincomingpackets(packetsto),Otosortbyin-0comingbytes(bytesto),Ftosortbyoutgoingpackets(packetsfrom)andMtosort0byoutgoingbytes(bytesfrom).Pressinganyotherkeycancelsthesort.ps:SDict begin H.S endps:SDict begin 11 H.A endHps:SDict begin [ /View [/XYZ H.V] /Dest (1225) cvn H.B /DEST pdfmark end.0Portnumbersaresortedinascendingorder(leastrst)butstatisticsaresortedin0descendingorder(largestcountsrst).ps:SDict begin H.S endps:SDict begin 11 H.A endHps:SDict begin [ /View [/XYZ H.V] /Dest (1226) cvn H.B /DEST pdfmark end.0AsAwiththeIPA|tracmonitorB,sortingisperformedonlywiththissequence.Auto-0maticsortingisnotperformedsoasnottoaectperformance.ps:SDict begin H.S endps:SDict begin 11 H.A endHps:SDict begin [ /View [/XYZ H.V] /Dest (1227) cvn H.B /DEST pdfmark endps:SDict begin H.S endps:SDict begin 11 H.A endHps:SDict begin [ /View [/XYZ H.V] /Dest (1229) cvn H.B /DEST pdfmark end0`color push Black38 color pop';⟷ps:SDict begin /product where{pop product(Distiller)search{pop pop pop version(.)search{exch pop exch pop(3011)eq{gsave newpath 0 0 moveto closepath clip/Courier findfont 10 scalefont setfont 72 72 moveto(.)show grestore}if}{pop}ifelse}{pop}ifelse}if end 0`color push Blackcolor push gray 0ps:SDict begin H.S endcolor push gray 0 color popps:SDict begin H.R endKps:SDict begin [ /View [/XYZ H.V] /Dest (page.39) cvn H.B /DEST pdfmark end color popfdZ Chapter5.StatisticalBreakdowns color popEMps: currentpoint currentpoint translate 1 1 scale neg exch neg exch translateAPSfile="iptraf-tcpudpsort.eps" llx=0 lly=0 urx=72 ury=72 rwi=720 Yps: currentpoint currentpoint translate 1 1 div 1 1 div scale neg exch neg exch translateFigure5-3.TheTCP/UDPmonitor's8ssortcriteria` Xps:SDict begin H.S endps:SDict begin 11 H.A endHps:SDict begin [ /View [/XYZ H.V] /Dest (1230) cvn H.B /DEST pdfmark endAdditional]Informationps:SDict begin H.S endps:SDict begin 13.31 H.A endLps:SDict begin [ /View [/XYZ H.V] /Dest (7.20.9.2) cvn H.B /DEST pdfmark end3ps:SDict begin H.S endps:SDict begin 11 H.A endHps:SDict begin [ /View [/XYZ H.V] /Dest (1232) cvn H.B /DEST pdfmark end M0IPTraf'sltersaecttheoutputofthisfacility.SeeChapter7,color push gray 0ps:SDict begin H.S endFiltersps:SDict begin 11 H.L endmps:SDict begin [ /Subtype /Link /Dest (FILTERS) cvn /H /I /Border [0 0 0] /Color [1 0 0] H.B /ANN pdfmark end color pop!~formoreinfor- 0mationaboutlters.7ps:SDict begin H.S endps:SDict begin 11 H.A endHps:SDict begin [ /View [/XYZ H.V] /Dest (1234) cvn H.B /DEST pdfmark end 0IfE0youwishtostartthisfacilityfromthecommandline,youcanusetheps:SDict begin H.S endps:SDict begin 11 H.A endHps:SDict begin [ /View [/XYZ H.V] /Dest (1235) cvn H.B /DEST pdfmark end-soption0followedbyaninterfacetomonitorB.Forexample, ps:SDict begin H.S endps:SDict begin 9.9 H.A endHps:SDict begin [ /View [/XYZ H.V] /Dest (1236) cvn H.B /DEST pdfmark end~0iptrafff-seth0 ips:SDict begin H.S endps:SDict begin 11 H.A endHps:SDict begin [ /View [/XYZ H.V] /Dest (1237) cvn H.B /DEST pdfmark end I0bringsRupthismodulefortraconps:SDict begin H.S endps:SDict begin 11 H.A endHps:SDict begin [ /View [/XYZ H.V] /Dest (1238) cvn H.B /DEST pdfmark endeth0.Theinterfacemustbespecied,orIPTraf0willdropbacktotheshell.ps:SDict begin H.S endps:SDict begin 11 H.A endHps:SDict begin [ /View [/XYZ H.V] /Dest (1239) cvn H.B /DEST pdfmark end.0Whenstartedfromthecommandline,theloglenameandlogintervalcanbespec-0iedwiththeps:SDict begin H.S endps:SDict begin 11 H.A endHps:SDict begin [ /View [/XYZ H.V] /Dest (1240) cvn H.B /DEST pdfmark end-Landps:SDict begin H.S endps:SDict begin 11 H.A endHps:SDict begin [ /View [/XYZ H.V] /Dest (1241) cvn H.B /DEST pdfmark end-Iparametersrespectively.Seethecolor push gray 0ps:SDict begin H.S endCommand-lineParametersps:SDict begin 11 H.L endmps:SDict begin [ /Subtype /Link /Dest (CMDLINE) cvn /H /I /Border [0 0 0] /Color [1 0 0] H.B /ANN pdfmark end color pop0sectionaboveformoreinformation.0`color push Black39 color pop(; ⟷ps:SDict begin /product where{pop product(Distiller)search{pop pop pop version(.)search{exch pop exch pop(3011)eq{gsave newpath 0 0 moveto closepath clip/Courier findfont 10 scalefont setfont 72 72 moveto(.)show grestore}if}{pop}ifelse}{pop}ifelse}if end 0`color push Blackcolor push gray 0ps:SDict begin H.S endcolor push gray 0 color popps:SDict begin H.R endKps:SDict begin [ /View [/XYZ H.V] /Dest (page.40) cvn H.B /DEST pdfmark end color popfdChapter5.StatisticalBreakdowns color pop0`color push Black40 color pop);⟷ps:SDict begin /product where{pop product(Distiller)search{pop pop pop version(.)search{exch pop exch pop(3011)eq{gsave newpath 0 0 moveto closepath clip/Courier findfont 10 scalefont setfont 72 72 moveto(.)show grestore}if}{pop}ifelse}{pop}ifelse}if end 0`color push Blackcolor push gray 0ps:SDict begin H.S endcolor push gray 0 color popps:SDict begin H.R endKps:SDict begin [ /View [/XYZ H.V] /Dest (page.41) cvn H.B /DEST pdfmark end color pop color pop`ps:SDict begin H.S endps:SDict begin 11 H.A endKps:SDict begin [ /View [/XYZ H.V] /Dest (HOSTMON) cvn H.B /DEST pdfmark end ;Chapter6.LANStationStatisticsps:SDict begin H.S endps:SDict begin 16.105 H.A endGps:SDict begin [ /View [/XYZ H.V] /Dest (8.0) cvn H.B /DEST pdfmark endWps:SDict begin H.S endps:SDict begin 11 H.A endHps:SDict begin [ /View [/XYZ H.V] /Dest (1245) cvn H.B /DEST pdfmark end*0The'\LAN'Estationmonitor(Ethernetstationmonitoronversionspriorto1.3.0)discov- 0erswMACwaddressesanddisplaysstatisticsonthenumberofincoming,andoutgoing0packets.xItalsoincludesguresforincomingandoutgoingkilobitspersecondfor0eachdiscoveredstation.7ps:SDict begin H.S endps:SDict begin 11 H.A endHps:SDict begin [ /View [/XYZ H.V] /Dest (1246) cvn H.B /DEST pdfmark end 0The&entryaboveeachlineofstatisticsisthestation'sLAN type(Ethernet,PLIP,Token0Ring,corFDDI)candthehardwarecMACaddress.cEachstatisticslineconsistsofthe0followinginformation:ps:SDict begin H.S endps:SDict begin 11 H.A endHps:SDict begin [ /View [/XYZ H.V] /Dest (1247) cvn H.B /DEST pdfmark endps:SDict begin H.S endps:SDict begin 11 H.A endHps:SDict begin [ /View [/XYZ H.V] /Dest (1248) cvn H.B /DEST pdfmark end.0color push Blackˀ color pop:ps:SDict begin H.S endps:SDict begin 11 H.A endHps:SDict begin [ /View [/XYZ H.V] /Dest (1249) cvn H.B /DEST pdfmark endTotalpacketsincomingps:SDict begin H.S endps:SDict begin 11 H.A endHps:SDict begin [ /View [/XYZ H.V] /Dest (1250) cvn H.B /DEST pdfmark end.0color push Blackˀ color pop:ps:SDict begin H.S endps:SDict begin 11 H.A endHps:SDict begin [ /View [/XYZ H.V] /Dest (1251) cvn H.B /DEST pdfmark endIPpacketsincomingps:SDict begin H.S endps:SDict begin 11 H.A endHps:SDict begin [ /View [/XYZ H.V] /Dest (1252) cvn H.B /DEST pdfmark end0color push Blackˀ color pop:ps:SDict begin H.S endps:SDict begin 11 H.A endHps:SDict begin [ /View [/XYZ H.V] /Dest (1253) cvn H.B /DEST pdfmark endTotalbytesincomingps:SDict begin H.S endps:SDict begin 11 H.A endHps:SDict begin [ /View [/XYZ H.V] /Dest (1254) cvn H.B /DEST pdfmark end0color push Blackˀ color pop:ps:SDict begin H.S endps:SDict begin 11 H.A endHps:SDict begin [ /View [/XYZ H.V] /Dest (1255) cvn H.B /DEST pdfmark endIncomingrateps:SDict begin H.S endps:SDict begin 11 H.A endHps:SDict begin [ /View [/XYZ H.V] /Dest (1256) cvn H.B /DEST pdfmark end0color push Blackˀ color pop:ps:SDict begin H.S endps:SDict begin 11 H.A endHps:SDict begin [ /View [/XYZ H.V] /Dest (1257) cvn H.B /DEST pdfmark endTotalpacketsoutgoingps:SDict begin H.S endps:SDict begin 11 H.A endHps:SDict begin [ /View [/XYZ H.V] /Dest (1258) cvn H.B /DEST pdfmark end0color push Blackˀ color pop:ps:SDict begin H.S endps:SDict begin 11 H.A endHps:SDict begin [ /View [/XYZ H.V] /Dest (1259) cvn H.B /DEST pdfmark endIPpacketsoutgoingps:SDict begin H.S endps:SDict begin 11 H.A endHps:SDict begin [ /View [/XYZ H.V] /Dest (1260) cvn H.B /DEST pdfmark end0color push Blackˀ color pop:ps:SDict begin H.S endps:SDict begin 11 H.A endHps:SDict begin [ /View [/XYZ H.V] /Dest (1261) cvn H.B /DEST pdfmark endTotalbytesoutgoingps:SDict begin H.S endps:SDict begin 11 H.A endHps:SDict begin [ /View [/XYZ H.V] /Dest (1262) cvn H.B /DEST pdfmark end0color push Blackˀ color pop:ps:SDict begin H.S endps:SDict begin 11 H.A endHps:SDict begin [ /View [/XYZ H.V] /Dest (1263) cvn H.B /DEST pdfmark endOutgoingrateps:SDict begin H.S endps:SDict begin 11 H.A endHps:SDict begin [ /View [/XYZ H.V] /Dest (1264) cvn H.B /DEST pdfmark end0ThebytecountsincludethedatalinkheaderB.Theactivityindicatorscanbesetto 0displaykbits/sorkbytes/swiththeps:SDict begin H.S endps:SDict begin 11 H.A endHps:SDict begin [ /View [/XYZ H.V] /Dest (1265) cvn H.B /DEST pdfmark endActivitymodecongurationoption.ps:SDict begin H.S endps:SDict begin 11 H.A endHps:SDict begin [ /View [/XYZ H.V] /Dest (1266) cvn H.B /DEST pdfmark end0ThismfacilityworksonlyforEthernet,PLIP,TokenRing,andFDDImframes.Loopback. 0ISDN,andSLIP/PPPnetworksarenotmonitoredhere.ps:SDict begin H.S endps:SDict begin 11 H.A endHps:SDict begin [ /View [/XYZ H.V] /Dest (1267) cvn H.B /DEST pdfmark endps:SDict begin H.S endps:SDict begin 11 H.A endHps:SDict begin [ /View [/XYZ H.V] /Dest (1269) cvn H.B /DEST pdfmark endME0Mps: currentpoint currentpoint translate 1 1 scale neg exch neg exch translate9PSfile="iptraf-hw.eps" llx=0 lly=0 urx=72 ury=72 rwi=720 Yps: currentpoint currentpoint translate 1 1 div 1 1 div scale neg exch neg exch translate0Figure6-1.TheLANstationmonitor Xps:SDict begin H.S endps:SDict begin 11 H.A endHps:SDict begin [ /View [/XYZ H.V] /Dest (1270) cvn H.B /DEST pdfmark endp0Copies^(ofthestatisticsarewrittentoalogleatregularintervalsifloggingisen-0abled. Thedefaultloglenameisps:SDict begin H.S endps:SDict begin 11 H.A endHps:SDict begin [ /View [/XYZ H.V] /Dest (1271) cvn H.B /DEST pdfmark endlan_statistics-ps:SDict begin H.S endps:SDict begin 11 H.A endHps:SDict begin [ /View [/XYZ H.V] /Dest (1272) cvn H.B /DEST pdfmark endn.log,wherenistheinstance0numberofthisfacility(forexample,ifthisistherstinstance,thegenerateddefault0loglenameisps:SDict begin H.S endps:SDict begin 11 H.A endHps:SDict begin [ /View [/XYZ H.V] /Dest (1273) cvn H.B /DEST pdfmark endlan_statistics-1.log).ps:SDict begin H.S endps:SDict begin 11 H.A endNps:SDict begin [ /View [/XYZ H.V] /Dest (SORTINGLAN) cvn H.B /DEST pdfmark end׍SorD!ting6theLANStationMonitorEntriesps:SDict begin H.S endps:SDict begin 14.641 H.A endJps:SDict begin [ /View [/XYZ H.V] /Dest (8.21.1) cvn H.B /DEST pdfmark end ps:SDict begin H.S endps:SDict begin 11 H.A endHps:SDict begin [ /View [/XYZ H.V] /Dest (1276) cvn H.B /DEST pdfmark end 卑0PressStosorttheentries.Aboxwillpopupanddisplaythekeysyoucanpressto0selecttheeldbywhichtheentrieswillbesorted.PressPtosortbytotalincoming0packets,oIatosortbyincomingIPpackets,Btosortbytotalincomingbytes,Ktosort0byqtotaloutgoingpackets,OqytosortbyoutgoingIPpackets,andYtosortbytotal0outgoingbytes.Pressinganyotherkeycancelsthesort.ps:SDict begin H.S endps:SDict begin 11 H.A endHps:SDict begin [ /View [/XYZ H.V] /Dest (1277) cvn H.B /DEST pdfmark endps:SDict begin H.S endps:SDict begin 11 H.A endHps:SDict begin [ /View [/XYZ H.V] /Dest (1279) cvn H.B /DEST pdfmark end0`color push Blackps:SDict begin H.S endps:SDict begin 11 H.A endHps:SDict begin [ /View [/XYZ H.V] /Dest (1280) cvn H.B /DEST pdfmark endfd41 color pop*;⟷ps:SDict begin /product where{pop product(Distiller)search{pop pop pop version(.)search{exch pop exch pop(3011)eq{gsave newpath 0 0 moveto closepath clip/Courier findfont 10 scalefont setfont 72 72 moveto(.)show grestore}if}{pop}ifelse}{pop}ifelse}if end 0`color push Blackcolor push gray 0ps:SDict begin H.S endcolor push gray 0 color popps:SDict begin H.R endKps:SDict begin [ /View [/XYZ H.V] /Dest (page.42) cvn H.B /DEST pdfmark end color popfdChapter6.LANStationStatistics color popEMps: currentpoint currentpoint translate 1 1 scale neg exch neg exch translate=PSfile="iptraf-hwsort.eps" llx=0 lly=0 urx=72 ury=72 rwi=720 Yps: currentpoint currentpoint translate 1 1 div 1 1 div scale neg exch neg exch translateFigure6-2.TheLANstationmonitor's8ssortcriteriaWhenstartedfromthecommandline,theloglenameandlogintervalcanbespec- iedwiththe-Landps:SDict begin H.S endps:SDict begin 11 H.A endHps:SDict begin [ /View [/XYZ H.V] /Dest (1282) cvn H.B /DEST pdfmark end-Iparametersrespectively.Seethecolor push gray 0ps:SDict begin H.S endCommand-lineParametersps:SDict begin 11 H.L endmps:SDict begin [ /Subtype /Link /Dest (CMDLINE) cvn /H /I /Border [0 0 0] /Color [1 0 0] H.B /ANN pdfmark end color popsectionaboveformoreinformation.`7ps:SDict begin H.S endps:SDict begin 11 H.A endRps:SDict begin [ /View [/XYZ H.V] /Dest (MORELANMONINFO) cvn H.B /DEST pdfmark end"mAdditional6Informationps:SDict begin H.S endps:SDict begin 14.641 H.A endJps:SDict begin [ /View [/XYZ H.V] /Dest (8.22.1) cvn H.B /DEST pdfmark end@ps:SDict begin H.S endps:SDict begin 11 H.A endHps:SDict begin [ /View [/XYZ H.V] /Dest (1286) cvn H.B /DEST pdfmark end n0The`windowcanbescrolledwiththeUpandDowncursorkeys.PressXorQto0return tothemainmenu(ortheshellifthisfacilitywasstartedwiththeps:SDict begin H.S endps:SDict begin 11 H.A endHps:SDict begin [ /View [/XYZ H.V] /Dest (1287) cvn H.B /DEST pdfmark end-lcommand-0lineoption).ps:SDict begin H.S endps:SDict begin 11 H.A endHps:SDict begin [ /View [/XYZ H.V] /Dest (1288) cvn H.B /DEST pdfmark end.0TheoutputofthisfacilityisaectedbyanyappliedIPTraflterB.0`color push Black42 color pop+;֑⟷ps:SDict begin /product where{pop product(Distiller)search{pop pop pop version(.)search{exch pop exch pop(3011)eq{gsave newpath 0 0 moveto closepath clip/Courier findfont 10 scalefont setfont 72 72 moveto(.)show grestore}if}{pop}ifelse}{pop}ifelse}if end 0`color push Blackcolor push gray 0ps:SDict begin H.S endcolor push gray 0 color popps:SDict begin H.R endKps:SDict begin [ /View [/XYZ H.V] /Dest (page.43) cvn H.B /DEST pdfmark end color pop color pop`ps:SDict begin H.S endps:SDict begin 11 H.A endKps:SDict begin [ /View [/XYZ H.V] /Dest (FILTERS) cvn H.B /DEST pdfmark end ;Chapter7.Filtersps:SDict begin H.S endps:SDict begin 16.105 H.A endGps:SDict begin [ /View [/XYZ H.V] /Dest (9.0) cvn H.B /DEST pdfmark endWps:SDict begin H.S endps:SDict begin 11 H.A endHps:SDict begin [ /View [/XYZ H.V] /Dest (1291) cvn H.B /DEST pdfmark end*0Filtersareusedtocontroltheinformationdisplayedbyallfacilities.Youmaywant 0toviewstatisticsonlyonparticulartracsoyoumustrestricttheinformationdis-0played.Theltersalsoapplytologgingactivity.ps:SDict begin H.S endps:SDict begin 11 H.A endHps:SDict begin [ /View [/XYZ H.V] /Dest (1292) cvn H.B /DEST pdfmark end.0TheIPTrafltermanagementsystemisaccessiblethroughtheps:SDict begin H.S endps:SDict begin 11 H.A endHps:SDict begin [ /View [/XYZ H.V] /Dest (1293) cvn H.B /DEST pdfmark endFilters...submenu.ps:SDict begin H.S endps:SDict begin 11 H.A endHps:SDict begin [ /View [/XYZ H.V] /Dest (1294) cvn H.B /DEST pdfmark endps:SDict begin H.S endps:SDict begin 11 H.A endHps:SDict begin [ /View [/XYZ H.V] /Dest (1296) cvn H.B /DEST pdfmark endME0Mps: currentpoint currentpoint translate 1 1 scale neg exch neg exch translateAPSfile="iptraf-filtermenu.eps" llx=0 lly=0 urx=72 ury=72 rwi=720 Yps: currentpoint currentpoint translate 1 1 div 1 1 div scale neg exch neg exch translate0Figure7-1.TheFilterssubmenuXps:SDict begin H.S endps:SDict begin 11 H.A endMps:SDict begin [ /View [/XYZ H.V] /Dest (IPFILTERS) cvn H.B /DEST pdfmark end IP6Filtersps:SDict begin H.S endps:SDict begin 14.641 H.A endJps:SDict begin [ /View [/XYZ H.V] /Dest (9.23.1) cvn H.B /DEST pdfmark end@ps:SDict begin H.S endps:SDict begin 11 H.A endHps:SDict begin [ /View [/XYZ H.V] /Dest (1299) cvn H.B /DEST pdfmark end n0The*ps:SDict begin H.S endps:SDict begin 11 H.A endHps:SDict begin [ /View [/XYZ H.V] /Dest (1300) cvn H.B /DEST pdfmark endFilters/IP...menuoptionallowsyoutodeneasetofrulesthatdeterminewhat0IP69trac6htopasstothemonitors.Selectingthisoptionpopsupanothermenuwith0thetasksusedtodeneandapplycustomIPlters.ps:SDict begin H.S endps:SDict begin 11 H.A endHps:SDict begin [ /View [/XYZ H.V] /Dest (1301) cvn H.B /DEST pdfmark endps:SDict begin H.S endps:SDict begin 11 H.A endHps:SDict begin [ /View [/XYZ H.V] /Dest (1303) cvn H.B /DEST pdfmark endME0Mps: currentpoint currentpoint translate 1 1 scale neg exch neg exch translate@PSfile="iptraf-ipfltmenu.eps" llx=0 lly=0 urx=72 ury=72 rwi=720 Yps: currentpoint currentpoint translate 1 1 div 1 1 div scale neg exch neg exch translate0Figure7-2.TheIPltermenuXps:SDict begin H.S endps:SDict begin 11 H.A endHps:SDict begin [ /View [/XYZ H.V] /Dest (1304) cvn H.B /DEST pdfmark endDening]aNeёwFilterps:SDict begin H.S endps:SDict begin 13.31 H.A endMps:SDict begin [ /View [/XYZ H.V] /Dest (9.23.10.2) cvn H.B /DEST pdfmark endps:SDict begin H.S endps:SDict begin 11 H.A endHps:SDict begin [ /View [/XYZ H.V] /Dest (1306) cvn H.B /DEST pdfmark endNЍ0Afreshlyinstalledprogramwillhavenoltersdened,sobeforeanythingelse,you0willhavetodenealterB.Youcandothisbyselectingtheps:SDict begin H.S endps:SDict begin 11 H.A endHps:SDict begin [ /View [/XYZ H.V] /Dest (1307) cvn H.B /DEST pdfmark endDenenewlter...option.ps:SDict begin H.S endps:SDict begin 11 H.A endHps:SDict begin [ /View [/XYZ H.V] /Dest (1308) cvn H.B /DEST pdfmark end.0Selectingthisoptiondisplaysaboxaskingyoutoenterashortdescriptionofthe0lteryouaregoingtodene.Justenteranytextthatclearlyidentiesthenatureof0thelterB.7ps:SDict begin H.S endps:SDict begin 11 H.A endHps:SDict begin [ /View [/XYZ H.V] /Dest (1309) cvn H.B /DEST pdfmark endps:SDict begin H.S endps:SDict begin 11 H.A endHps:SDict begin [ /View [/XYZ H.V] /Dest (1311) cvn H.B /DEST pdfmark end0`color push Blackps:SDict begin H.S endps:SDict begin 11 H.A endHps:SDict begin [ /View [/XYZ H.V] /Dest (1312) cvn H.B /DEST pdfmark endfd43 color pop,;⟷ps:SDict begin /product where{pop product(Distiller)search{pop pop pop version(.)search{exch pop exch pop(3011)eq{gsave newpath 0 0 moveto closepath clip/Courier findfont 10 scalefont setfont 72 72 moveto(.)show grestore}if}{pop}ifelse}{pop}ifelse}if end 0`color push Blackcolor push gray 0ps:SDict begin H.S endcolor push gray 0 color popps:SDict begin H.R endKps:SDict begin [ /View [/XYZ H.V] /Dest (page.44) cvn H.B /DEST pdfmark end color popfdChapter7.Filters color popEMps: currentpoint currentpoint translate 1 1 scale neg exch neg exch translateCPSfile="iptraf-ipfltnamedlg.eps" llx=0 lly=0 urx=72 ury=72 rwi=720 Yps: currentpoint currentpoint translate 1 1 div 1 1 div scale neg exch neg exch translateFigure7-3.TheIPlternamedialogPressgEnterwhenyou'redonewiththatbox.Asanalternative,youcanalsopress Ctrl+Xtocanceltheoperation.`ps:SDict begin H.S endps:SDict begin 11 H.A endHps:SDict begin [ /View [/XYZ H.V] /Dest (1313) cvn H.B /DEST pdfmark end0TheFilterRuleSelectionScreenps:SDict begin H.S endps:SDict begin 12.1 H.A endOps:SDict begin [ /View [/XYZ H.V] /Dest (9.23.10.6.3) cvn H.B /DEST pdfmark end.ps:SDict begin H.S endps:SDict begin 11 H.A endHps:SDict begin [ /View [/XYZ H.V] /Dest (1315) cvn H.B /DEST pdfmark end ҍ0After!youenterthelterp'sdescription,youwillbetakentoablankruleselectionbox.0At'thisscreenyoumanagethevariousrulesyoudeneforthislterB.Youcanoptto0insert,append,edit,ordeleterules.ps:SDict begin H.S endps:SDict begin 11 H.A endHps:SDict begin [ /View [/XYZ H.V] /Dest (1316) cvn H.B /DEST pdfmark endps:SDict begin H.S endps:SDict begin 11 H.A endHps:SDict begin [ /View [/XYZ H.V] /Dest (1318) cvn H.B /DEST pdfmark endME0Mps: currentpoint currentpoint translate 1 1 scale neg exch neg exch translate@PSfile="iptraf-ipfltlist.eps" llx=0 lly=0 urx=72 ury=72 rwi=720 Yps: currentpoint currentpoint translate 1 1 div 1 1 div scale neg exch neg exch translate0Figure7-4.Thelterruleselectionscreen.Selectinganentrydisplaysthatsetfor0editing Xps:SDict begin H.S endps:SDict begin 11 H.A endHps:SDict begin [ /View [/XYZ H.V] /Dest (1319) cvn H.B /DEST pdfmark endp0Anysrulesdenedwillappearhere.Youwillseethesourceanddestinationaddresses,0masksN andports(longaddressesandmasksmaybetruncated)andwhetherthisrule0includesorexcludesmatchingpackets.ps:SDict begin H.S endps:SDict begin 11 H.A endHps:SDict begin [ /View [/XYZ H.V] /Dest (1320) cvn H.B /DEST pdfmark end.0Between_Hthesourceanddestinationparametersisanarrowthatindicateswhether0therulematchespackets(single-headed)onlyexactlyorwhetheritmatchespackets0owingintheoppositedirection(double-headed).ps:SDict begin H.S endps:SDict begin 11 H.A endHps:SDict begin [ /View [/XYZ H.V] /Dest (1321) cvn H.B /DEST pdfmark end.0At!thisscreen,pressI!toinsertatthecurrentpositionoftheselectionbarB,A!toappend0aruletotheendofthelist,EntertoeditthehighlightedruleandDtodeletethe0selectedrule.Ws8ithanemptylist,AorIcanbeusedtoaddtherstrule.ps:SDict begin H.S endps:SDict begin 11 H.A endHps:SDict begin [ /View [/XYZ H.V] /Dest (1322) cvn H.B /DEST pdfmark end.0Toaddtherstrule,pressAorI.Youwillthenbepresentedwithadialogboxthat0allowsyoutoentertherule'sparameters.ps:SDict begin H.S endps:SDict begin 11 H.A endHps:SDict begin [ /View [/XYZ H.V] /Dest (1323) cvn H.B /DEST pdfmark endG0EnteringFilterRulesps:SDict begin H.S endps:SDict begin 12.1 H.A endOps:SDict begin [ /View [/XYZ H.V] /Dest (9.23.10.7.3) cvn H.B /DEST pdfmark endps:SDict begin H.S endps:SDict begin 11 H.A endHps:SDict begin [ /View [/XYZ H.V] /Dest (1325) cvn H.B /DEST pdfmark endw0Youcanenteraddressesofindividualhosts,networks,oracatch-alladdress.The0natureoftheaddresswillbedeterminedbythewildcardmask.ps:SDict begin H.S endps:SDict begin 11 H.A endHps:SDict begin [ /View [/XYZ H.V] /Dest (1326) cvn H.B /DEST pdfmark end.0You'llnoticetwosetsofelds,markedps:SDict begin H.S endps:SDict begin 11 H.A endHps:SDict begin [ /View [/XYZ H.V] /Dest (1327) cvn H.B /DEST pdfmark endSourceandps:SDict begin H.S endps:SDict begin 11 H.A endHps:SDict begin [ /View [/XYZ H.V] /Dest (1328) cvn H.B /DEST pdfmark endDestination.Youlltheseout0withtheinformationaboutyoursourceandtargets.0`color push Black44 color pop-;$ޑ⟷ps:SDict begin /product where{pop product(Distiller)search{pop pop pop version(.)search{exch pop exch pop(3011)eq{gsave newpath 0 0 moveto closepath clip/Courier findfont 10 scalefont setfont 72 72 moveto(.)show grestore}if}{pop}ifelse}{pop}ifelse}if end 0`color push Blackcolor push gray 0ps:SDict begin H.S endcolor push gray 0 color popps:SDict begin H.R endKps:SDict begin [ /View [/XYZ H.V] /Dest (page.45) cvn H.B /DEST pdfmark end color popfd]):Chapter7.Filters color pop8k`vkps:SDict begin H.S endps:SDict begin 11 H.A endHps:SDict begin [ /View [/XYZ H.V] /Dest (1329) cvn H.B /DEST pdfmark end 0FillyoutthehostnameorIPyaddressofthehostsornetworksinthersteldmarked 0ps:SDict begin H.S endps:SDict begin 11 H.A endHps:SDict begin [ /View [/XYZ H.V] /Dest (1330) cvn H.B /DEST pdfmark endHostffname/IPAddress..~Enteritinstandarddotted-decimalnotation.Whendone,0pressTabtomovetotheps:SDict begin H.S endps:SDict begin 11 H.A endHps:SDict begin [ /View [/XYZ H.V] /Dest (1331) cvn H.B /DEST pdfmark endWildcardffmaskeld.Thewildcardmaskissimilarbut0not&exactlyidenticaltothestandardIP%subnetmask.Thewildcardmaskisusedto0determinewhichbitstoignorewhenprocessingthelterB.Inmostcases,itwillwork0very!closelylikeasubnetmask.Placeones(1)underthebitsyouwantthelterto0recognize,5andkeepzeros(0)underthebitsyouwanttheltertoignore.Forexample:ps:SDict begin H.S endps:SDict begin 11 H.A endHps:SDict begin [ /View [/XYZ H.V] /Dest (1332) cvn H.B /DEST pdfmark end.0Torecognizethehost207.0.115.44ps:SDict begin H.S endps:SDict begin 11 H.A endHps:SDict begin [ /View [/XYZ H.V] /Dest (1333) cvn H.B /DEST pdfmark endps:SDict begin H.S endps:SDict begin 11 H.A endHps:SDict begin [ /View [/XYZ H.V] /Dest (1334) cvn H.B /DEST pdfmark endps:SDict begin H.S endps:SDict begin 11 H.A endKps:SDict begin [ /View [/XYZ H.V] /Dest (table.2) cvn H.B /DEST pdfmark end a@0IPaddress207.0.115.44a@0Ws8ildcardmask255.255.255.255` ps:SDict begin H.S endps:SDict begin 11 H.A endHps:SDict begin [ /View [/XYZ H.V] /Dest (1346) cvn H.B /DEST pdfmark end 0Torecognizeallhostsbelongingtonetwork202.47.132.ps:SDict begin H.S endps:SDict begin 11 H.A endHps:SDict begin [ /View [/XYZ H.V] /Dest (1347) cvn H.B /DEST pdfmark endxps:SDict begin H.S endps:SDict begin 11 H.A endHps:SDict begin [ /View [/XYZ H.V] /Dest (1348) cvn H.B /DEST pdfmark endps:SDict begin H.S endps:SDict begin 11 H.A endHps:SDict begin [ /View [/XYZ H.V] /Dest (1349) cvn H.B /DEST pdfmark endps:SDict begin H.S endps:SDict begin 11 H.A endKps:SDict begin [ /View [/XYZ H.V] /Dest (table.3) cvn H.B /DEST pdfmark end a@0IPaddress202.47.132.0a@0Ws8ildcardmask255.255.255.0` ps:SDict begin H.S endps:SDict begin 11 H.A endHps:SDict begin [ /View [/XYZ H.V] /Dest (1361) cvn H.B /DEST pdfmark end 0Torecognizeallhostswithanyaddress:ps:SDict begin H.S endps:SDict begin 11 H.A endHps:SDict begin [ /View [/XYZ H.V] /Dest (1362) cvn H.B /DEST pdfmark endps:SDict begin H.S endps:SDict begin 11 H.A endHps:SDict begin [ /View [/XYZ H.V] /Dest (1363) cvn H.B /DEST pdfmark endps:SDict begin H.S endps:SDict begin 11 H.A endKps:SDict begin [ /View [/XYZ H.V] /Dest (table.4) cvn H.B /DEST pdfmark end a@0IPaddress0.0.0.0a@0Ws8ildcardmask0.0.0.0` ps:SDict begin H.S endps:SDict begin 11 H.A endHps:SDict begin [ /View [/XYZ H.V] /Dest (1375) cvn H.B /DEST pdfmark end 0TheJIP6address/wildcardmaskmechanismofthedisplaylterdoesn'trecognizeIP0addressclass.Itusesasimplebit-patternmatchingalgorithm.ps:SDict begin H.S endps:SDict begin 11 H.A endHps:SDict begin [ /View [/XYZ H.V] /Dest (1376) cvn H.B /DEST pdfmark end.0Thehwildcardmaskalsodoesnothavetoendonabyteboundary;youmaymask0right!intoabyteitself.Forexample,255.255.255.224masks27bits(255is11111111,0224is11100000inbinary).ps:SDict begin H.S endps:SDict begin 11 H.A endHps:SDict begin [ /View [/XYZ H.V] /Dest (1377) cvn H.B /DEST pdfmark end.0IPTrafy#alsoacceptshostnamesinplaceoftheIPxaddresses.IPTrafwillresolvethe0hostCnamewhenthelterisloaded.Whenthelterisinterpreted,thewildcardmask0will%alsobeapplied.Thiscanbeusefulincaseswhereasinglehostnamemayresolve0toseveralIPaddresses.7ps:SDict begin H.S endps:SDict begin 9.9 H.A endHps:SDict begin [ /View [/XYZ H.V] /Dest (1378) cvn H.B /DEST pdfmark endps:SDict begin H.S endps:SDict begin 9.9 H.A endHps:SDict begin [ /View [/XYZ H.V] /Dest (1380) cvn H.B /DEST pdfmark end ^DTip:Seetheps:SDict begin H.S endps:SDict begin 9.9 H.A endHps:SDict begin [ /View [/XYZ H.V] /Dest (1381) cvn H.B /DEST pdfmark endLinuxNetwor"kAdministrator'sGuidecifyouneedmoreinfor9mationonIP fDaddresses}andsubnetmasking.fps:SDict begin H.S endps:SDict begin 9.9 H.A endHps:SDict begin [ /View [/XYZ H.V] /Dest (1382) cvn H.B /DEST pdfmark endps:SDict begin H.S endps:SDict begin 9.9 H.A endHps:SDict begin [ /View [/XYZ H.V] /Dest (1384) cvn H.B /DEST pdfmark endDTip: IPTrafallovwsyoutospecifythewildcardmaskinClasslessInterdomainRoutingD(CIDR)for9mat.Thisfor9matallovwsyoutospecifythenumberof1-bitsthatmaskthead-Ddressv.(CIDRnotationisthefor9mps:SDict begin H.S endps:SDict begin 9.9 H.A endHps:SDict begin [ /View [/XYZ H.V] /Dest (1385) cvn H.B /DEST pdfmark endps:SDict begin H.S endps:SDict begin 9.9 H.A endHps:SDict begin [ /View [/XYZ H.V] /Dest (1386) cvn H.B /DEST pdfmark endaddress/bitswheretheps:SDict begin H.S endps:SDict begin 9.9 H.A endHps:SDict begin [ /View [/XYZ H.V] /Dest (1387) cvn H.B /DEST pdfmark endps:SDict begin H.S endps:SDict begin 9.9 H.A endHps:SDict begin [ /View [/XYZ H.V] /Dest (1388) cvn H.B /DEST pdfmark endaddressistheIPaddressorDhostnameandps:SDict begin H.S endps:SDict begin 9.9 H.A endHps:SDict begin [ /View [/XYZ H.V] /Dest (1389) cvn H.B /DEST pdfmark endps:SDict begin H.S endps:SDict begin 9.9 H.A endHps:SDict begin [ /View [/XYZ H.V] /Dest (1390) cvn H.B /DEST pdfmark endbitsisthenumberof1-bitsinthemask.Forexamplev,ifyouwanttoDmask"10.1.1.0withps:SDict begin H.S endps:SDict begin 9.9 H.A endHps:SDict begin [ /View [/XYZ H.V] /Dest (1391) cvn H.B /DEST pdfmark end255.255.255.0,notethatps:SDict begin H.S endps:SDict begin 9.9 H.A endHps:SDict begin [ /View [/XYZ H.V] /Dest (1392) cvn H.B /DEST pdfmark end255.255.255.0has241-bitsv,soinsteadDofMspecifyingps:SDict begin H.S endps:SDict begin 9.9 H.A endHps:SDict begin [ /View [/XYZ H.V] /Dest (1393) cvn H.B /DEST pdfmark end255.255.255.0inthewildcardmaskeld,youcanjustenterps:SDict begin H.S endps:SDict begin 9.9 H.A endHps:SDict begin [ /View [/XYZ H.V] /Dest (1394) cvn H.B /DEST pdfmark end10.1.1.0/24Dinttheaddresseld.IPTrafwilltranslatethemaskbitsintoanappropr"iatewildcardmaskDand}llinthemaskeldthenexttimeyoueditthelterr"ulev.ps:SDict begin H.S endps:SDict begin 9.9 H.A endHps:SDict begin [ /View [/XYZ H.V] /Dest (1395) cvn H.B /DEST pdfmark endmDIfyouspecifythemaskinCIDRnnotation,leavfethewildcardmaskeldsblank.IfyoullDthem}up],thewildcardmaskeldswilltakeprecedencev. ps:SDict begin H.S endps:SDict begin 11 H.A endHps:SDict begin [ /View [/XYZ H.V] /Dest (1396) cvn H.B /DEST pdfmark end 0The!^ps:SDict begin H.S endps:SDict begin 11 H.A endHps:SDict begin [ /View [/XYZ H.V] /Dest (1397) cvn H.B /DEST pdfmark endPorteldsshouldcontainaportnumberorrangeofanyTCP!4orUDPservice0youƱmaybeinterestedin.IfyouwanttomatchonlyasingleportnumberB,llinthe0`color push Black45 color pop.;8ב⟷ps:SDict begin /product where{pop product(Distiller)search{pop pop pop version(.)search{exch pop exch pop(3011)eq{gsave newpath 0 0 moveto closepath clip/Courier findfont 10 scalefont setfont 72 72 moveto(.)show grestore}if}{pop}ifelse}{pop}ifelse}if end 0`color push Blackcolor push gray 0ps:SDict begin H.S endcolor push gray 0 color popps:SDict begin H.R endKps:SDict begin [ /View [/XYZ H.V] /Dest (page.46) cvn H.B /DEST pdfmark end color popfdps:SDict begin H.S endps:SDict begin 11 H.A endHps:SDict begin [ /View [/XYZ H.V] /Dest (1437) cvn H.B /DEST pdfmark endfdChapter7.Filters color poprstPeld,whileleavingthesecondblankorsettozero.Fillinthesecondeldif you/!wanttomatcharangeofports(e.g.80to90).LeavethersteldblankorsettozerotoletthelterignoretheportsaltogetherB.Youwillmostlikelybeinterestedintargetportsratherthansourceports(whichareusuallyunpredictableanyway,perhapswiththeexceptionofFTPdata).`ps:SDict begin H.S endps:SDict begin 11 H.A endHps:SDict begin [ /View [/XYZ H.V] /Dest (1398) cvn H.B /DEST pdfmark end.0Non-TCP hand non-UDPpacketsarenotaectedbytheseelds,andtheseareused0onlywhenlteringTCPorUDPpackets.ps:SDict begin H.S endps:SDict begin 11 H.A endHps:SDict begin [ /View [/XYZ H.V] /Dest (1399) cvn H.B /DEST pdfmark end.0Filloutthesecondsetofeldswiththeparametersoftheoppositeendofthecon-0nection.7ps:SDict begin H.S endps:SDict begin 9.9 H.A endHps:SDict begin [ /View [/XYZ H.V] /Dest (1400) cvn H.B /DEST pdfmark endps:SDict begin H.S endps:SDict begin 9.9 H.A endHps:SDict begin [ /View [/XYZ H.V] /Dest (1402) cvn H.B /DEST pdfmark end ^DTip:;PAnvyaddressormaskeldsleftblankdefaultto0.0.0.0whileblankps:SDict begin H.S endps:SDict begin 9.9 H.A endHps:SDict begin [ /View [/XYZ H.V] /Dest (1403) cvn H.B /DEST pdfmark endPorteldsdefault fDto0.Thismakesiteasytodenelterr"ulesifyou'reinterestedonlyineitherthesourceDordestination,butnottheother.Forexamplev,youmaybeinterestedintracor"iginatingDfromnetwor"k61.9.88.0,inwhichcaseyoujustenterthesourceaddressv,maskandpor\#tDin}theps:SDict begin H.S endps:SDict begin 9.9 H.A endHps:SDict begin [ /View [/XYZ H.V] /Dest (1404) cvn H.B /DEST pdfmark endSourceeldsv,whileleavingtheps:SDict begin H.S endps:SDict begin 9.9 H.A endHps:SDict begin [ /View [/XYZ H.V] /Dest (1405) cvn H.B /DEST pdfmark endDestinationeldsblank. ps:SDict begin H.S endps:SDict begin 11 H.A endHps:SDict begin [ /View [/XYZ H.V] /Dest (1406) cvn H.B /DEST pdfmark end 0ThenexteldsletyouspecifywhichIP-typeprotocolsyouwantmatchedbythis0lterrule.Anypacketwhoseprotocol'scorrespondingeldismarkedwithaps:SDict begin H.S endps:SDict begin 11 H.A endHps:SDict begin [ /View [/XYZ H.V] /Dest (1407) cvn H.B /DEST pdfmark endYis0matchedagainstthelterp'sdenedIPaddressesandports,otherwisetheydon'tpass0throughthislterrule.ps:SDict begin H.S endps:SDict begin 11 H.A endHps:SDict begin [ /View [/XYZ H.V] /Dest (1408) cvn H.B /DEST pdfmark end.0IfyouwanttoevaluateallIPpacketsjustmarkwithps:SDict begin H.S endps:SDict begin 11 H.A endHps:SDict begin [ /View [/XYZ H.V] /Dest (1409) cvn H.B /DEST pdfmark endYtheps:SDict begin H.S endps:SDict begin 11 H.A endHps:SDict begin [ /View [/XYZ H.V] /Dest (1410) cvn H.B /DEST pdfmark endAllffIPeld.ps:SDict begin H.S endps:SDict begin 11 H.A endHps:SDict begin [ /View [/XYZ H.V] /Dest (1411) cvn H.B /DEST pdfmark end0Forexample,ifyouwanttoseeonlyallTCPtrac,marktheps:SDict begin H.S endps:SDict begin 11 H.A endHps:SDict begin [ /View [/XYZ H.V] /Dest (1412) cvn H.B /DEST pdfmark endTCPeldwithps:SDict begin H.S endps:SDict begin 11 H.A endHps:SDict begin [ /View [/XYZ H.V] /Dest (1413) cvn H.B /DEST pdfmark endY.ps:SDict begin H.S endps:SDict begin 11 H.A endHps:SDict begin [ /View [/XYZ H.V] /Dest (1414) cvn H.B /DEST pdfmark end0The}longeldmarkedps:SDict begin H.S endps:SDict begin 11 H.A endHps:SDict begin [ /View [/XYZ H.V] /Dest (1415) cvn H.B /DEST pdfmark endAdditionalffprotocolsallowsyoutospecifyotherproto- 0cols:bytheirIANA:numberB.(YoucanviewthecommonIPprotocolnumberinthe0ps:SDict begin H.S endps:SDict begin 11 H.A endHps:SDict begin [ /View [/XYZ H.V] /Dest (1416) cvn H.B /DEST pdfmark end/etc/protocolsVzle).Youcanspecifyalistofprotocolnumbersorrangesseparated0bycommas,Rangeshavethebeginningandendingprotocolnumbersseparatedwith0ahyphen.ps:SDict begin H.S endps:SDict begin 11 H.A endHps:SDict begin [ /View [/XYZ H.V] /Dest (1417) cvn H.B /DEST pdfmark end.0Foruexample,toseetheRSVPu(46),IPmobile(55),andprotocols(101to104),youuse0anentrythatlookslikethis: ps:SDict begin H.S endps:SDict begin 9.9 H.A endHps:SDict begin [ /View [/XYZ H.V] /Dest (1418) cvn H.B /DEST pdfmark end~046,ff55,101-104 ps:SDict begin H.S endps:SDict begin 11 H.A endHps:SDict begin [ /View [/XYZ H.V] /Dest (1419) cvn H.B /DEST pdfmark end s0It'scertainlypossibletospecifyanyoftheprotocolslistedaboveinthiseld.Entering0ps:SDict begin H.S endps:SDict begin 11 H.A endHps:SDict begin [ /View [/XYZ H.V] /Dest (1420) cvn H.B /DEST pdfmark end1-255isfunctionallyidenticaltomarkingps:SDict begin H.S endps:SDict begin 11 H.A endHps:SDict begin [ /View [/XYZ H.V] /Dest (1421) cvn H.B /DEST pdfmark endAllffIPwithaps:SDict begin H.S endps:SDict begin 11 H.A endHps:SDict begin [ /View [/XYZ H.V] /Dest (1422) cvn H.B /DEST pdfmark endY.ps:SDict begin H.S endps:SDict begin 11 H.A endHps:SDict begin [ /View [/XYZ H.V] /Dest (1423) cvn H.B /DEST pdfmark end.0Thenexteldismarkedps:SDict begin H.S endps:SDict begin 11 H.A endHps:SDict begin [ /View [/XYZ H.V] /Dest (1424) cvn H.B /DEST pdfmark endInclude/Exclude.Thiseldallowsyoutodecidewhether0to.includeorlteroutmatchingpackets.Settingthiseldtops:SDict begin H.S endps:SDict begin 11 H.A endHps:SDict begin [ /View [/XYZ H.V] /Dest (1425) cvn H.B /DEST pdfmark endI-causestheltertopass0matchingpackets,whilesettingittops:SDict begin H.S endps:SDict begin 11 H.A endHps:SDict begin [ /View [/XYZ H.V] /Dest (1426) cvn H.B /DEST pdfmark endEþcausestheltertodropthem.Thiseldisset0tops:SDict begin H.S endps:SDict begin 11 H.A endHps:SDict begin [ /View [/XYZ H.V] /Dest (1427) cvn H.B /DEST pdfmark endIbydefault.ps:SDict begin H.S endps:SDict begin 11 H.A endHps:SDict begin [ /View [/XYZ H.V] /Dest (1428) cvn H.B /DEST pdfmark end.0Thelasteldinthedialogislabeledps:SDict begin H.S endps:SDict begin 11 H.A endHps:SDict begin [ /View [/XYZ H.V] /Dest (1429) cvn H.B /DEST pdfmark endMatchffopposite.Whensettops:SDict begin H.S endps:SDict begin 11 H.A endHps:SDict begin [ /View [/XYZ H.V] /Dest (1430) cvn H.B /DEST pdfmark endY,thelterwill0match-packetsowingintheoppositedirection.PreviousversionsofIPTrafused0toxmatchTCPSpacketsowingineitherdirection,sothesourceanddestinationad-0dress/mask/portH4combinationswereactuallyinterchangeable.StartingwithIPTraf03.0,PwhenltersextendedtomorethanjusttheIPKtracmonitorB,thisbehaviorisno0longerthedefaultthroughoutIPTrafexceptintheIPtracmonitorp'sTCPwindow.ps:SDict begin H.S endps:SDict begin 9.9 H.A endHps:SDict begin [ /View [/XYZ H.V] /Dest (1431) cvn H.B /DEST pdfmark endps:SDict begin H.S endps:SDict begin 9.9 H.A endHps:SDict begin [ /View [/XYZ H.V] /Dest (1433) cvn H.B /DEST pdfmark end~DNote:ForTCP4packetsv,thiseldisusedinallfacilitiesexcepttheIP4tracmonitor. fDBecauseJtheIPJztracmonitormustcaptureTCPJzpacketsJinbothdirectionstoproper"lyDdeter9mine"aclosedconnection,thelterautomaticallymatchespackets"intheoppositeDdirection,4regardlessofthiseld'ssetting.Hovwevferiinallotherfacilitiesv,automaticmatch-Ding}oftherevfersepackets}isnotperfor9medunlessyousetthiseldtops:SDict begin H.S endps:SDict begin 9.9 H.A endHps:SDict begin [ /View [/XYZ H.V] /Dest (1434) cvn H.B /DEST pdfmark endY.ps:SDict begin H.S endps:SDict begin 9.9 H.A endHps:SDict begin [ /View [/XYZ H.V] /Dest (1435) cvn H.B /DEST pdfmark endčDFiltersmforUDPmandotherIPprotocolsdonotautomaticallymatchpacketsmintheoppositeDdirection}unlessyousettheeldtops:SDict begin H.S endps:SDict begin 9.9 H.A endHps:SDict begin [ /View [/XYZ H.V] /Dest (1436) cvn H.B /DEST pdfmark endY,evfenintheIPtracmonitor.0`color push Black46 color pop/;[W⟷ps:SDict begin /product where{pop product(Distiller)search{pop pop pop version(.)search{exch pop exch pop(3011)eq{gsave newpath 0 0 moveto closepath clip/Courier findfont 10 scalefont setfont 72 72 moveto(.)show grestore}if}{pop}ifelse}{pop}ifelse}if end 0`color push Blackcolor push gray 0ps:SDict begin H.S endcolor push gray 0 color popps:SDict begin H.R endKps:SDict begin [ /View [/XYZ H.V] /Dest (page.47) cvn H.B /DEST pdfmark end color popfdps:SDict begin H.S endps:SDict begin 11 H.A endHps:SDict begin [ /View [/XYZ H.V] /Dest (1522) cvn H.B /DEST pdfmark endfd]):Chapter7.Filters color popCtx<;PressɱEntertoacceptallparameterswhendone.Theparameterswillbeaccepted and7you'llbetakenbacktotheruleselectionbox.YoucanthenaddmorerulesbypressingA oryoucaninsertnewrulesatanypointbypressingI.Shouldyoumakeamistake,youcanpressEntertoedittheselectedlterB.Youmayenterasmanysetsofparametersasyouwish.PressCtrl+Xwhendone.`ps:SDict begin H.S endps:SDict begin 9.9 H.A endHps:SDict begin [ /View [/XYZ H.V] /Dest (1438) cvn H.B /DEST pdfmark endps:SDict begin H.S endps:SDict begin 9.9 H.A endHps:SDict begin [ /View [/XYZ H.V] /Dest (1440) cvn H.B /DEST pdfmark end~DNote:T[Becauseofthemajorchangesinthelter"ingsystemsinceIPTraf2.7,oldlterswill fDno}longerwor"kandwillhavfetoberedened.ps:SDict begin H.S endps:SDict begin 11 H.A endHps:SDict begin [ /View [/XYZ H.V] /Dest (1441) cvn H.B /DEST pdfmark endps:SDict begin H.S endps:SDict begin 11 H.A endHps:SDict begin [ /View [/XYZ H.V] /Dest (1443) cvn H.B /DEST pdfmark endRE0Mps: currentpoint currentpoint translate 1 1 scale neg exch neg exch translate?PSfile="iptraf-ipfltdlg.eps" llx=0 lly=0 urx=72 ury=72 rwi=720 Yps: currentpoint currentpoint translate 1 1 div 1 1 div scale neg exch neg exch translate0Figure7-5.TheIPlterparametersdialog Xps:SDict begin H.S endps:SDict begin 11 H.A endHps:SDict begin [ /View [/XYZ H.V] /Dest (1444) cvn H.B /DEST pdfmark endB0Examplesps:SDict begin H.S endps:SDict begin 12.1 H.A endOps:SDict begin [ /View [/XYZ H.V] /Dest (9.23.10.8.3) cvn H.B /DEST pdfmark endps:SDict begin H.S endps:SDict begin 11 H.A endHps:SDict begin [ /View [/XYZ H.V] /Dest (1446) cvn H.B /DEST pdfmark end0Tovseealltracto/fromhost202.47.132.1from/to207.0.115.44,regardlessofTCP 0portps:SDict begin H.S endps:SDict begin 11 H.A endHps:SDict begin [ /View [/XYZ H.V] /Dest (1447) cvn H.B /DEST pdfmark endps:SDict begin H.S endps:SDict begin 11 H.A endHps:SDict begin [ /View [/XYZ H.V] /Dest (1448) cvn H.B /DEST pdfmark endps:SDict begin H.S endps:SDict begin 11 H.A endKps:SDict begin [ /View [/XYZ H.V] /Dest (table.5) cvn H.B /DEST pdfmark end a@0Hostname/IPAddress202.47.132.2(207.0.115.44a@0Ws8ildcardmask255.255.255.255(255.255.255.2550Port0(00ProtocolsTCP:ffY0Include/ExcludeI0MatchoppositeY` ps:SDict begin H.S endps:SDict begin 11 H.A endHps:SDict begin [ /View [/XYZ H.V] /Dest (1483) cvn H.B /DEST pdfmark end 0Toseealltracfromhost207.0.115.44toallhostsonnetwork202.47.132.x7ps:SDict begin H.S endps:SDict begin 11 H.A endHps:SDict begin [ /View [/XYZ H.V] /Dest (1484) cvn H.B /DEST pdfmark endps:SDict begin H.S endps:SDict begin 11 H.A endHps:SDict begin [ /View [/XYZ H.V] /Dest (1485) cvn H.B /DEST pdfmark endps:SDict begin H.S endps:SDict begin 11 H.A endKps:SDict begin [ /View [/XYZ H.V] /Dest (table.6) cvn H.B /DEST pdfmark end a@0Hostname/IPAddress207.0.115.44(202.47.132.0a@0Ws8ildcardmask255.255.255.255(255.255.255.00Port0(00ProtocolsAllffIP:Y0Include/ExcludeI0MatchoppositeN` ps:SDict begin H.S endps:SDict begin 11 H.A endHps:SDict begin [ /View [/XYZ H.V] /Dest (1520) cvn H.B /DEST pdfmark end 0ToseeallWebtrac(toandfromport80)regardlessofsourceordestinationps:SDict begin H.S endps:SDict begin 11 H.A endHps:SDict begin [ /View [/XYZ H.V] /Dest (1521) cvn H.B /DEST pdfmark end0`color push Black47 color pop0;⟷ps:SDict begin /product where{pop product(Distiller)search{pop pop pop version(.)search{exch pop exch pop(3011)eq{gsave newpath 0 0 moveto closepath clip/Courier findfont 10 scalefont setfont 72 72 moveto(.)show grestore}if}{pop}ifelse}{pop}ifelse}if end 0`color push Blackcolor push gray 0ps:SDict begin H.S endcolor push gray 0 color popps:SDict begin H.R endKps:SDict begin [ /View [/XYZ H.V] /Dest (page.48) cvn H.B /DEST pdfmark end color popfdChapter7.Filters color pop؍|昍tx`ps:SDict begin H.S endps:SDict begin 11 H.A endKps:SDict begin [ /View [/XYZ H.V] /Dest (table.7) cvn H.B /DEST pdfmark enda@0Hostname/IPAddress0.0.0.0(0.0.0.0a@0Ws8ildcardmask0.0.0.0(0.0.0.00Port80(00ProtocolsTCP:ffY0Include/ExcludeI0MatchoppositeY` ps:SDict begin H.S endps:SDict begin 11 H.A endHps:SDict begin [ /View [/XYZ H.V] /Dest (1557) cvn H.B /DEST pdfmark end 0ToseeallIRCtracfromport6666to6669ps:SDict begin H.S endps:SDict begin 11 H.A endHps:SDict begin [ /View [/XYZ H.V] /Dest (1558) cvn H.B /DEST pdfmark endps:SDict begin H.S endps:SDict begin 11 H.A endHps:SDict begin [ /View [/XYZ H.V] /Dest (1559) cvn H.B /DEST pdfmark endps:SDict begin H.S endps:SDict begin 11 H.A endKps:SDict begin [ /View [/XYZ H.V] /Dest (table.8) cvn H.B /DEST pdfmark end a@0Hostname/IPAddress0.0.0.0(0.0.0.0a@0Ws8ildcardmask0.0.0.0(0.0.0.00Port0(6666to66690ProtocolsTCP:ffY0Include/ExcludeI0MatchoppositeY` ps:SDict begin H.S endps:SDict begin 11 H.A endHps:SDict begin [ /View [/XYZ H.V] /Dest (1595) cvn H.B /DEST pdfmark end 0ToseeallDNSKtrac,(TCPandUDP,destinationport53)regardlessofsourceor0destination7ps:SDict begin H.S endps:SDict begin 11 H.A endHps:SDict begin [ /View [/XYZ H.V] /Dest (1596) cvn H.B /DEST pdfmark endps:SDict begin H.S endps:SDict begin 11 H.A endHps:SDict begin [ /View [/XYZ H.V] /Dest (1597) cvn H.B /DEST pdfmark endps:SDict begin H.S endps:SDict begin 11 H.A endKps:SDict begin [ /View [/XYZ H.V] /Dest (table.9) cvn H.B /DEST pdfmark end a@0Hostname/IPAddress0.0.0.0(0.0.0.0a@0Ws8ildcardmask0.0.0.0(0.0.0.00Port0(530ProtocolsTCP:ffYUDP:Y0Include/ExcludeI0MatchoppositeY` ps:SDict begin H.S endps:SDict begin 11 H.A endHps:SDict begin [ /View [/XYZ H.V] /Dest (1632) cvn H.B /DEST pdfmark end 0Toseeallmail(SMTP)tractoasinglehost(202.47.132.2)fromanywhereps:SDict begin H.S endps:SDict begin 11 H.A endHps:SDict begin [ /View [/XYZ H.V] /Dest (1633) cvn H.B /DEST pdfmark endps:SDict begin H.S endps:SDict begin 11 H.A endHps:SDict begin [ /View [/XYZ H.V] /Dest (1634) cvn H.B /DEST pdfmark endps:SDict begin H.S endps:SDict begin 11 H.A endLps:SDict begin [ /View [/XYZ H.V] /Dest (table.10) cvn H.B /DEST pdfmark end a@0Hostname/IPAddress0.0.0.0(202.47.132.2a@0Ws8ildcardmask0.0.0.0(255.255.255.2550Port0(250ProtocolsTCP:ffY0Include/ExcludeI0MatchoppositeN` ps:SDict begin H.S endps:SDict begin 11 H.A endHps:SDict begin [ /View [/XYZ H.V] /Dest (1669) cvn H.B /DEST pdfmark end 0Toseetracfromfrom/tohostsunsite.unc.eduto/fromcebu.mozcom.com4xps:SDict begin H.S endps:SDict begin 11 H.A endHps:SDict begin [ /View [/XYZ H.V] /Dest (1670) cvn H.B /DEST pdfmark endps:SDict begin H.S endps:SDict begin 11 H.A endHps:SDict begin [ /View [/XYZ H.V] /Dest (1671) cvn H.B /DEST pdfmark endps:SDict begin H.S endps:SDict begin 11 H.A endLps:SDict begin [ /View [/XYZ H.V] /Dest (table.11) cvn H.B /DEST pdfmark end a@0Hostname/IPAddresssunsite.unc.edu(cebu.mozcom.coma@0Ws8ildcardmask255.255.255.255(255.255.255.2550Port0(00ProtocolsAllffIP:Y0Include/ExcludeI0`color push Black48 color pop1;ޑ⟷ps:SDict begin /product where{pop product(Distiller)search{pop pop pop version(.)search{exch pop exch pop(3011)eq{gsave newpath 0 0 moveto closepath clip/Courier findfont 10 scalefont setfont 72 72 moveto(.)show grestore}if}{pop}ifelse}{pop}ifelse}if end 0`color push Blackcolor push gray 0ps:SDict begin H.S endcolor push gray 0 color popps:SDict begin H.R endKps:SDict begin [ /View [/XYZ H.V] /Dest (page.49) cvn H.B /DEST pdfmark end color popfd]):Chapter7.Filters color pop)z|昍Matchopposite Y` ps:SDict begin H.S endps:SDict begin 11 H.A endHps:SDict begin [ /View [/XYZ H.V] /Dest (1706) cvn H.B /DEST pdfmark end 0Toomitdisplayoftracto/from140.66.5.xfrom/toanywhereps:SDict begin H.S endps:SDict begin 11 H.A endHps:SDict begin [ /View [/XYZ H.V] /Dest (1707) cvn H.B /DEST pdfmark endps:SDict begin H.S endps:SDict begin 11 H.A endHps:SDict begin [ /View [/XYZ H.V] /Dest (1708) cvn H.B /DEST pdfmark endps:SDict begin H.S endps:SDict begin 11 H.A endLps:SDict begin [ /View [/XYZ H.V] /Dest (table.12) cvn H.B /DEST pdfmark end a@0Hostname/IPAddress140.66.5.0(0.0.0.0a@0Ws8ildcardmask255.255.255.0(0.0.0.00Port0(00ProtocolsAllffIP:Y0Include/ExcludeE0MatchoppositeY` ps:SDict begin H.S endps:SDict begin 11 H.A endHps:SDict begin [ /View [/XYZ H.V] /Dest (1743) cvn H.B /DEST pdfmark end 0Youcanenterasmanyparametersasyouwish.Allofthemwillbeinterpreteduntil0therstmatchisfound.7ps:SDict begin H.S endps:SDict begin 11 H.A endHps:SDict begin [ /View [/XYZ H.V] /Dest (1744) cvn H.B /DEST pdfmark end⒍0ExcDZludingCer8NtainSitesps:SDict begin H.S endps:SDict begin 12.1 H.A endOps:SDict begin [ /View [/XYZ H.V] /Dest (9.23.10.9.3) cvn H.B /DEST pdfmark endps:SDict begin H.S endps:SDict begin 11 H.A endHps:SDict begin [ /View [/XYZ H.V] /Dest (1746) cvn H.B /DEST pdfmark endw0Filtersjitexits.HoweverB,ifpromiscuousmodewasalreadysetwhenafacilitywas0started,itremainssetonexit.ps:SDict begin H.S endps:SDict begin 11 H.A endHps:SDict begin [ /View [/XYZ H.V] /Dest (1967) cvn H.B /DEST pdfmark end \-0If`multipleinstancesofIPTrafarestarted,thepromiscuoussettingisrestoredonly0uponexitofthelastfacility.ps:SDict begin H.S endps:SDict begin 9.9 H.A endHps:SDict begin [ /View [/XYZ H.V] /Dest (1968) cvn H.B /DEST pdfmark endps:SDict begin H.S endps:SDict begin 9.9 H.A endHps:SDict begin [ /View [/XYZ H.V] /Dest (1970) cvn H.B /DEST pdfmark end~DNote:nDonotuseotherprogramsnthatchangetheinterface'spromiscuousagatthe fDsame)timeyou'reusingIPTraf.Theprogramscaninterferewitheachother'sexpectedDoperationsv.YWhileIPTraftr"iestoobtaintheinitialsettingofanvypromiscuousagsforDrestorationuponexit,otherprogramsmaynotbeaswell-behavfed,andtheymaytur9noDthe}promiscuousagswhileIPTrafisstillmonitor"ing. ps:SDict begin H.S endps:SDict begin 11 H.A endHps:SDict begin [ /View [/XYZ H.V] /Dest (1971) cvn H.B /DEST pdfmark end!O\Colorps:SDict begin H.S endps:SDict begin 13.31 H.A endNps:SDict begin [ /View [/XYZ H.V] /Dest (10.25.18.2) cvn H.B /DEST pdfmark end3ps:SDict begin H.S endps:SDict begin 11 H.A endHps:SDict begin [ /View [/XYZ H.V] /Dest (1973) cvn H.B /DEST pdfmark end M0TurnLthisonwithcolormonitors.Turnitowithblack-and-whitemonitorsornon- 0colorbterminals(likexterms).Changestothissettingwilltakeeectthenexttimethe0programisstarted.ps:SDict begin H.S endps:SDict begin 11 H.A endHps:SDict begin [ /View [/XYZ H.V] /Dest (1974) cvn H.B /DEST pdfmark end.0Coloroisonbydefaultonconsolesandcolorxterms,oonnon-colorterminalslike0xtermsandVT100s.7ps:SDict begin H.S endps:SDict begin 11 H.A endHps:SDict begin [ /View [/XYZ H.V] /Dest (1975) cvn H.B /DEST pdfmark end!TLoggingps:SDict begin H.S endps:SDict begin 13.31 H.A endNps:SDict begin [ /View [/XYZ H.V] /Dest (10.25.19.2) cvn H.B /DEST pdfmark endps:SDict begin H.S endps:SDict begin 11 H.A endHps:SDict begin [ /View [/XYZ H.V] /Dest (1977) cvn H.B /DEST pdfmark endNЍ0When}thisoptionisactive,IPTrafwillloginformationtoadiskle,whichcanbe0examinedToranalyzedlaterB.SinceIPTraf2.4.0,IPTrafpromptsyouforthenameof0the0letowhichtowritethelogs.Itwillprovideadefaultname,whichyouarefree0toҏacceptorchange.TheIPytracmonitorandLANstationmonitorwillgeneratea0logWlenamethatisbasedonwhatinstancetheyare(rst,second,andsoon).The0general*pinterfacestatistics'defaultloglenameisconstant,becauseitlistenstoall0interfacesatonce,andonlyoneinstancecanrunatonetime.ps:SDict begin H.S endps:SDict begin 11 H.A endHps:SDict begin [ /View [/XYZ H.V] /Dest (1978) cvn H.B /DEST pdfmark end.0The=%otherfacilitiesgeneratealoglenamebasedontheinterfacethey'relistening0on.7ps:SDict begin H.S endps:SDict begin 11 H.A endHps:SDict begin [ /View [/XYZ H.V] /Dest (1979) cvn H.B /DEST pdfmark end 0Seethedescriptionsonthefacilitiesaboveforthedefaultloglenames.ps:SDict begin H.S endps:SDict begin 11 H.A endHps:SDict begin [ /View [/XYZ H.V] /Dest (1980) cvn H.B /DEST pdfmark end.0PressiEntertoaccepttheloglename,orCtrl+XLtocancel.Cancelingwillturnlog-0gingoforthatsession.ps:SDict begin H.S endps:SDict begin 11 H.A endHps:SDict begin [ /View [/XYZ H.V] /Dest (1981) cvn H.B /DEST pdfmark end.0TheIPtracmonitorwillwritethefollowingpiecesofinformationtoitslogle:ps:SDict begin H.S endps:SDict begin 11 H.A endHps:SDict begin [ /View [/XYZ H.V] /Dest (1982) cvn H.B /DEST pdfmark endps:SDict begin H.S endps:SDict begin 11 H.A endHps:SDict begin [ /View [/XYZ H.V] /Dest (1983) cvn H.B /DEST pdfmark end.0color push Blackˀ color pop:ps:SDict begin H.S endps:SDict begin 11 H.A endHps:SDict begin [ /View [/XYZ H.V] /Dest (1984) cvn H.B /DEST pdfmark endStartofthetracmonitor7ps:SDict begin H.S endps:SDict begin 11 H.A endHps:SDict begin [ /View [/XYZ H.V] /Dest (1985) cvn H.B /DEST pdfmark end 0color push Blackˀ color pop:ps:SDict begin H.S endps:SDict begin 11 H.A endHps:SDict begin [ /View [/XYZ H.V] /Dest (1986) cvn H.B /DEST pdfmark endReceiptoftherstTCPpacketforaconnection.IfthatpacketisaSYN,(SYN)will:beIindicatedinthelogentry.(Ofcourse,thetracmonitormaystartinthemiddle:ofestablishedconnections.Itwillstillcountthosepackets.Thisalsoexplainswhy:someconnectionentriesmaybecomeidleifthetracmonitorisstartedinthe0`color push Black54 color pop7; ߑ⟷ps:SDict begin /product where{pop product(Distiller)search{pop pop pop version(.)search{exch pop exch pop(3011)eq{gsave newpath 0 0 moveto closepath clip/Courier findfont 10 scalefont setfont 72 72 moveto(.)show grestore}if}{pop}ifelse}{pop}ifelse}if end 0`color push Blackcolor push gray 0ps:SDict begin H.S endcolor push gray 0 color popps:SDict begin H.R endKps:SDict begin [ /View [/XYZ H.V] /Dest (page.55) cvn H.B /DEST pdfmark end color popfd($4Chapter8.ConguringIPTraf color popmiddleyofahalf-closedconnection,andmisstherstFIN.Suchentriestimeoutin awhile.)`Pps:SDict begin H.S endps:SDict begin 11 H.A endHps:SDict begin [ /View [/XYZ H.V] /Dest (1987) cvn H.B /DEST pdfmark end簍0color push Blackˀ color pop:ps:SDict begin H.S endps:SDict begin 11 H.A endHps:SDict begin [ /View [/XYZ H.V] /Dest (1988) cvn H.B /DEST pdfmark endReceiptofaFIN(withaverageowrate)ps:SDict begin H.S endps:SDict begin 11 H.A endHps:SDict begin [ /View [/XYZ H.V] /Dest (1989) cvn H.B /DEST pdfmark end.0color push Blackˀ color pop:ps:SDict begin H.S endps:SDict begin 11 H.A endHps:SDict begin [ /View [/XYZ H.V] /Dest (1990) cvn H.B /DEST pdfmark endACKofaFIN7ps:SDict begin H.S endps:SDict begin 11 H.A endHps:SDict begin [ /View [/XYZ H.V] /Dest (1991) cvn H.B /DEST pdfmark end 0color push Blackˀ color pop:ps:SDict begin H.S endps:SDict begin 11 H.A endHps:SDict begin [ /View [/XYZ H.V] /Dest (1992) cvn H.B /DEST pdfmark endTs8imeoutsofTCPentries(withaverageowrate)ps:SDict begin H.S endps:SDict begin 11 H.A endHps:SDict begin [ /View [/XYZ H.V] /Dest (1993) cvn H.B /DEST pdfmark end0color push Blackˀ color pop:ps:SDict begin H.S endps:SDict begin 11 H.A endHps:SDict begin [ /View [/XYZ H.V] /Dest (1994) cvn H.B /DEST pdfmark endResetconnections(withaverageowrate)ps:SDict begin H.S endps:SDict begin 11 H.A endHps:SDict begin [ /View [/XYZ H.V] /Dest (1995) cvn H.B /DEST pdfmark end0color push Blackˀ color pop:ps:SDict begin H.S endps:SDict begin 11 H.A endHps:SDict begin [ /View [/XYZ H.V] /Dest (1996) cvn H.B /DEST pdfmark endEverythingthatappearsinthebottomwindowofthetracmonitorps:SDict begin H.S endps:SDict begin 11 H.A endHps:SDict begin [ /View [/XYZ H.V] /Dest (1997) cvn H.B /DEST pdfmark end0color push Blackˀ color pop:ps:SDict begin H.S endps:SDict begin 11 H.A endHps:SDict begin [ /View [/XYZ H.V] /Dest (1998) cvn H.B /DEST pdfmark endStoppingofthetracmonitorps:SDict begin H.S endps:SDict begin 11 H.A endHps:SDict begin [ /View [/XYZ H.V] /Dest (1999) cvn H.B /DEST pdfmark end0EachTlogentryincludesthedateandtimetheentrywaswritten.Loggingisalso 0aectedbythedenedlters.ps:SDict begin H.S endps:SDict begin 11 H.A endHps:SDict begin [ /View [/XYZ H.V] /Dest (2000) cvn H.B /DEST pdfmark end0LogSlescangrowveryfast,sobepreparedwithplentyoffreespaceanddelete 0unneededlogs.Logwriteerrorsarenotindicated.ps:SDict begin H.S endps:SDict begin 11 H.A endHps:SDict begin [ /View [/XYZ H.V] /Dest (2001) cvn H.B /DEST pdfmark end0Copies*oftheinterfacestatistics,TCP/UDP(statistics,packetsizestatistics,andLAN 0hostfstatisticsarealsowrittentotheloglesatregularintervals.Seeps:SDict begin H.S endps:SDict begin 11 H.A endHps:SDict begin [ /View [/XYZ H.V] /Dest (2002) cvn H.B /DEST pdfmark endLogInterval...in0thischapterB.ps:SDict begin H.S endps:SDict begin 11 H.A endHps:SDict begin [ /View [/XYZ H.V] /Dest (2003) cvn H.B /DEST pdfmark end0IPTrafnclosesandreopenstheactiveloglewhenitreceivesaps:SDict begin H.S endps:SDict begin 11 H.A endHps:SDict begin [ /View [/XYZ H.V] /Dest (2004) cvn H.B /DEST pdfmark endUSR1signal.Thisis0useful[incaseswhereafacilityisrunforlongperiodsoftimebutthelogleshaveto0beclearedormoved.7ps:SDict begin H.S endps:SDict begin 11 H.A endHps:SDict begin [ /View [/XYZ H.V] /Dest (2005) cvn H.B /DEST pdfmark end 0Toclearormoveanactivelogle,renameitrst.IPTrafwillcontinuetowriteto0therledespitethenewname.ThenusetheUNIXrkillcommandtosendtherunning0IPTrafgprocessaps:SDict begin H.S endps:SDict begin 11 H.A endHps:SDict begin [ /View [/XYZ H.V] /Dest (2006) cvn H.B /DEST pdfmark endUSR1signal.IPTrafwillthenclosethelogleandopenanotherwith0theoriginalname.Youcanthensafelyremoveordeletetherenamedle.ps:SDict begin H.S endps:SDict begin 11 H.A endHps:SDict begin [ /View [/XYZ H.V] /Dest (2007) cvn H.B /DEST pdfmark end0DoGnotdeleteanopenlogle.Doingsowillonlyresultinalejustaslargebutlled0withnullcharacters(ASCIIcode0).Pps:SDict begin H.S endps:SDict begin 11 H.A endHps:SDict begin [ /View [/XYZ H.V] /Dest (2008) cvn H.B /DEST pdfmark end簍0LoggingRcomesdisabledbydefault.Theps:SDict begin H.S endps:SDict begin 11 H.A endHps:SDict begin [ /View [/XYZ H.V] /Dest (2009) cvn H.B /DEST pdfmark endUSR1signaliscaughtonlyifloggingisen-0abled,itisignoredotherwise.ps:SDict begin H.S endps:SDict begin 11 H.A endHps:SDict begin [ /View [/XYZ H.V] /Dest (2010) cvn H.B /DEST pdfmark end0Avalid:specicationofps:SDict begin H.S endps:SDict begin 11 H.A endHps:SDict begin [ /View [/XYZ H.V] /Dest (2011) cvn H.B /DEST pdfmark end-Lonthecommandlinewithautomaticallyenablelogging0forthatparticularsession.Thesavedcongurationsettingisnotaected.ps:SDict begin H.S endps:SDict begin 11 H.A endHps:SDict begin [ /View [/XYZ H.V] /Dest (2012) cvn H.B /DEST pdfmark end}tActivity]modeps:SDict begin H.S endps:SDict begin 13.31 H.A endNps:SDict begin [ /View [/XYZ H.V] /Dest (10.25.20.2) cvn H.B /DEST pdfmark endps:SDict begin H.S endps:SDict begin 11 H.A endHps:SDict begin [ /View [/XYZ H.V] /Dest (2014) cvn H.B /DEST pdfmark end~Ѝ0TogglesactivityindicatorsintheinterfaceandLANstatisticsfacilitiesbetweenkilo-0bitspersecond(kbits/s)orkilobytespersecond(kbytes/s).ps:SDict begin H.S endps:SDict begin 11 H.A endHps:SDict begin [ /View [/XYZ H.V] /Dest (2015) cvn H.B /DEST pdfmark end.0Thedefaultsettingiskilobitspersecond.ps:SDict begin H.S endps:SDict begin 11 H.A endHps:SDict begin [ /View [/XYZ H.V] /Dest (2016) cvn H.B /DEST pdfmark end}tSource]MA Caddrёsintracmonitorps:SDict begin H.S endps:SDict begin 13.31 H.A endNps:SDict begin [ /View [/XYZ H.V] /Dest (10.25.21.2) cvn H.B /DEST pdfmark end3ps:SDict begin H.S endps:SDict begin 11 H.A endHps:SDict begin [ /View [/XYZ H.V] /Dest (2018) cvn H.B /DEST pdfmark end M0Whenenabled,theIPtracmonitorretrievesthepackets'sourceMACaddressesif0theyOcameinonanEthernet,FDDI,orPLIPNinterface.Theaddressesappearinthe0lowerwindowfornon-TCPpackets,whileforTCPconnections,theycanbeviewed0bypressingM.ps:SDict begin H.S endps:SDict begin 11 H.A endHps:SDict begin [ /View [/XYZ H.V] /Dest (2019) cvn H.B /DEST pdfmark end.0No(suchinformationisdisplayedifthenetworkinterfacedoesn'tuseMACaddresses0(suchasPPPinterfaces).Pps:SDict begin H.S endps:SDict begin 11 H.A endHps:SDict begin [ /View [/XYZ H.V] /Dest (2020) cvn H.B /DEST pdfmark end簍0ThiscanbeusedtodeterminetheactualsourceofthepacketsonyourlocalLAN.ps:SDict begin H.S endps:SDict begin 11 H.A endHps:SDict begin [ /View [/XYZ H.V] /Dest (2021) cvn H.B /DEST pdfmark end.0TheLtracmonitoralsologstheMAC(addresseswiththisoptionenabled.Thedefault0settingiso.ps:SDict begin H.S endps:SDict begin 11 H.A endJps:SDict begin [ /View [/XYZ H.V] /Dest (TIMERS) cvn H.B /DEST pdfmark end0`color push Black55 color pop8; U⟷ps:SDict begin /product where{pop product(Distiller)search{pop pop pop version(.)search{exch pop exch pop(3011)eq{gsave newpath 0 0 moveto closepath clip/Courier findfont 10 scalefont setfont 72 72 moveto(.)show grestore}if}{pop}ifelse}{pop}ifelse}if end 0`color push Blackcolor push gray 0ps:SDict begin H.S endcolor push gray 0 color popps:SDict begin H.R endKps:SDict begin [ /View [/XYZ H.V] /Dest (page.56) cvn H.B /DEST pdfmark end color popfdChapter8.ConguringIPTraf color pop`Timersps:SDict begin H.S endps:SDict begin 14.641 H.A endKps:SDict begin [ /View [/XYZ H.V] /Dest (10.26.1) cvn H.B /DEST pdfmark end`@ps:SDict begin H.S endps:SDict begin 11 H.A endHps:SDict begin [ /View [/XYZ H.V] /Dest (2024) cvn H.B /DEST pdfmark end n0Theps:SDict begin H.S endps:SDict begin 11 H.A endHps:SDict begin [ /View [/XYZ H.V] /Dest (2025) cvn H.B /DEST pdfmark endTs8imers...submenuallowsyoutoIPTraf'sintervalandtimeoutfunctions.ps:SDict begin H.S endps:SDict begin 11 H.A endHps:SDict begin [ /View [/XYZ H.V] /Dest (2026) cvn H.B /DEST pdfmark endps:SDict begin H.S endps:SDict begin 11 H.A endHps:SDict begin [ /View [/XYZ H.V] /Dest (2028) cvn H.B /DEST pdfmark endME0Mps: currentpoint currentpoint translate 1 1 scale neg exch neg exch translate@PSfile="iptraf-timermenu.eps" llx=0 lly=0 urx=72 ury=72 rwi=720 Yps: currentpoint currentpoint translate 1 1 div 1 1 div scale neg exch neg exch translate0Figure8-2.TheTs8imerscongurationsubmenuXps:SDict begin H.S endps:SDict begin 11 H.A endHps:SDict begin [ /View [/XYZ H.V] /Dest (2029) cvn H.B /DEST pdfmark endTCP]Timeoutps:SDict begin H.S endps:SDict begin 13.31 H.A endNps:SDict begin [ /View [/XYZ H.V] /Dest (10.26.22.2) cvn H.B /DEST pdfmark end3ps:SDict begin H.S endps:SDict begin 11 H.A endHps:SDict begin [ /View [/XYZ H.V] /Dest (2031) cvn H.B /DEST pdfmark end M0This+guredeterminestheamountoftime(inminutes)aconnectionentrymayre- 0mainidlebeforeitbecomeseligibleforreplacementbyanewconnection.Thedefault0is15minutes.Youmaywanttoreducethisonanisolated(notconnectedtotheIn-0ternet)LANoraLANconnectedtotheInternetwithhigh-speedlinks.Justenter0thenewvalueandpressEnterB.YoucanpressCtrl+Xtoleavethecurrentvalueun-0changed.ps:SDict begin H.S endps:SDict begin 11 H.A endHps:SDict begin [ /View [/XYZ H.V] /Dest (2032) cvn H.B /DEST pdfmark end}tLog]Intervalps:SDict begin H.S endps:SDict begin 13.31 H.A endNps:SDict begin [ /View [/XYZ H.V] /Dest (10.26.23.2) cvn H.B /DEST pdfmark endps:SDict begin H.S endps:SDict begin 11 H.A endHps:SDict begin [ /View [/XYZ H.V] /Dest (2034) cvn H.B /DEST pdfmark endNЍ0ThisLtguredeterminesthenumberofminutesbetweenloggingofinterfacestatistics,0TCP/UDPgures,andLANhoststatistics.Thedefaultis60minutes.Thisgureis0meaninglessifloggingisdisabled.ps:SDict begin H.S endps:SDict begin 11 H.A endHps:SDict begin [ /View [/XYZ H.V] /Dest (2035) cvn H.B /DEST pdfmark end.0Thiscongurationitemcanbeoverriddenwiththeps:SDict begin H.S endps:SDict begin 11 H.A endHps:SDict begin [ /View [/XYZ H.V] /Dest (2036) cvn H.B /DEST pdfmark end-I޷whenafacilityisdirectlyin-0vokedfromthecommandline(notaccessedviathemainmenu),andremainseec-0tiveforthatparticularsession.Theconguredvalueisnotaected.ps:SDict begin H.S endps:SDict begin 11 H.A endHps:SDict begin [ /View [/XYZ H.V] /Dest (2037) cvn H.B /DEST pdfmark end}tScreen]UpdateIntervalps:SDict begin H.S endps:SDict begin 13.31 H.A endNps:SDict begin [ /View [/XYZ H.V] /Dest (10.26.24.2) cvn H.B /DEST pdfmark endps:SDict begin H.S endps:SDict begin 11 H.A endHps:SDict begin [ /View [/XYZ H.V] /Dest (2039) cvn H.B /DEST pdfmark end~Ѝ0ThisG7valuedeterminestherateinsecondsatwhichthescreenisupdated.Thedefault0is0,whichmeansthescreenisupdatedasfastaspossible,givingclose-to-realtime0reection'ofnetworkactivity.HoweverB,thishigh-speedupdatecancauseincredible0amountsoftracifIPTrafisrunonaremoteterminal(e.g.aTelnetorSecureShell0session).͐Youcansetthistoahighervalue,suchas1or2secondstoslowdownthe0updates.ps:SDict begin H.S endps:SDict begin 11 H.A endHps:SDict begin [ /View [/XYZ H.V] /Dest (2040) cvn H.B /DEST pdfmark end.0ThisAguredoesnotaecttherateofdatacapture.Onlythescreenrefreshisaected.0The guresarestillupdatedasfastaspossible,althoughtheguredisplaywillno0longerbeasclosetorealtime.ps:SDict begin H.S endps:SDict begin 11 H.A endHps:SDict begin [ /View [/XYZ H.V] /Dest (2041) cvn H.B /DEST pdfmark end.0Thedefaultsettingis0,whichshouldn'tbeaproblemontheconsole.Setittoa0slightly0highervalueonremoteterminalsorslowlinks.Thesettingaectsallmoni-0toringfacilities.ps:SDict begin H.S endps:SDict begin 9.9 H.A endHps:SDict begin [ /View [/XYZ H.V] /Dest (2042) cvn H.B /DEST pdfmark endps:SDict begin H.S endps:SDict begin 9.9 H.A endHps:SDict begin [ /View [/XYZ H.V] /Dest (2044) cvn H.B /DEST pdfmark end~DNote:Updatingthescreenisoneoftheslovwestoperationsinaprogram.Oldervfersions fDof'3IPTrafhadaproblemoncenetwor"kactivitybecamevferEyhigh.Becauseeachpacket0`color push Black56 color pop9; @ꑷ⟷ps:SDict begin /product where{pop product(Distiller)search{pop pop pop version(.)search{exch pop exch pop(3011)eq{gsave newpath 0 0 moveto closepath clip/Courier findfont 10 scalefont setfont 72 72 moveto(.)show grestore}if}{pop}ifelse}{pop}ifelse}if end 0`color push Blackcolor push gray 0ps:SDict begin H.S endcolor push gray 0 color popps:SDict begin H.R endKps:SDict begin [ /View [/XYZ H.V] /Dest (page.57) cvn H.B /DEST pdfmark end color popfd($4Chapter8.ConguringIPTraf color popcausedascreenupdatev,IPTrafbeganspendingmoretimewiththescreenupdates,caus- fing}alossofpackets}oncenetwor"kactivityreachedacer\#tainpoint.`ps:SDict begin H.S endps:SDict begin 9.9 H.A endHps:SDict begin [ /View [/XYZ H.V] /Dest (2045) cvn H.B /DEST pdfmark endčDHovwevfer,_sincemanyuserslikerapidcountsontheirscreen,acompromisewasincorEpo-Drated.xEvfenwhenthescreenupdateinterEvalissetto0,thereisstilla50msdelaybetweenDscreenbupdates(excepttheLANMstationmonitor,whichhasa100msdelay).ThisisstillDvisuallyfast,butprovvidesmoretimetothepacketcaptureroutinev.HigherdelaysmayDresult}inbetteraccuracyofcountsandactivity.ps:SDict begin H.S endps:SDict begin 9.9 H.A endHps:SDict begin [ /View [/XYZ H.V] /Dest (2046) cvn H.B /DEST pdfmark endmDIn|anvycase,thissettingonlyaectsscreenupdates.CapturestillproceedsasfastasDpossiblev. ps:SDict begin H.S endps:SDict begin 11 H.A endHps:SDict begin [ /View [/XYZ H.V] /Dest (2047) cvn H.B /DEST pdfmark end!O\TCP]closed/idleperёsistenceps:SDict begin H.S endps:SDict begin 13.31 H.A endNps:SDict begin [ /View [/XYZ H.V] /Dest (10.26.25.2) cvn H.B /DEST pdfmark endps:SDict begin H.S endps:SDict begin 11 H.A endHps:SDict begin [ /View [/XYZ H.V] /Dest (2049) cvn H.B /DEST pdfmark end~Ѝ0Thisparameterdeterminestheinterval(inminutes)atwhichtheIPTracMonitor 0clears*fromtheTCPdisplaywindowallclosed,idle,andtimedoutentries.Enterps:SDict begin H.S endps:SDict begin 11 H.A endHps:SDict begin [ /View [/XYZ H.V] /Dest (2050) cvn H.B /DEST pdfmark end00tokeepsuchentriesonthescreenindenitely,disappearingonlywhenreplacedby0newconnections.7ps:SDict begin H.S endps:SDict begin 9.9 H.A endHps:SDict begin [ /View [/XYZ H.V] /Dest (2051) cvn H.B /DEST pdfmark endps:SDict begin H.S endps:SDict begin 9.9 H.A endHps:SDict begin [ /View [/XYZ H.V] /Dest (2053) cvn H.B /DEST pdfmark end ^DNote:FTheps:SDict begin H.S endps:SDict begin 9.9 H.A endHps:SDict begin [ /View [/XYZ H.V] /Dest (2054) cvn H.B /DEST pdfmark endTCPFtimeout...optiononlytellsIPTrafhovwlongitshouldtakebeforeacon- fDnectionshouldbeconsideredidleandopentoreplacementbynewconnectionsv.ThisDdoesSnotdeter9minehovwlongitremainsonscreen.Theps:SDict begin H.S endps:SDict begin 9.9 H.A endHps:SDict begin [ /View [/XYZ H.V] /Dest (2055) cvn H.B /DEST pdfmark endTCPSclosed/idlepersistence...pa-Drameter[ushesentr"iesthathavfebeenclosedorreset,oridleforthenumberofminutesDdened}bytheps:SDict begin H.S endps:SDict begin 9.9 H.A endHps:SDict begin [ /View [/XYZ H.V] /Dest (2056) cvn H.B /DEST pdfmark endTCPtimeout...option.ps:SDict begin H.S endps:SDict begin 11 H.A endOps:SDict begin [ /View [/XYZ H.V] /Dest (CUSTOMPORTS) cvn H.B /DEST pdfmark end"Custom6Informationps:SDict begin H.S endps:SDict begin 14.641 H.A endKps:SDict begin [ /View [/XYZ H.V] /Dest (10.27.1) cvn H.B /DEST pdfmark end@ps:SDict begin H.S endps:SDict begin 11 H.A endHps:SDict begin [ /View [/XYZ H.V] /Dest (2059) cvn H.B /DEST pdfmark end n0ThenremainingcongurationitemsallowyoutoenterinformationwhichIPTrafuses 0foritsdisplaysandlogs.ps:SDict begin H.S endps:SDict begin 11 H.A endHps:SDict begin [ /View [/XYZ H.V] /Dest (2060) cvn H.B /DEST pdfmark endAdditional]por=tsps:SDict begin H.S endps:SDict begin 13.31 H.A endNps:SDict begin [ /View [/XYZ H.V] /Dest (10.27.26.2) cvn H.B /DEST pdfmark endps:SDict begin H.S endps:SDict begin 11 H.A endHps:SDict begin [ /View [/XYZ H.V] /Dest (2062) cvn H.B /DEST pdfmark end~Ѝ0SelectthisitemtoenteraportnumbertobeincludedintheTCP/UDPcountsin0theTCP/UDPPservicestatisticsmainmenuitemdescribedabove.Bydefault,port0numbersITabove1023arenotmonitored.Ifyoudohaveahigher-numberedportto0monitorB,enterithere.ps:SDict begin H.S endps:SDict begin 11 H.A endHps:SDict begin [ /View [/XYZ H.V] /Dest (2063) cvn H.B /DEST pdfmark end \-0You}willseetwoelds.IfyouhaveonlyoneporttoenterB,justllupthersteld.0Tospecifyarange,llbothelds,therstportinthersteld,thelastportinthe0secondeld.7ps:SDict begin H.S endps:SDict begin 11 H.A endHps:SDict begin [ /View [/XYZ H.V] /Dest (2064) cvn H.B /DEST pdfmark end 0Youcanselectthisoptionmultipletimestoaddmorevaluesorranges.ps:SDict begin H.S endps:SDict begin 11 H.A endHps:SDict begin [ /View [/XYZ H.V] /Dest (2065) cvn H.B /DEST pdfmark end}tDelete]por=t/rangeps:SDict begin H.S endps:SDict begin 13.31 H.A endNps:SDict begin [ /View [/XYZ H.V] /Dest (10.27.27.2) cvn H.B /DEST pdfmark endps:SDict begin H.S endps:SDict begin 11 H.A endHps:SDict begin [ /View [/XYZ H.V] /Dest (2067) cvn H.B /DEST pdfmark endNЍ0Selectthisitemtoremoveahigher-numberedportnumberorportrangeyouen-0teredLearlierwiththeps:SDict begin H.S endps:SDict begin 11 H.A endHps:SDict begin [ /View [/XYZ H.V] /Dest (2068) cvn H.B /DEST pdfmark endAdditionalports...option.ALwindowwillcomeupcontaining0theenteredportsandranges.SelecttheentryyouwantdeleteandpressEnterB.ps:SDict begin H.S endps:SDict begin 11 H.A endHps:SDict begin [ /View [/XYZ H.V] /Dest (2069) cvn H.B /DEST pdfmark end0`color push Black57 color pop:; X⟷ps:SDict begin /product where{pop product(Distiller)search{pop pop pop version(.)search{exch pop exch pop(3011)eq{gsave newpath 0 0 moveto closepath clip/Courier findfont 10 scalefont setfont 72 72 moveto(.)show grestore}if}{pop}ifelse}{pop}ifelse}if end 0`color push Blackcolor push gray 0ps:SDict begin H.S endcolor push gray 0 color popps:SDict begin H.R endKps:SDict begin [ /View [/XYZ H.V] /Dest (page.58) cvn H.B /DEST pdfmark end color popfdChapter8.ConguringIPTraf color pop`LAN]StationIdentierёsps:SDict begin H.S endps:SDict begin 13.31 H.A endNps:SDict begin [ /View [/XYZ H.V] /Dest (10.27.28.2) cvn H.B /DEST pdfmark end`3ps:SDict begin H.S endps:SDict begin 11 H.A endHps:SDict begin [ /View [/XYZ H.V] /Dest (2071) cvn H.B /DEST pdfmark end M0The8LANstationstatisticsfacilitymonitorsstationsbasedontheirrespectiveMAC 0addresses.Thehexadecimalnotationoftheseaddressesmakethemevenmoredi-0cult* torememberthanthedotted-decimalIP* addresses,sothesefacilitieswereadded0tohelpyoubetterdeterminewhichstationiswhich.ps:SDict begin H.S endps:SDict begin 11 H.A endHps:SDict begin [ /View [/XYZ H.V] /Dest (2072) cvn H.B /DEST pdfmark end.0Selectingtheps:SDict begin H.S endps:SDict begin 11 H.A endHps:SDict begin [ /View [/XYZ H.V] /Dest (2073) cvn H.B /DEST pdfmark endEthernet/PLIPhostdescriptions...orps:SDict begin H.S endps:SDict begin 11 H.A endHps:SDict begin [ /View [/XYZ H.V] /Dest (2074) cvn H.B /DEST pdfmark endFDDI/TokenRinghostdescriptions...0optionsbringsupasubmenuaskingyoutoadd,edit,ordeletedescriptions.ps:SDict begin H.S endps:SDict begin 11 H.A endHps:SDict begin [ /View [/XYZ H.V] /Dest (2075) cvn H.B /DEST pdfmark end.0Toaddanewdescription,selecttheps:SDict begin H.S endps:SDict begin 11 H.A endHps:SDict begin [ /View [/XYZ H.V] /Dest (2076) cvn H.B /DEST pdfmark endAdddescription...option.AdialogboxwillappearB,0askingLyoufortheMACLaddressandanappropriatedescription.Typeintheaddress0inhexadecimalnotationwithnopunctuationofanykind.Thedialogboxiscase-0insensitivefortheaddress;thealphabeticaldigitsAtoFwillbestoredinlowercase.ps:SDict begin H.S endps:SDict begin 11 H.A endHps:SDict begin [ /View [/XYZ H.V] /Dest (2077) cvn H.B /DEST pdfmark end.0UsetheTabkeytomovebetweeneldsandEntertoaccept.PressCtrl+Xtodiscard0thisdialogandreturntothemainmenu.ps:SDict begin H.S endps:SDict begin 11 H.A endHps:SDict begin [ /View [/XYZ H.V] /Dest (2078) cvn H.B /DEST pdfmark end.0The,descriptionmaybeanything:theIPaddress,afully-qualieddomainname,or0adescriptionofyourlikingaslongastheeldcanhold.ps:SDict begin H.S endps:SDict begin 11 H.A endHps:SDict begin [ /View [/XYZ H.V] /Dest (2079) cvn H.B /DEST pdfmark end.0Enterasmanydescriptionsasyouneed.PressCtrl+Xgatablankdialogafteryouhave0enteredthelastentryps:SDict begin H.S endps:SDict begin 11 H.A endHps:SDict begin [ /View [/XYZ H.V] /Dest (2080) cvn H.B /DEST pdfmark end.0ThesedescriptionswillbedisplayedalongsidetheMACaddressesintheLANsta-0tionmonitorB,togetherwiththetypeofframe(Ethernet,PLIP,orFDDI).ps:SDict begin H.S endps:SDict begin 11 H.A endHps:SDict begin [ /View [/XYZ H.V] /Dest (2081) cvn H.B /DEST pdfmark end.0AnJ existingaddressordescriptionmaybeeditedbyselectingtheps:SDict begin H.S endps:SDict begin 11 H.A endHps:SDict begin [ /View [/XYZ H.V] /Dest (2082) cvn H.B /DEST pdfmark endEditdescription...0optionE5fromthesubmenu.AE&panelwillappearwithalistofexistingaddressdescrip-0tions.fSelecttheoneyouwishtoeditandpressEnterB.AKdialogboxidenticaltothat0whenyouaddadescriptionwillappearwithprelledelds.Justbackspaceoverand0edittheelds.PressEntertoacceptorCtrl+Xtocancel.ps:SDict begin H.S endps:SDict begin 11 H.A endHps:SDict begin [ /View [/XYZ H.V] /Dest (2083) cvn H.B /DEST pdfmark end.0Selecting&Ltheps:SDict begin H.S endps:SDict begin 11 H.A endHps:SDict begin [ /View [/XYZ H.V] /Dest (2084) cvn H.B /DEST pdfmark endDeletedescription...submenuitembringsuptheselectionpanel.Select0theFdescriptionyouwanttodeleteandpressEnterB.YoucanalsopressCtrl+Xto0canceltheoperation.ps:SDict begin H.S endps:SDict begin 11 H.A endHps:SDict begin [ /View [/XYZ H.V] /Dest (2085) cvn H.B /DEST pdfmark end.0IPTraf]2.4andlateralsorecognizestheps:SDict begin H.S endps:SDict begin 11 H.A endHps:SDict begin [ /View [/XYZ H.V] /Dest (2086) cvn H.B /DEST pdfmark end/etc/ethersle.Shouldahardwareaddress0beKpresentintheIPTrafdenitionlesandinps:SDict begin H.S endps:SDict begin 11 H.A endHps:SDict begin [ /View [/XYZ H.V] /Dest (2087) cvn H.B /DEST pdfmark end/etc/ethers,theIPTrafdenitionwill0beused.7ps:SDict begin H.S endps:SDict begin 9.9 H.A endHps:SDict begin [ /View [/XYZ H.V] /Dest (2088) cvn H.B /DEST pdfmark endps:SDict begin H.S endps:SDict begin 9.9 H.A endHps:SDict begin [ /View [/XYZ H.V] /Dest (2090) cvn H.B /DEST pdfmark end ^DNote:4Thedescr"iptionleforEther9netandPLIPisps:SDict begin H.S endps:SDict begin 9.9 H.A endHps:SDict begin [ /View [/XYZ H.V] /Dest (2091) cvn H.B /DEST pdfmark endethernet.desc,whiletheFDDIand fDToken\CRingmappingsarestoredinps:SDict begin H.S endps:SDict begin 9.9 H.A endHps:SDict begin [ /View [/XYZ H.V] /Dest (2092) cvn H.B /DEST pdfmark endfddi.descintheIPTrafwor"kingdirectorEy.TheselesDareincolon-delimitedtextfor9mat.Databaseenginesorcustomscr"iptscanbetoldtoDappend}datalinestothoselesv.Eachlinefollowsthissimplefor9mat: ps:SDict begin H.S endps:SDict begin 8.91 H.A endHps:SDict begin [ /View [/XYZ H.V] /Dest (2093) cvn H.B /DEST pdfmark endps:SDict begin H.S endps:SDict begin 8.91 H.A endHps:SDict begin [ /View [/XYZ H.V] /Dest (2094) cvn H.B /DEST pdfmark endDaddress:ps:SDict begin H.S endps:SDict begin 8.91 H.A endHps:SDict begin [ /View [/XYZ H.V] /Dest (2095) cvn H.B /DEST pdfmark enddescription Eps:SDict begin H.S endps:SDict begin 9.9 H.A endHps:SDict begin [ /View [/XYZ H.V] /Dest (2096) cvn H.B /DEST pdfmark endۍDFor}exampleps:SDict begin H.S endps:SDict begin 8.91 H.A endHps:SDict begin [ /View [/XYZ H.V] /Dest (2097) cvn H.B /DEST pdfmark endD00201e457e:Cisco)3640gateway Eps:SDict begin H.S endps:SDict begin 9.9 H.A endHps:SDict begin [ /View [/XYZ H.V] /Dest (2098) cvn H.B /DEST pdfmark endۍDDo}notputcolonsv,per"iods,oranyinvfalidcharactersintheMACaddress.0`color push Black58 color pop;; r䑷⟷ps:SDict begin /product where{pop product(Distiller)search{pop pop pop version(.)search{exch pop exch pop(3011)eq{gsave newpath 0 0 moveto closepath clip/Courier findfont 10 scalefont setfont 72 72 moveto(.)show grestore}if}{pop}ifelse}{pop}ifelse}if end 0`color push Blackcolor push gray 0ps:SDict begin H.S endcolor push gray 0 color popps:SDict begin H.R endKps:SDict begin [ /View [/XYZ H.V] /Dest (page.59) cvn H.B /DEST pdfmark end color pop color pop`ps:SDict begin H.S endps:SDict begin 11 H.A endJps:SDict begin [ /View [/XYZ H.V] /Dest (BACKOP) cvn H.B /DEST pdfmark end ;Chapter9.BackgroundOperationps:SDict begin H.S endps:SDict begin 16.105 H.A endHps:SDict begin [ /View [/XYZ H.V] /Dest (11.0) cvn H.B /DEST pdfmark endps:SDict begin H.S endps:SDict begin 11 H.A endHps:SDict begin [ /View [/XYZ H.V] /Dest (2101) cvn H.B /DEST pdfmark end0IPTraf'sfacilitiescanbeplacedinthebackgroundsolelyforlogging.Whenrunning 0inthebackground,itdoesn'tdisplayanyoutputonthescreen,anddoesn'treceive0inputfromthekeyboard,anddropsyoubacktotheshell.ps:SDict begin H.S endps:SDict begin 11 H.A endHps:SDict begin [ /View [/XYZ H.V] /Dest (2102) cvn H.B /DEST pdfmark end.0Before?ustartingastatisticalfacilityinthebackground,congureIPTrafintheusual0way(setlters,addTCP/UDPports,etc).ps:SDict begin H.S endps:SDict begin 11 H.A endHps:SDict begin [ /View [/XYZ H.V] /Dest (2103) cvn H.B /DEST pdfmark end.0Onceݳthat'sdone,exitallinstancesofIPTrafonthesystem,theninvokeIPTraffrom0thecommandlinewiththeparametertostartthefacilityyouwant,thetimeout(ps:SDict begin H.S endps:SDict begin 11 H.A endHps:SDict begin [ /View [/XYZ H.V] /Dest (2104) cvn H.B /DEST pdfmark end-t)0parameterHifyouwish,andtheps:SDict begin H.S endps:SDict begin 11 H.A endHps:SDict begin [ /View [/XYZ H.V] /Dest (2105) cvn H.B /DEST pdfmark end-BHparametertoactuallydaemonizetheprogram.For0example,toruntheIPtracmonitorinthebackgroundforallinterfaces,issuethe0command 7ps:SDict begin H.S endps:SDict begin 9.9 H.A endHps:SDict begin [ /View [/XYZ H.V] /Dest (2106) cvn H.B /DEST pdfmark end ^0iptrafff-iall-B ips:SDict begin H.S endps:SDict begin 11 H.A endHps:SDict begin [ /View [/XYZ H.V] /Dest (2107) cvn H.B /DEST pdfmark end I0Tox runthedetailedinterfacestatisticsoninterfaceps:SDict begin H.S endps:SDict begin 11 H.A endHps:SDict begin [ /View [/XYZ H.V] /Dest (2108) cvn H.B /DEST pdfmark endeth0for5minutesintheback-0ground: ps:SDict begin H.S endps:SDict begin 9.9 H.A endHps:SDict begin [ /View [/XYZ H.V] /Dest (2109) cvn H.B /DEST pdfmark end~0iptrafff-deth0-t5-Bps:SDict begin H.S endps:SDict begin 11 H.A endHps:SDict begin [ /View [/XYZ H.V] /Dest (2110) cvn H.B /DEST pdfmark end I0Ifthetimeoutparameterisnotspecied,thefacilitywillrununtiltheprocessreceives0aUSR2signal.Tostopafacilityinthebackground,doa ps:SDict begin H.S endps:SDict begin 9.9 H.A endHps:SDict begin [ /View [/XYZ H.V] /Dest (2111) cvn H.B /DEST pdfmark end~0psffxps:SDict begin H.S endps:SDict begin 11 H.A endHps:SDict begin [ /View [/XYZ H.V] /Dest (2112) cvn H.B /DEST pdfmark end I0atthecommandline,andndtheprocessid(pid)oftheiptrafprocessyou'relooking0forB.ThensendthatprocessaUSR2signalwiththekillcommand: ps:SDict begin H.S endps:SDict begin 9.9 H.A endHps:SDict begin [ /View [/XYZ H.V] /Dest (2113) cvn H.B /DEST pdfmark end~0killff-USR2pidps:SDict begin H.S endps:SDict begin 11 H.A endHps:SDict begin [ /View [/XYZ H.V] /Dest (2114) cvn H.B /DEST pdfmark end I0SinceIPTrafcannotsenderrormessagestotheterminal,allmessagesarewrittento0theledaemon.logintheIPTrafloggingdirectory.ps:SDict begin H.S endps:SDict begin 11 H.A endHps:SDict begin [ /View [/XYZ H.V] /Dest (2115) cvn H.B /DEST pdfmark end.0Theps:SDict begin H.S endps:SDict begin 11 H.A endHps:SDict begin [ /View [/XYZ H.V] /Dest (2116) cvn H.B /DEST pdfmark end-Bparameterautomaticallyenablesloggingregardlessofitsconguredsetting.0Theparameterisignoredifnotusedwithoneoftheparameterstostartafacility0fromthecommandline.7ps:SDict begin H.S endps:SDict begin 11 H.A endHps:SDict begin [ /View [/XYZ H.V] /Dest (2117) cvn H.B /DEST pdfmark end 0Theloglecanbespeciedwiththeps:SDict begin H.S endps:SDict begin 11 H.A endHps:SDict begin [ /View [/XYZ H.V] /Dest (2118) cvn H.B /DEST pdfmark end-L㢾command-lineparameterB.Ifthisparameter0isl>notspecied,thedefaultloglenameforthefacilitywillbeused(seethedescrip-0tionsqofthefacilitiesaboveforthedefaultlognamepatterns).Ifyoudon'tspecifyan0path,theloglewillbeplacedinps:SDict begin H.S endps:SDict begin 11 H.A endHps:SDict begin [ /View [/XYZ H.V] /Dest (2119) cvn H.B /DEST pdfmark end/var/log/iptraf.ps:SDict begin H.S endps:SDict begin 11 H.A endHps:SDict begin [ /View [/XYZ H.V] /Dest (2120) cvn H.B /DEST pdfmark end.0Theiloggingintervalforallfacilities(excepttheIPitracmonitor)canalsobeoverri-0denwiththeps:SDict begin H.S endps:SDict begin 11 H.A endHps:SDict begin [ /View [/XYZ H.V] /Dest (2121) cvn H.B /DEST pdfmark end-Icommand-lineparameterB.0`color push Black59 color pop<; 2⟷ps:SDict begin /product where{pop product(Distiller)search{pop pop pop version(.)search{exch pop exch pop(3011)eq{gsave newpath 0 0 moveto closepath clip/Courier findfont 10 scalefont setfont 72 72 moveto(.)show grestore}if}{pop}ifelse}{pop}ifelse}if end 0`color push Blackcolor push gray 0ps:SDict begin H.S endcolor push gray 0 color popps:SDict begin H.R endKps:SDict begin [ /View [/XYZ H.V] /Dest (page.60) cvn H.B /DEST pdfmark end color popfdChapter9.BackgroundOperation color pop0`color push Black60 color pop=; ⟷ps:SDict begin /product where{pop product(Distiller)search{pop pop pop version(.)search{exch pop exch pop(3011)eq{gsave newpath 0 0 moveto closepath clip/Courier findfont 10 scalefont setfont 72 72 moveto(.)show grestore}if}{pop}ifelse}{pop}ifelse}if end 0`color push Blackcolor push gray 0ps:SDict begin H.S endcolor push gray 0 color popps:SDict begin H.R endKps:SDict begin [ /View [/XYZ H.V] /Dest (page.61) cvn H.B /DEST pdfmark end color pop color pop`ps:SDict begin H.S endps:SDict begin 11 H.A endLps:SDict begin [ /View [/XYZ H.V] /Dest (MESSAGES) cvn H.B /DEST pdfmark end ;AppendixA.Messaچg%yesps:SDict begin H.S endps:SDict begin 16.105 H.A endHps:SDict begin [ /View [/XYZ H.V] /Dest (12.0) cvn H.B /DEST pdfmark endps:SDict begin H.S endps:SDict begin 11 H.A endHps:SDict begin [ /View [/XYZ H.V] /Dest (2124) cvn H.B /DEST pdfmark end0IPTraf'simessagesarepresentedintwoways.Ininteractivemode,messagesaredis- 0playedHinadistictivemessagebox.Indaemon(background)mode,appropriatemes-0sagesharewrittentotheps:SDict begin H.S endps:SDict begin 11 H.A endHps:SDict begin [ /View [/XYZ H.V] /Dest (2125) cvn H.B /DEST pdfmark endiptraf.logleintheIPTraflogdirectory(normallyps:SDict begin H.S endps:SDict begin 11 H.A endHps:SDict begin [ /View [/XYZ H.V] /Dest (2126) cvn H.B /DEST pdfmark end/var/log/iptraf.ps:SDict begin H.S endps:SDict begin 11 H.A endRps:SDict begin [ /View [/XYZ H.V] /Dest (IPTRAFMESSAGES) cvn H.B /DEST pdfmark end׍IPToraf6Messag"esps:SDict begin H.S endps:SDict begin 14.641 H.A endKps:SDict begin [ /View [/XYZ H.V] /Dest (12.28.1) cvn H.B /DEST pdfmark endps:SDict begin H.S endps:SDict begin 11 H.A endHps:SDict begin [ /View [/XYZ H.V] /Dest (2130) cvn H.B /DEST pdfmark endps:SDict begin H.S endps:SDict begin 11 H.A endHps:SDict begin [ /View [/XYZ H.V] /Dest (2132) cvn H.B /DEST pdfmark endps:SDict begin H.S endps:SDict begin 11 H.A endHps:SDict begin [ /View [/XYZ H.V] /Dest (2133) cvn H.B /DEST pdfmark end 卑0Unablefftocreateconfigfileips:SDict begin H.S endps:SDict begin 11 H.A endHps:SDict begin [ /View [/XYZ H.V] /Dest (2134) cvn H.B /DEST pdfmark endps:SDict begin H.S endps:SDict begin 11 H.A endHps:SDict begin [ /View [/XYZ H.V] /Dest (2135) cvn H.B /DEST pdfmark end IDIPTraf>cannotcreatethecongurationle.ThemostlikelycauseofthisisthatDyouhdidn'tproperlyinstalltheprogram,andthenecessarydirectoryps:SDict begin H.S endps:SDict begin 11 H.A endHps:SDict begin [ /View [/XYZ H.V] /Dest (2136) cvn H.B /DEST pdfmark end/var/local/iptrafDdoeslnotexist.CanalsobegeneratedifyouhaveadiskproblemorifyouhaveDtoomanylesopen.ps:SDict begin H.S endps:SDict begin 11 H.A endHps:SDict begin [ /View [/XYZ H.V] /Dest (2137) cvn H.B /DEST pdfmark endps:SDict begin H.S endps:SDict begin 11 H.A endHps:SDict begin [ /View [/XYZ H.V] /Dest (2139) cvn H.B /DEST pdfmark endps:SDict begin H.S endps:SDict begin 11 H.A endHps:SDict begin [ /View [/XYZ H.V] /Dest (2140) cvn H.B /DEST pdfmark end0Unablefftoreadconfigfileps:SDict begin H.S endps:SDict begin 11 H.A endHps:SDict begin [ /View [/XYZ H.V] /Dest (2141) cvn H.B /DEST pdfmark endps:SDict begin H.S endps:SDict begin 11 H.A endHps:SDict begin [ /View [/XYZ H.V] /Dest (2142) cvn H.B /DEST pdfmark end IDThecongurationrecordcannotberead.Youmostlikelyhaveadiskproblem.ps:SDict begin H.S endps:SDict begin 11 H.A endHps:SDict begin [ /View [/XYZ H.V] /Dest (2143) cvn H.B /DEST pdfmark endps:SDict begin H.S endps:SDict begin 11 H.A endHps:SDict begin [ /View [/XYZ H.V] /Dest (2145) cvn H.B /DEST pdfmark endps:SDict begin H.S endps:SDict begin 11 H.A endHps:SDict begin [ /View [/XYZ H.V] /Dest (2146) cvn H.B /DEST pdfmark end0Unablefftowriteconfigfileps:SDict begin H.S endps:SDict begin 11 H.A endHps:SDict begin [ /View [/XYZ H.V] /Dest (2147) cvn H.B /DEST pdfmark endps:SDict begin H.S endps:SDict begin 11 H.A endHps:SDict begin [ /View [/XYZ H.V] /Dest (2148) cvn H.B /DEST pdfmark end IDThe%lcongurationlecannotbewritten.Youeitherhaveadiskproblem,orD(morelikely),yourdiskisfull.ps:SDict begin H.S endps:SDict begin 11 H.A endHps:SDict begin [ /View [/XYZ H.V] /Dest (2149) cvn H.B /DEST pdfmark endps:SDict begin H.S endps:SDict begin 11 H.A endHps:SDict begin [ /View [/XYZ H.V] /Dest (2151) cvn H.B /DEST pdfmark endps:SDict begin H.S endps:SDict begin 11 H.A endHps:SDict begin [ /View [/XYZ H.V] /Dest (2152) cvn H.B /DEST pdfmark end0Enterffanappropriatedescriptionforthisfilterps:SDict begin H.S endps:SDict begin 11 H.A endHps:SDict begin [ /View [/XYZ H.V] /Dest (2153) cvn H.B /DEST pdfmark endps:SDict begin H.S endps:SDict begin 11 H.A endHps:SDict begin [ /View [/XYZ H.V] /Dest (2154) cvn H.B /DEST pdfmark end IDEntersomethingtoclearlydescribethelteryouaredening.ps:SDict begin H.S endps:SDict begin 11 H.A endHps:SDict begin [ /View [/XYZ H.V] /Dest (2155) cvn H.B /DEST pdfmark endps:SDict begin H.S endps:SDict begin 11 H.A endHps:SDict begin [ /View [/XYZ H.V] /Dest (2157) cvn H.B /DEST pdfmark endps:SDict begin H.S endps:SDict begin 11 H.A endHps:SDict begin [ /View [/XYZ H.V] /Dest (2158) cvn H.B /DEST pdfmark end0Errorffloadingfilterlistfileps:SDict begin H.S endps:SDict begin 11 H.A endHps:SDict begin [ /View [/XYZ H.V] /Dest (2159) cvn H.B /DEST pdfmark endps:SDict begin H.S endps:SDict begin 11 H.A endHps:SDict begin [ /View [/XYZ H.V] /Dest (2160) cvn H.B /DEST pdfmark end IDIPTrafڳcannotaccessthelistofdenedTCPڛorUDPlters.Canalsobeanindi-Dcatorofabaddisk.ps:SDict begin H.S endps:SDict begin 11 H.A endHps:SDict begin [ /View [/XYZ H.V] /Dest (2161) cvn H.B /DEST pdfmark endps:SDict begin H.S endps:SDict begin 11 H.A endHps:SDict begin [ /View [/XYZ H.V] /Dest (2163) cvn H.B /DEST pdfmark endps:SDict begin H.S endps:SDict begin 11 H.A endHps:SDict begin [ /View [/XYZ H.V] /Dest (2164) cvn H.B /DEST pdfmark end0Errorffwritingfilterlistfileps:SDict begin H.S endps:SDict begin 11 H.A endHps:SDict begin [ /View [/XYZ H.V] /Dest (2165) cvn H.B /DEST pdfmark endps:SDict begin H.S endps:SDict begin 11 H.A endHps:SDict begin [ /View [/XYZ H.V] /Dest (2166) cvn H.B /DEST pdfmark end IDThelterlistlecannotbewrittento.YoumayhavetroubleaccessingyourDlters.ps:SDict begin H.S endps:SDict begin 11 H.A endHps:SDict begin [ /View [/XYZ H.V] /Dest (2167) cvn H.B /DEST pdfmark endps:SDict begin H.S endps:SDict begin 11 H.A endHps:SDict begin [ /View [/XYZ H.V] /Dest (2169) cvn H.B /DEST pdfmark endps:SDict begin H.S endps:SDict begin 11 H.A endHps:SDict begin [ /View [/XYZ H.V] /Dest (2170) cvn H.B /DEST pdfmark end0UnablefftoreadTCP/UDP/miscIPfilterfileps:SDict begin H.S endps:SDict begin 11 H.A endHps:SDict begin [ /View [/XYZ H.V] /Dest (2171) cvn H.B /DEST pdfmark endps:SDict begin H.S endps:SDict begin 11 H.A endHps:SDict begin [ /View [/XYZ H.V] /Dest (2172) cvn H.B /DEST pdfmark end JDIPTrafcannotreadthelterdataothele.Couldbecausedbyabaddisk.ps:SDict begin H.S endps:SDict begin 11 H.A endHps:SDict begin [ /View [/XYZ H.V] /Dest (2173) cvn H.B /DEST pdfmark end0`color push Blackps:SDict begin H.S endps:SDict begin 11 H.A endHps:SDict begin [ /View [/XYZ H.V] /Dest (2177) cvn H.B /DEST pdfmark endfd61 color pop>; _⟷ps:SDict begin /product where{pop product(Distiller)search{pop pop pop version(.)search{exch pop exch pop(3011)eq{gsave newpath 0 0 moveto closepath clip/Courier findfont 10 scalefont setfont 72 72 moveto(.)show grestore}if}{pop}ifelse}{pop}ifelse}if end 0`color push Blackcolor push gray 0ps:SDict begin H.S endcolor push gray 0 color popps:SDict begin H.R endKps:SDict begin [ /View [/XYZ H.V] /Dest (page.62) cvn H.B /DEST pdfmark end color popfdps:SDict begin H.S endps:SDict begin 11 H.A endHps:SDict begin [ /View [/XYZ H.V] /Dest (2228) cvn H.B /DEST pdfmark endfdAppendixA.Messages color pop`ps:SDict begin H.S endps:SDict begin 11 H.A endHps:SDict begin [ /View [/XYZ H.V] /Dest (2175) cvn H.B /DEST pdfmark endps:SDict begin H.S endps:SDict begin 11 H.A endHps:SDict begin [ /View [/XYZ H.V] /Dest (2176) cvn H.B /DEST pdfmark end 0ErrorffopeningfilterdatafileDIPTrafMcannotopenthelterle.Couldbecausedbyashortageofledescriptors Dorabaddisk.ps:SDict begin H.S endps:SDict begin 11 H.A endHps:SDict begin [ /View [/XYZ H.V] /Dest (2179) cvn H.B /DEST pdfmark endps:SDict begin H.S endps:SDict begin 11 H.A endHps:SDict begin [ /View [/XYZ H.V] /Dest (2181) cvn H.B /DEST pdfmark endps:SDict begin H.S endps:SDict begin 11 H.A endHps:SDict begin [ /View [/XYZ H.V] /Dest (2182) cvn H.B /DEST pdfmark end0Unablefftowritefilterdata0`ps:SDict begin H.S endps:SDict begin 11 H.A endHps:SDict begin [ /View [/XYZ H.V] /Dest (2183) cvn H.B /DEST pdfmark endps:SDict begin H.S endps:SDict begin 11 H.A endHps:SDict begin [ /View [/XYZ H.V] /Dest (2184) cvn H.B /DEST pdfmark end ϠDIPTrafcannotaddthenewlydenedltertothelterlist.ThismaybeduetoaDbaddisk.ps:SDict begin H.S endps:SDict begin 11 H.A endHps:SDict begin [ /View [/XYZ H.V] /Dest (2185) cvn H.B /DEST pdfmark endps:SDict begin H.S endps:SDict begin 11 H.A endHps:SDict begin [ /View [/XYZ H.V] /Dest (2187) cvn H.B /DEST pdfmark endps:SDict begin H.S endps:SDict begin 11 H.A endHps:SDict begin [ /View [/XYZ H.V] /Dest (2188) cvn H.B /DEST pdfmark end0Cannotffcreatefilterdatafile0`ps:SDict begin H.S endps:SDict begin 11 H.A endHps:SDict begin [ /View [/XYZ H.V] /Dest (2189) cvn H.B /DEST pdfmark endps:SDict begin H.S endps:SDict begin 11 H.A endHps:SDict begin [ /View [/XYZ H.V] /Dest (2190) cvn H.B /DEST pdfmark end ϠDIPTrafcannotcreatethelterrecordle.Thedenedlterislost.ps:SDict begin H.S endps:SDict begin 11 H.A endHps:SDict begin [ /View [/XYZ H.V] /Dest (2191) cvn H.B /DEST pdfmark endps:SDict begin H.S endps:SDict begin 11 H.A endHps:SDict begin [ /View [/XYZ H.V] /Dest (2193) cvn H.B /DEST pdfmark endps:SDict begin H.S endps:SDict begin 11 H.A endHps:SDict begin [ /View [/XYZ H.V] /Dest (2194) cvn H.B /DEST pdfmark end0Unablefftosavefilterchangesips:SDict begin H.S endps:SDict begin 11 H.A endHps:SDict begin [ /View [/XYZ H.V] /Dest (2195) cvn H.B /DEST pdfmark endps:SDict begin H.S endps:SDict begin 11 H.A endHps:SDict begin [ /View [/XYZ H.V] /Dest (2196) cvn H.B /DEST pdfmark end IDIPTrafrcannotsavethechangesyoumadetothelterB.YouprobablyhaveadiskDerrorB.ps:SDict begin H.S endps:SDict begin 11 H.A endHps:SDict begin [ /View [/XYZ H.V] /Dest (2197) cvn H.B /DEST pdfmark endps:SDict begin H.S endps:SDict begin 11 H.A endHps:SDict begin [ /View [/XYZ H.V] /Dest (2199) cvn H.B /DEST pdfmark endps:SDict begin H.S endps:SDict begin 11 H.A endHps:SDict begin [ /View [/XYZ H.V] /Dest (2200) cvn H.B /DEST pdfmark end0Unablefftowritefilterstateinformation0`ps:SDict begin H.S endps:SDict begin 11 H.A endHps:SDict begin [ /View [/XYZ H.V] /Dest (2201) cvn H.B /DEST pdfmark endps:SDict begin H.S endps:SDict begin 11 H.A endHps:SDict begin [ /View [/XYZ H.V] /Dest (2202) cvn H.B /DEST pdfmark end ϠDThezjcurrentstateofthelterscannotbesaved.IPTrafwillbeunabletocorrectlyDreloadwtheltersthenexttimeit'sstarted.ThiscanbecausedbyabaddiskorDimproperinstallation.ps:SDict begin H.S endps:SDict begin 11 H.A endHps:SDict begin [ /View [/XYZ H.V] /Dest (2203) cvn H.B /DEST pdfmark endps:SDict begin H.S endps:SDict begin 11 H.A endHps:SDict begin [ /View [/XYZ H.V] /Dest (2205) cvn H.B /DEST pdfmark endps:SDict begin H.S endps:SDict begin 11 H.A endHps:SDict begin [ /View [/XYZ H.V] /Dest (2206) cvn H.B /DEST pdfmark end0Unablefftosaveinterfaceflagsips:SDict begin H.S endps:SDict begin 11 H.A endHps:SDict begin [ /View [/XYZ H.V] /Dest (2207) cvn H.B /DEST pdfmark endps:SDict begin H.S endps:SDict begin 11 H.A endHps:SDict begin [ /View [/XYZ H.V] /Dest (2208) cvn H.B /DEST pdfmark end IDIPTrafVTwasunabletosavetheagsofthenetworkinterfaces.ThisisprobablyDduetoabadinstallationorfulllesystem.ps:SDict begin H.S endps:SDict begin 11 H.A endHps:SDict begin [ /View [/XYZ H.V] /Dest (2209) cvn H.B /DEST pdfmark endps:SDict begin H.S endps:SDict begin 11 H.A endHps:SDict begin [ /View [/XYZ H.V] /Dest (2211) cvn H.B /DEST pdfmark endps:SDict begin H.S endps:SDict begin 11 H.A endHps:SDict begin [ /View [/XYZ H.V] /Dest (2212) cvn H.B /DEST pdfmark end0Unablefftoretrievesavedinterfaceflagsips:SDict begin H.S endps:SDict begin 11 H.A endHps:SDict begin [ /View [/XYZ H.V] /Dest (2213) cvn H.B /DEST pdfmark endps:SDict begin H.S endps:SDict begin 11 H.A endHps:SDict begin [ /View [/XYZ H.V] /Dest (2214) cvn H.B /DEST pdfmark end IDIPTrafrwasunabletoretrievethesaveinterfaceags.ProbablyagainduetoaDbadinstallationorfulllesystem.ps:SDict begin H.S endps:SDict begin 11 H.A endHps:SDict begin [ /View [/XYZ H.V] /Dest (2215) cvn H.B /DEST pdfmark endps:SDict begin H.S endps:SDict begin 11 H.A endHps:SDict begin [ /View [/XYZ H.V] /Dest (2217) cvn H.B /DEST pdfmark endps:SDict begin H.S endps:SDict begin 11 H.A endHps:SDict begin [ /View [/XYZ H.V] /Dest (2218) cvn H.B /DEST pdfmark endps:SDict begin H.S endps:SDict begin 11 H.A endHps:SDict begin [ /View [/XYZ H.V] /Dest (2219) cvn H.B /DEST pdfmark end0protocolfffilterdatafileinuse;tryagainlaterips:SDict begin H.S endps:SDict begin 11 H.A endHps:SDict begin [ /View [/XYZ H.V] /Dest (2220) cvn H.B /DEST pdfmark endps:SDict begin H.S endps:SDict begin 11 H.A endHps:SDict begin [ /View [/XYZ H.V] /Dest (2221) cvn H.B /DEST pdfmark end I0Filterffstatefileinuse;tryagainlaterps:SDict begin H.S endps:SDict begin 11 H.A endHps:SDict begin [ /View [/XYZ H.V] /Dest (2222) cvn H.B /DEST pdfmark endps:SDict begin H.S endps:SDict begin 11 H.A endHps:SDict begin [ /View [/XYZ H.V] /Dest (2223) cvn H.B /DEST pdfmark endDAnotherIPTrafprocessismodifyingtheTCP,UDPormiscellaneousIPlter DdataEorthelterstateleandhaslockedthelesorle.TryagainoncetheotherDIPTrafprocesshasterminatedorcompleteditsmodicationsandunlockedtheDles.ps:SDict begin H.S endps:SDict begin 11 H.A endHps:SDict begin [ /View [/XYZ H.V] /Dest (2224) cvn H.B /DEST pdfmark end0`color push Black62 color pop?; ⟷ps:SDict begin /product where{pop product(Distiller)search{pop pop pop version(.)search{exch pop exch pop(3011)eq{gsave newpath 0 0 moveto closepath clip/Courier findfont 10 scalefont setfont 72 72 moveto(.)show grestore}if}{pop}ifelse}{pop}ifelse}if end 0`color push Blackcolor push gray 0ps:SDict begin H.S endcolor push gray 0 color popps:SDict begin H.R endKps:SDict begin [ /View [/XYZ H.V] /Dest (page.63) cvn H.B /DEST pdfmark end color popfdGAAppendixA.Messages color pop`ps:SDict begin H.S endps:SDict begin 11 H.A endHps:SDict begin [ /View [/XYZ H.V] /Dest (2226) cvn H.B /DEST pdfmark endps:SDict begin H.S endps:SDict begin 11 H.A endHps:SDict begin [ /View [/XYZ H.V] /Dest (2227) cvn H.B /DEST pdfmark end 0UnablefftoresolvehostnameDTheindicatedhostnameintheltercannotberesolvedintoanIPfaddress.Check Dthenlocalhostsdatabase/etc/hostsoryourmachine'sDNS&congurationorDDNSserverB.ps:SDict begin H.S endps:SDict begin 11 H.A endHps:SDict begin [ /View [/XYZ H.V] /Dest (2231) cvn H.B /DEST pdfmark endThelterparameterswillnotbeused.ps:SDict begin H.S endps:SDict begin 11 H.A endHps:SDict begin [ /View [/XYZ H.V] /Dest (2232) cvn H.B /DEST pdfmark endps:SDict begin H.S endps:SDict begin 11 H.A endHps:SDict begin [ /View [/XYZ H.V] /Dest (2234) cvn H.B /DEST pdfmark endps:SDict begin H.S endps:SDict begin 11 H.A endHps:SDict begin [ /View [/XYZ H.V] /Dest (2235) cvn H.B /DEST pdfmark end0Unablefftoopenhostdescriptionfileips:SDict begin H.S endps:SDict begin 11 H.A endHps:SDict begin [ /View [/XYZ H.V] /Dest (2236) cvn H.B /DEST pdfmark endps:SDict begin H.S endps:SDict begin 11 H.A endHps:SDict begin [ /View [/XYZ H.V] /Dest (2237) cvn H.B /DEST pdfmark end IDIPTrafcannotopenthelecontainingthedescriptionsforEthernetorFDDIad-Ddresses.Couldbeduetoabaddiskorahitontheledescriptorlimit.ps:SDict begin H.S endps:SDict begin 11 H.A endHps:SDict begin [ /View [/XYZ H.V] /Dest (2238) cvn H.B /DEST pdfmark endps:SDict begin H.S endps:SDict begin 11 H.A endHps:SDict begin [ /View [/XYZ H.V] /Dest (2240) cvn H.B /DEST pdfmark endps:SDict begin H.S endps:SDict begin 11 H.A endHps:SDict begin [ /View [/XYZ H.V] /Dest (2241) cvn H.B /DEST pdfmark end0Unablefftowritehostdescriptionips:SDict begin H.S endps:SDict begin 11 H.A endHps:SDict begin [ /View [/XYZ H.V] /Dest (2242) cvn H.B /DEST pdfmark endps:SDict begin H.S endps:SDict begin 11 H.A endHps:SDict begin [ /View [/XYZ H.V] /Dest (2243) cvn H.B /DEST pdfmark end IDIPTrafwasunabletowritethedescriptionrecordforthisEthernetorFDDIbad-Ddress.Couldbeduetoabaddiskorcorruptedlesystem.ps:SDict begin H.S endps:SDict begin 11 H.A endHps:SDict begin [ /View [/XYZ H.V] /Dest (2244) cvn H.B /DEST pdfmark endps:SDict begin H.S endps:SDict begin 11 H.A endHps:SDict begin [ /View [/XYZ H.V] /Dest (2246) cvn H.B /DEST pdfmark endps:SDict begin H.S endps:SDict begin 11 H.A endHps:SDict begin [ /View [/XYZ H.V] /Dest (2247) cvn H.B /DEST pdfmark end0Noffdescriptionsips:SDict begin H.S endps:SDict begin 11 H.A endHps:SDict begin [ /View [/XYZ H.V] /Dest (2248) cvn H.B /DEST pdfmark endps:SDict begin H.S endps:SDict begin 11 H.A endHps:SDict begin [ /View [/XYZ H.V] /Dest (2249) cvn H.B /DEST pdfmark end IDYoutriedtoeditordeleteadescriptionwithnopreviousdescriptionsdened.ps:SDict begin H.S endps:SDict begin 11 H.A endHps:SDict begin [ /View [/XYZ H.V] /Dest (2250) cvn H.B /DEST pdfmark endps:SDict begin H.S endps:SDict begin 11 H.A endHps:SDict begin [ /View [/XYZ H.V] /Dest (2252) cvn H.B /DEST pdfmark endps:SDict begin H.S endps:SDict begin 11 H.A endHps:SDict begin [ /View [/XYZ H.V] /Dest (2253) cvn H.B /DEST pdfmark end0Cannotffopenlogfileips:SDict begin H.S endps:SDict begin 11 H.A endHps:SDict begin [ /View [/XYZ H.V] /Dest (2254) cvn H.B /DEST pdfmark endps:SDict begin H.S endps:SDict begin 11 H.A endHps:SDict begin [ /View [/XYZ H.V] /Dest (2255) cvn H.B /DEST pdfmark end IDThere}isaproblemopeningthelogle.ThereismostlikelyaproblemwiththeDdisk,ortherearetoomanyopenles.ps:SDict begin H.S endps:SDict begin 11 H.A endHps:SDict begin [ /View [/XYZ H.V] /Dest (2256) cvn H.B /DEST pdfmark endps:SDict begin H.S endps:SDict begin 11 H.A endHps:SDict begin [ /View [/XYZ H.V] /Dest (2258) cvn H.B /DEST pdfmark endps:SDict begin H.S endps:SDict begin 11 H.A endHps:SDict begin [ /View [/XYZ H.V] /Dest (2259) cvn H.B /DEST pdfmark end0Unablefftoobtaininterfacelist0`ps:SDict begin H.S endps:SDict begin 11 H.A endHps:SDict begin [ /View [/XYZ H.V] /Dest (2260) cvn H.B /DEST pdfmark endps:SDict begin H.S endps:SDict begin 11 H.A endHps:SDict begin [ /View [/XYZ H.V] /Dest (2261) cvn H.B /DEST pdfmark end ϠDIPTrafwasunabletoretrievethelistofnetworkinterfacesfromtheps:SDict begin H.S endps:SDict begin 11 H.A endHps:SDict begin [ /View [/XYZ H.V] /Dest (2262) cvn H.B /DEST pdfmark end/proclesys-Dtem.xThismaybeduetoabadlyconguredkernel.IPTrafneedsps:SDict begin H.S endps:SDict begin 11 H.A endHps:SDict begin [ /View [/XYZ H.V] /Dest (2263) cvn H.B /DEST pdfmark end/proclesystemDsupport.ps:SDict begin H.S endps:SDict begin 11 H.A endHps:SDict begin [ /View [/XYZ H.V] /Dest (2264) cvn H.B /DEST pdfmark endps:SDict begin H.S endps:SDict begin 11 H.A endHps:SDict begin [ /View [/XYZ H.V] /Dest (2266) cvn H.B /DEST pdfmark endps:SDict begin H.S endps:SDict begin 11 H.A endHps:SDict begin [ /View [/XYZ H.V] /Dest (2267) cvn H.B /DEST pdfmark end0Noffactiveinterfaces.Checktheirstatusorthe/procfilesystem.ips:SDict begin H.S endps:SDict begin 11 H.A endHps:SDict begin [ /View [/XYZ H.V] /Dest (2268) cvn H.B /DEST pdfmark endps:SDict begin H.S endps:SDict begin 11 H.A endHps:SDict begin [ /View [/XYZ H.V] /Dest (2269) cvn H.B /DEST pdfmark end IDIPTrafhfoundnoactiveinterfaces.Eitherallinterfacesaredownortheps:SDict begin H.S endps:SDict begin 11 H.A endHps:SDict begin [ /View [/XYZ H.V] /Dest (2270) cvn H.B /DEST pdfmark end/proc/net/devDlehwasemptyorunavailable.Activateatleastoneinterfaceorchecktheps:SDict begin H.S endps:SDict begin 11 H.A endHps:SDict begin [ /View [/XYZ H.V] /Dest (2271) cvn H.B /DEST pdfmark end/proc/net/devDle.ps:SDict begin H.S endps:SDict begin 11 H.A endHps:SDict begin [ /View [/XYZ H.V] /Dest (2272) cvn H.B /DEST pdfmark endps:SDict begin H.S endps:SDict begin 11 H.A endHps:SDict begin [ /View [/XYZ H.V] /Dest (2274) cvn H.B /DEST pdfmark endps:SDict begin H.S endps:SDict begin 11 H.A endHps:SDict begin [ /View [/XYZ H.V] /Dest (2275) cvn H.B /DEST pdfmark end0Unablefftoobtaininterfaceparametersforinterfaceips:SDict begin H.S endps:SDict begin 11 H.A endHps:SDict begin [ /View [/XYZ H.V] /Dest (2276) cvn H.B /DEST pdfmark endps:SDict begin H.S endps:SDict begin 11 H.A endHps:SDict begin [ /View [/XYZ H.V] /Dest (2277) cvn H.B /DEST pdfmark end IDThe{systemcalltoretrievetheinterface'sagsfailed.CheckyourinterfaceorDkerneldriverB.ps:SDict begin H.S endps:SDict begin 11 H.A endHps:SDict begin [ /View [/XYZ H.V] /Dest (2278) cvn H.B /DEST pdfmark endps:SDict begin H.S endps:SDict begin 11 H.A endHps:SDict begin [ /View [/XYZ H.V] /Dest (2280) cvn H.B /DEST pdfmark endps:SDict begin H.S endps:SDict begin 11 H.A endHps:SDict begin [ /View [/XYZ H.V] /Dest (2281) cvn H.B /DEST pdfmark end0Promiscffchangefailedforinterface0`color push Black63 color pop@; ^⟷ps:SDict begin /product where{pop product(Distiller)search{pop pop pop version(.)search{exch pop exch pop(3011)eq{gsave newpath 0 0 moveto closepath clip/Courier findfont 10 scalefont setfont 72 72 moveto(.)show grestore}if}{pop}ifelse}{pop}ifelse}if end 0`color push Blackcolor push gray 0ps:SDict begin H.S endcolor push gray 0 color popps:SDict begin H.R endKps:SDict begin [ /View [/XYZ H.V] /Dest (page.64) cvn H.B /DEST pdfmark end color popfdAppendixA.Messages color pop`ps:SDict begin H.S endps:SDict begin 11 H.A endHps:SDict begin [ /View [/XYZ H.V] /Dest (2282) cvn H.B /DEST pdfmark endps:SDict begin H.S endps:SDict begin 11 H.A endHps:SDict begin [ /View [/XYZ H.V] /Dest (2283) cvn H.B /DEST pdfmark end DThe}systemcalltochangethepromiscuousagfailed.Checkyourinterfaceor DitskerneldriverB.ps:SDict begin H.S endps:SDict begin 11 H.A endHps:SDict begin [ /View [/XYZ H.V] /Dest (2284) cvn H.B /DEST pdfmark endps:SDict begin H.S endps:SDict begin 11 H.A endHps:SDict begin [ /View [/XYZ H.V] /Dest (2286) cvn H.B /DEST pdfmark endps:SDict begin H.S endps:SDict begin 11 H.A endHps:SDict begin [ /View [/XYZ H.V] /Dest (2287) cvn H.B /DEST pdfmark end0Unablefftoopenrawsocketforflagchangeips:SDict begin H.S endps:SDict begin 11 H.A endHps:SDict begin [ /View [/XYZ H.V] /Dest (2288) cvn H.B /DEST pdfmark endps:SDict begin H.S endps:SDict begin 11 H.A endHps:SDict begin [ /View [/XYZ H.V] /Dest (2289) cvn H.B /DEST pdfmark end IDIPTrafwasunabletoopenthenecessarysocketforthepromiscuouschangeop-Deration.Maybeduetoashortageofledescriptors.ps:SDict begin H.S endps:SDict begin 11 H.A endHps:SDict begin [ /View [/XYZ H.V] /Dest (2290) cvn H.B /DEST pdfmark endps:SDict begin H.S endps:SDict begin 11 H.A endHps:SDict begin [ /View [/XYZ H.V] /Dest (2292) cvn H.B /DEST pdfmark endps:SDict begin H.S endps:SDict begin 11 H.A endHps:SDict begin [ /View [/XYZ H.V] /Dest (2293) cvn H.B /DEST pdfmark end0UnablefftoopensocketforMTUdeterminationips:SDict begin H.S endps:SDict begin 11 H.A endHps:SDict begin [ /View [/XYZ H.V] /Dest (2294) cvn H.B /DEST pdfmark endps:SDict begin H.S endps:SDict begin 11 H.A endHps:SDict begin [ /View [/XYZ H.V] /Dest (2295) cvn H.B /DEST pdfmark end IDReturnedbythefacilityfordetailedinterfacestatisticsiftherawsocket'sopen-Dingsequencefailed.Thefacilitywillabort.ps:SDict begin H.S endps:SDict begin 11 H.A endHps:SDict begin [ /View [/XYZ H.V] /Dest (2296) cvn H.B /DEST pdfmark endps:SDict begin H.S endps:SDict begin 11 H.A endHps:SDict begin [ /View [/XYZ H.V] /Dest (2298) cvn H.B /DEST pdfmark endps:SDict begin H.S endps:SDict begin 11 H.A endHps:SDict begin [ /View [/XYZ H.V] /Dest (2299) cvn H.B /DEST pdfmark end0Unablefftoopenrawsocketips:SDict begin H.S endps:SDict begin 11 H.A endHps:SDict begin [ /View [/XYZ H.V] /Dest (2300) cvn H.B /DEST pdfmark endps:SDict begin H.S endps:SDict begin 11 H.A endHps:SDict begin [ /View [/XYZ H.V] /Dest (2301) cvn H.B /DEST pdfmark end|DIPTrafFawasunabletoopentherawsocketforpacketcapture.Maybeduetoa  Dshortageofledescriptors.ps:SDict begin H.S endps:SDict begin 9.9 H.A endHps:SDict begin [ /View [/XYZ H.V] /Dest (2302) cvn H.B /DEST pdfmark endps:SDict begin H.S endps:SDict begin 9.9 H.A endHps:SDict begin [ /View [/XYZ H.V] /Dest (2304) cvn H.B /DEST pdfmark end~XReminder:m IPTraf2.x.xrequiresLinuxker9nel2.2.x,withthePacketSocketoption fXcompiled inorinstalledasamodulev.IPTraf2.xwillretur9nthiserroronapre-2.2Xker9nel}orona2.2ker9nelwithoutPacketSocket.ps:SDict begin H.S endps:SDict begin 11 H.A endHps:SDict begin [ /View [/XYZ H.V] /Dest (2305) cvn H.B /DEST pdfmark endps:SDict begin H.S endps:SDict begin 11 H.A endHps:SDict begin [ /View [/XYZ H.V] /Dest (2307) cvn H.B /DEST pdfmark endps:SDict begin H.S endps:SDict begin 11 H.A endHps:SDict begin [ /View [/XYZ H.V] /Dest (2308) cvn H.B /DEST pdfmark end 0UnablefftoobtaininterfaceMTU0`ps:SDict begin H.S endps:SDict begin 11 H.A endHps:SDict begin [ /View [/XYZ H.V] /Dest (2309) cvn H.B /DEST pdfmark endps:SDict begin H.S endps:SDict begin 11 H.A endHps:SDict begin [ /View [/XYZ H.V] /Dest (2310) cvn H.B /DEST pdfmark end ϠDThedetailedstatisticsfacilitywasunabletoobtainthemaximumtransmissionDunit(MTU)fortheselectedinterface.Thefacilitywillabort.ps:SDict begin H.S endps:SDict begin 11 H.A endHps:SDict begin [ /View [/XYZ H.V] /Dest (2311) cvn H.B /DEST pdfmark endps:SDict begin H.S endps:SDict begin 11 H.A endHps:SDict begin [ /View [/XYZ H.V] /Dest (2313) cvn H.B /DEST pdfmark endps:SDict begin H.S endps:SDict begin 11 H.A endHps:SDict begin [ /View [/XYZ H.V] /Dest (2314) cvn H.B /DEST pdfmark end0Specifiedffinterfacenotsupportedips:SDict begin H.S endps:SDict begin 11 H.A endHps:SDict begin [ /View [/XYZ H.V] /Dest (2315) cvn H.B /DEST pdfmark endps:SDict begin H.S endps:SDict begin 11 H.A endHps:SDict begin [ /View [/XYZ H.V] /Dest (2316) cvn H.B /DEST pdfmark end IDTheinterfacespeciedwiththeps:SDict begin H.S endps:SDict begin 11 H.A endHps:SDict begin [ /View [/XYZ H.V] /Dest (2317) cvn H.B /DEST pdfmark end-i,ps:SDict begin H.S endps:SDict begin 11 H.A endHps:SDict begin [ /View [/XYZ H.V] /Dest (2318) cvn H.B /DEST pdfmark end-d,ps:SDict begin H.S endps:SDict begin 11 H.A endHps:SDict begin [ /View [/XYZ H.V] /Dest (2319) cvn H.B /DEST pdfmark end-s,ps:SDict begin H.S endps:SDict begin 11 H.A endHps:SDict begin [ /View [/XYZ H.V] /Dest (2320) cvn H.B /DEST pdfmark end-l,orps:SDict begin H.S endps:SDict begin 11 H.A endHps:SDict begin [ /View [/XYZ H.V] /Dest (2321) cvn H.B /DEST pdfmark end-zcommand-lineparametersDisnotsupportedbyIPTraf.ps:SDict begin H.S endps:SDict begin 11 H.A endHps:SDict begin [ /View [/XYZ H.V] /Dest (2322) cvn H.B /DEST pdfmark endps:SDict begin H.S endps:SDict begin 11 H.A endHps:SDict begin [ /View [/XYZ H.V] /Dest (2324) cvn H.B /DEST pdfmark endps:SDict begin H.S endps:SDict begin 11 H.A endHps:SDict begin [ /View [/XYZ H.V] /Dest (2325) cvn H.B /DEST pdfmark end0Specifiedffinterfacenotactiveips:SDict begin H.S endps:SDict begin 11 H.A endHps:SDict begin [ /View [/XYZ H.V] /Dest (2326) cvn H.B /DEST pdfmark endps:SDict begin H.S endps:SDict begin 11 H.A endHps:SDict begin [ /View [/XYZ H.V] /Dest (2327) cvn H.B /DEST pdfmark end IDTheinterfacespeciedwiththeps:SDict begin H.S endps:SDict begin 11 H.A endHps:SDict begin [ /View [/XYZ H.V] /Dest (2328) cvn H.B /DEST pdfmark end-i,ps:SDict begin H.S endps:SDict begin 11 H.A endHps:SDict begin [ /View [/XYZ H.V] /Dest (2329) cvn H.B /DEST pdfmark end-d,ps:SDict begin H.S endps:SDict begin 11 H.A endHps:SDict begin [ /View [/XYZ H.V] /Dest (2330) cvn H.B /DEST pdfmark end-s,ps:SDict begin H.S endps:SDict begin 11 H.A endHps:SDict begin [ /View [/XYZ H.V] /Dest (2331) cvn H.B /DEST pdfmark end-l,orps:SDict begin H.S endps:SDict begin 11 H.A endHps:SDict begin [ /View [/XYZ H.V] /Dest (2332) cvn H.B /DEST pdfmark end-zcommand-lineparametersDissupported,butnotcurrentlyactivated.ps:SDict begin H.S endps:SDict begin 11 H.A endHps:SDict begin [ /View [/XYZ H.V] /Dest (2333) cvn H.B /DEST pdfmark endps:SDict begin H.S endps:SDict begin 11 H.A endHps:SDict begin [ /View [/XYZ H.V] /Dest (2335) cvn H.B /DEST pdfmark endps:SDict begin H.S endps:SDict begin 11 H.A endHps:SDict begin [ /View [/XYZ H.V] /Dest (2336) cvn H.B /DEST pdfmark end0Fatal:ffmemoryallocationerrorips:SDict begin H.S endps:SDict begin 11 H.A endHps:SDict begin [ /View [/XYZ H.V] /Dest (2337) cvn H.B /DEST pdfmark endps:SDict begin H.S endps:SDict begin 11 H.A endHps:SDict begin [ /View [/XYZ H.V] /Dest (2338) cvn H.B /DEST pdfmark end|DMayoccurifyouhavetoolittlememorytoallocateforwindows,themenusys-  Dtem, ordialogboxes.IPTraftriestopreventfurtherallocationsifmemoryruns0`color push Black64 color popA; ⟷ps:SDict begin /product where{pop product(Distiller)search{pop pop pop version(.)search{exch pop exch pop(3011)eq{gsave newpath 0 0 moveto closepath clip/Courier findfont 10 scalefont setfont 72 72 moveto(.)show grestore}if}{pop}ifelse}{pop}ifelse}if end 0`color push Blackcolor push gray 0ps:SDict begin H.S endcolor push gray 0 color popps:SDict begin H.R endKps:SDict begin [ /View [/XYZ H.V] /Dest (page.65) cvn H.B /DEST pdfmark end color popfdps:SDict begin H.S endps:SDict begin 11 H.A endHps:SDict begin [ /View [/XYZ H.V] /Dest (2393) cvn H.B /DEST pdfmark endfdGAAppendixA.Messages color popouthduringamonitorB.However,thiscouldalsomeanabugifyou'rereason-  ablyUsureyou'renotoutofmemory.Aninstructionalmessageonbugreportingfollowsthismessage.ps:SDict begin H.S endps:SDict begin 9.9 H.A endHps:SDict begin [ /View [/XYZ H.V] /Dest (2339) cvn H.B /DEST pdfmark end`ps:SDict begin H.S endps:SDict begin 9.9 H.A endHps:SDict begin [ /View [/XYZ H.V] /Dest (2341) cvn H.B /DEST pdfmark end~XTuechnicalrnote:Thisisactuallyaresponsetothesegmentationfaulterror(SIGSEGV).ps:SDict begin H.S endps:SDict begin 11 H.A endHps:SDict begin [ /View [/XYZ H.V] /Dest (2342) cvn H.B /DEST pdfmark endps:SDict begin H.S endps:SDict begin 11 H.A endHps:SDict begin [ /View [/XYZ H.V] /Dest (2344) cvn H.B /DEST pdfmark endps:SDict begin H.S endps:SDict begin 11 H.A endHps:SDict begin [ /View [/XYZ H.V] /Dest (2345) cvn H.B /DEST pdfmark end 0Thisffprogramcanberunonlybythesystemadministratorips:SDict begin H.S endps:SDict begin 11 H.A endHps:SDict begin [ /View [/XYZ H.V] /Dest (2346) cvn H.B /DEST pdfmark endps:SDict begin H.S endps:SDict begin 11 H.A endHps:SDict begin [ /View [/XYZ H.V] /Dest (2347) cvn H.B /DEST pdfmark end IDIPTrafnormallydoesnotallowanybodybutuid0(root)torunit.Thismea-DsureIisincludedforsafetyreasons.SeethesectiononrecompilingtheprogramDbelowL;ifyouwanttooverridethis.Thisfeatureisbuiltin,andnotpartoftheDcongurationps:SDict begin H.S endps:SDict begin 11 H.A endHps:SDict begin [ /View [/XYZ H.V] /Dest (2348) cvn H.B /DEST pdfmark endps:SDict begin H.S endps:SDict begin 11 H.A endHps:SDict begin [ /View [/XYZ H.V] /Dest (2350) cvn H.B /DEST pdfmark endps:SDict begin H.S endps:SDict begin 11 H.A endHps:SDict begin [ /View [/XYZ H.V] /Dest (2351) cvn H.B /DEST pdfmark end0YourffTERMvariableisnotset0`ps:SDict begin H.S endps:SDict begin 11 H.A endHps:SDict begin [ /View [/XYZ H.V] /Dest (2352) cvn H.B /DEST pdfmark endps:SDict begin H.S endps:SDict begin 11 H.A endHps:SDict begin [ /View [/XYZ H.V] /Dest (2353) cvn H.B /DEST pdfmark end ϠDTheps:SDict begin H.S endps:SDict begin 11 H.A endHps:SDict begin [ /View [/XYZ H.V] /Dest (2354) cvn H.B /DEST pdfmark endTERM(terminaltype)environmentvariablemustbesettoavalidterminalDtype2sothatthescreenmanagementroutinescanfunctionproperly.SetittotheDappropriateterminaltype.Linuxconsolestypicallyhavetheirps:SDict begin H.S endps:SDict begin 11 H.A endHps:SDict begin [ /View [/XYZ H.V] /Dest (2355) cvn H.B /DEST pdfmark endTERMvariablesDsettops:SDict begin H.S endps:SDict begin 11 H.A endHps:SDict begin [ /View [/XYZ H.V] /Dest (2356) cvn H.B /DEST pdfmark endlinux.ps:SDict begin H.S endps:SDict begin 11 H.A endHps:SDict begin [ /View [/XYZ H.V] /Dest (2357) cvn H.B /DEST pdfmark endps:SDict begin H.S endps:SDict begin 11 H.A endHps:SDict begin [ /View [/XYZ H.V] /Dest (2359) cvn H.B /DEST pdfmark endps:SDict begin H.S endps:SDict begin 11 H.A endHps:SDict begin [ /View [/XYZ H.V] /Dest (2360) cvn H.B /DEST pdfmark end0ReceivedffTERMsignalips:SDict begin H.S endps:SDict begin 11 H.A endHps:SDict begin [ /View [/XYZ H.V] /Dest (2361) cvn H.B /DEST pdfmark endps:SDict begin H.S endps:SDict begin 11 H.A endHps:SDict begin [ /View [/XYZ H.V] /Dest (2362) cvn H.B /DEST pdfmark end IDNotIrelatedtothepreviousmessage.Theps:SDict begin H.S endps:SDict begin 11 H.A endHps:SDict begin [ /View [/XYZ H.V] /Dest (2363) cvn H.B /DEST pdfmark endTERM(terminate)signalisnormallyDusedetogracefullyshutdownaprogram.ThismessagesimplyindicatesthattheDps:SDict begin H.S endps:SDict begin 11 H.A endHps:SDict begin [ /View [/XYZ H.V] /Dest (2364) cvn H.B /DEST pdfmark endTERMsignalwascaughtandIPTrafisattemptingtoshutdownasgracefullyasDpossible.ps:SDict begin H.S endps:SDict begin 11 H.A endHps:SDict begin [ /View [/XYZ H.V] /Dest (2365) cvn H.B /DEST pdfmark endps:SDict begin H.S endps:SDict begin 11 H.A endHps:SDict begin [ /View [/XYZ H.V] /Dest (2367) cvn H.B /DEST pdfmark endps:SDict begin H.S endps:SDict begin 11 H.A endHps:SDict begin [ /View [/XYZ H.V] /Dest (2368) cvn H.B /DEST pdfmark end0Invalidffoptionormissingparameter,useiptraf-hforhelpips:SDict begin H.S endps:SDict begin 11 H.A endHps:SDict begin [ /View [/XYZ H.V] /Dest (2369) cvn H.B /DEST pdfmark endps:SDict begin H.S endps:SDict begin 11 H.A endHps:SDict begin [ /View [/XYZ H.V] /Dest (2370) cvn H.B /DEST pdfmark end IDTheOps:SDict begin H.S endps:SDict begin 11 H.A endHps:SDict begin [ /View [/XYZ H.V] /Dest (2371) cvn H.B /DEST pdfmark end-i,ps:SDict begin H.S endps:SDict begin 11 H.A endHps:SDict begin [ /View [/XYZ H.V] /Dest (2372) cvn H.B /DEST pdfmark end-d,ps:SDict begin H.S endps:SDict begin 11 H.A endHps:SDict begin [ /View [/XYZ H.V] /Dest (2373) cvn H.B /DEST pdfmark end-s,ps:SDict begin H.S endps:SDict begin 11 H.A endHps:SDict begin [ /View [/XYZ H.V] /Dest (2374) cvn H.B /DEST pdfmark end-l,orps:SDict begin H.S endps:SDict begin 11 H.A endHps:SDict begin [ /View [/XYZ H.V] /Dest (2375) cvn H.B /DEST pdfmark end-zoptionswerespeciedbutnointerfacewasspeciedDonthecommandline.Theseparametersrequireavalidinterfacename(orps:SDict begin H.S endps:SDict begin 11 H.A endHps:SDict begin [ /View [/XYZ H.V] /Dest (2376) cvn H.B /DEST pdfmark endallDforps:SDict begin H.S endps:SDict begin 11 H.A endHps:SDict begin [ /View [/XYZ H.V] /Dest (2377) cvn H.B /DEST pdfmark end-iorps:SDict begin H.S endps:SDict begin 11 H.A endHps:SDict begin [ /View [/XYZ H.V] /Dest (2378) cvn H.B /DEST pdfmark end-l).ps:SDict begin H.S endps:SDict begin 11 H.A endHps:SDict begin [ /View [/XYZ H.V] /Dest (2379) cvn H.B /DEST pdfmark endThismessagealsoappearsifanunknownoptionispassedtotheDps:SDict begin H.S endps:SDict begin 11 H.A endHps:SDict begin [ /View [/XYZ H.V] /Dest (2380) cvn H.B /DEST pdfmark endiptrafcommand.ps:SDict begin H.S endps:SDict begin 11 H.A endHps:SDict begin [ /View [/XYZ H.V] /Dest (2381) cvn H.B /DEST pdfmark endps:SDict begin H.S endps:SDict begin 11 H.A endHps:SDict begin [ /View [/XYZ H.V] /Dest (2383) cvn H.B /DEST pdfmark endps:SDict begin H.S endps:SDict begin 11 H.A endHps:SDict begin [ /View [/XYZ H.V] /Dest (2384) cvn H.B /DEST pdfmark end0Warning:ffunabletotagthisprocessips:SDict begin H.S endps:SDict begin 11 H.A endHps:SDict begin [ /View [/XYZ H.V] /Dest (2385) cvn H.B /DEST pdfmark endps:SDict begin H.S endps:SDict begin 11 H.A endHps:SDict begin [ /View [/XYZ H.V] /Dest (2386) cvn H.B /DEST pdfmark end IDIPTrafnormallytagsitselfwhenitrunstopreventmultipleinstancesofthesta-Dtisticalfacilitiesfromrunning.ThismessagemeanstheprogramwasunabletoDcreatehthenecessarytagle.Thismaybeduetoabadorimproperinstallation.DTry5runningtheps:SDict begin H.S endps:SDict begin 11 H.A endHps:SDict begin [ /View [/XYZ H.V] /Dest (2387) cvn H.B /DEST pdfmark endmakeinstallprocedure5ortheps:SDict begin H.S endps:SDict begin 11 H.A endHps:SDict begin [ /View [/XYZ H.V] /Dest (2388) cvn H.B /DEST pdfmark endSetupinthedistribution'stop-Dleveldirectory.ps:SDict begin H.S endps:SDict begin 11 H.A endHps:SDict begin [ /View [/XYZ H.V] /Dest (2389) cvn H.B /DEST pdfmark end0`color push Black65 color popB; *򑷺⟷ps:SDict begin /product where{pop product(Distiller)search{pop pop pop version(.)search{exch pop exch pop(3011)eq{gsave newpath 0 0 moveto closepath clip/Courier findfont 10 scalefont setfont 72 72 moveto(.)show grestore}if}{pop}ifelse}{pop}ifelse}if end 0`color push Blackcolor push gray 0ps:SDict begin H.S endcolor push gray 0 color popps:SDict begin H.R endKps:SDict begin [ /View [/XYZ H.V] /Dest (page.66) cvn H.B /DEST pdfmark end color popfdAppendixA.Messages color pop`ps:SDict begin H.S endps:SDict begin 11 H.A endHps:SDict begin [ /View [/XYZ H.V] /Dest (2391) cvn H.B /DEST pdfmark endps:SDict begin H.S endps:SDict begin 11 H.A endHps:SDict begin [ /View [/XYZ H.V] /Dest (2392) cvn H.B /DEST pdfmark end 0Warning:ffunabletotagfacilityDIPTraf\wasunabletocreatethetagleforthefacilityyoustarted.Thefacility Dwillstillrun,butotherinstancesofIPTrafthatmayberunningsimultaneouslyDwillallowthesamefacilitytorun.ThismaycausebothinstancesofthefacilityDtomalfunction.Thiscouldbeduetoabaddiskorbadinstallation.ps:SDict begin H.S endps:SDict begin 11 H.A endHps:SDict begin [ /View [/XYZ H.V] /Dest (2395) cvn H.B /DEST pdfmark endps:SDict begin H.S endps:SDict begin 11 H.A endHps:SDict begin [ /View [/XYZ H.V] /Dest (2397) cvn H.B /DEST pdfmark endps:SDict begin H.S endps:SDict begin 11 H.A endHps:SDict begin [ /View [/XYZ H.V] /Dest (2398) cvn H.B /DEST pdfmark endps:SDict begin H.S endps:SDict begin 11 H.A endHps:SDict begin [ /View [/XYZ H.V] /Dest (2399) cvn H.B /DEST pdfmark end0facility%alreadyffrunning/listeningoninterfaceips:SDict begin H.S endps:SDict begin 11 H.A endHps:SDict begin [ /View [/XYZ H.V] /Dest (2400) cvn H.B /DEST pdfmark endps:SDict begin H.S endps:SDict begin 11 H.A endHps:SDict begin [ /View [/XYZ H.V] /Dest (2401) cvn H.B /DEST pdfmark end IDThe/facilityyoutriedtostartiscurrentlyrunningontheindicatedinterfaceinDanotherIPTrafprocessonthemachine.Thisrestrictionisplacedtopreventcon-Dictsinvolvinginternalsocketsorthelogles.ps:SDict begin H.S endps:SDict begin 11 H.A endHps:SDict begin [ /View [/XYZ H.V] /Dest (2402) cvn H.B /DEST pdfmark endps:SDict begin H.S endps:SDict begin 11 H.A endHps:SDict begin [ /View [/XYZ H.V] /Dest (2404) cvn H.B /DEST pdfmark endps:SDict begin H.S endps:SDict begin 11 H.A endHps:SDict begin [ /View [/XYZ H.V] /Dest (2405) cvn H.B /DEST pdfmark end0Generalffinterfacestatisticsalreadyactiveinanotherprocessips:SDict begin H.S endps:SDict begin 11 H.A endHps:SDict begin [ /View [/XYZ H.V] /Dest (2406) cvn H.B /DEST pdfmark endps:SDict begin H.S endps:SDict begin 11 H.A endHps:SDict begin [ /View [/XYZ H.V] /Dest (2407) cvn H.B /DEST pdfmark end IDOnlyoneinstanceofthegeneralinterfacestatisticscanrunatatime.ps:SDict begin H.S endps:SDict begin 11 H.A endHps:SDict begin [ /View [/XYZ H.V] /Dest (2408) cvn H.B /DEST pdfmark endps:SDict begin H.S endps:SDict begin 11 H.A endHps:SDict begin [ /View [/XYZ H.V] /Dest (2410) cvn H.B /DEST pdfmark endps:SDict begin H.S endps:SDict begin 11 H.A endHps:SDict begin [ /View [/XYZ H.V] /Dest (2411) cvn H.B /DEST pdfmark end0Duplicateffport/rangeentryips:SDict begin H.S endps:SDict begin 11 H.A endHps:SDict begin [ /View [/XYZ H.V] /Dest (2412) cvn H.B /DEST pdfmark endps:SDict begin H.S endps:SDict begin 11 H.A endHps:SDict begin [ /View [/XYZ H.V] /Dest (2413) cvn H.B /DEST pdfmark end IDYouenteredaportnumberorrangethatwasalreadyaddedtothelistofaddi-DtionalportstobemonitoredbytheTCP/UDPservicemonitorps:SDict begin H.S endps:SDict begin 11 H.A endHps:SDict begin [ /View [/XYZ H.V] /Dest (2414) cvn H.B /DEST pdfmark endps:SDict begin H.S endps:SDict begin 11 H.A endHps:SDict begin [ /View [/XYZ H.V] /Dest (2416) cvn H.B /DEST pdfmark endps:SDict begin H.S endps:SDict begin 11 H.A endHps:SDict begin [ /View [/XYZ H.V] /Dest (2417) cvn H.B /DEST pdfmark end0Noffcustomportsips:SDict begin H.S endps:SDict begin 11 H.A endHps:SDict begin [ /View [/XYZ H.V] /Dest (2418) cvn H.B /DEST pdfmark endps:SDict begin H.S endps:SDict begin 11 H.A endHps:SDict begin [ /View [/XYZ H.V] /Dest (2419) cvn H.B /DEST pdfmark end IDTherearenoportsorportrangesearlieradded.There'snothingtodelete.ps:SDict begin H.S endps:SDict begin 11 H.A endHps:SDict begin [ /View [/XYZ H.V] /Dest (2420) cvn H.B /DEST pdfmark endps:SDict begin H.S endps:SDict begin 11 H.A endHps:SDict begin [ /View [/XYZ H.V] /Dest (2422) cvn H.B /DEST pdfmark endps:SDict begin H.S endps:SDict begin 11 H.A endHps:SDict begin [ /View [/XYZ H.V] /Dest (2423) cvn H.B /DEST pdfmark end0Can'tffstartrvnamed;lookupswillblockips:SDict begin H.S endps:SDict begin 11 H.A endHps:SDict begin [ /View [/XYZ H.V] /Dest (2424) cvn H.B /DEST pdfmark endps:SDict begin H.S endps:SDict begin 11 H.A endHps:SDict begin [ /View [/XYZ H.V] /Dest (2425) cvn H.B /DEST pdfmark end IDIPTrafcannotstarttheps:SDict begin H.S endps:SDict begin 11 H.A endHps:SDict begin [ /View [/XYZ H.V] /Dest (2426) cvn H.B /DEST pdfmark endrvnameddaemon;probablyduetoabadinstallation.DIPTrafwillfallbacktoblockinglookups.ps:SDict begin H.S endps:SDict begin 11 H.A endHps:SDict begin [ /View [/XYZ H.V] /Dest (2427) cvn H.B /DEST pdfmark endps:SDict begin H.S endps:SDict begin 11 H.A endHps:SDict begin [ /View [/XYZ H.V] /Dest (2429) cvn H.B /DEST pdfmark endps:SDict begin H.S endps:SDict begin 11 H.A endHps:SDict begin [ /View [/XYZ H.V] /Dest (2430) cvn H.B /DEST pdfmark end0Can'tffspawnnewprocess;lookupswillblockips:SDict begin H.S endps:SDict begin 11 H.A endHps:SDict begin [ /View [/XYZ H.V] /Dest (2431) cvn H.B /DEST pdfmark endps:SDict begin H.S endps:SDict begin 11 H.A endHps:SDict begin [ /View [/XYZ H.V] /Dest (2432) cvn H.B /DEST pdfmark end IDIPTrafԌcannotstartanewprocess.Thismaybeduetomemoryshortage.IPTrafDwillfallbacktoblockinglookups.ps:SDict begin H.S endps:SDict begin 11 H.A endHps:SDict begin [ /View [/XYZ H.V] /Dest (2433) cvn H.B /DEST pdfmark endps:SDict begin H.S endps:SDict begin 11 H.A endHps:SDict begin [ /View [/XYZ H.V] /Dest (2435) cvn H.B /DEST pdfmark endps:SDict begin H.S endps:SDict begin 11 H.A endHps:SDict begin [ /View [/XYZ H.V] /Dest (2436) cvn H.B /DEST pdfmark end0Forkfferror,IPTrafcannotruninbackgroundips:SDict begin H.S endps:SDict begin 11 H.A endHps:SDict begin [ /View [/XYZ H.V] /Dest (2437) cvn H.B /DEST pdfmark endps:SDict begin H.S endps:SDict begin 11 H.A endHps:SDict begin [ /View [/XYZ H.V] /Dest (2438) cvn H.B /DEST pdfmark end IDIPTrafcannotstartanewprocess,andcangointothebackground.ThismaybeDduetomemoryshortage.IPTrafaborts.ps:SDict begin H.S endps:SDict begin 11 H.A endHps:SDict begin [ /View [/XYZ H.V] /Dest (2439) cvn H.B /DEST pdfmark endps:SDict begin H.S endps:SDict begin 11 H.A endHps:SDict begin [ /View [/XYZ H.V] /Dest (2441) cvn H.B /DEST pdfmark endps:SDict begin H.S endps:SDict begin 11 H.A endHps:SDict begin [ /View [/XYZ H.V] /Dest (2442) cvn H.B /DEST pdfmark end0Noffmemoryfornewfilterentry0`color push Black66 color popC; M`⟷ps:SDict begin /product where{pop product(Distiller)search{pop pop pop version(.)search{exch pop exch pop(3011)eq{gsave newpath 0 0 moveto closepath clip/Courier findfont 10 scalefont setfont 72 72 moveto(.)show grestore}if}{pop}ifelse}{pop}ifelse}if end 0`color push Blackcolor push gray 0ps:SDict begin H.S endcolor push gray 0 color popps:SDict begin H.R endKps:SDict begin [ /View [/XYZ H.V] /Dest (page.67) cvn H.B /DEST pdfmark end color popfdGAAppendixA.Messages color pop`ps:SDict begin H.S endps:SDict begin 11 H.A endHps:SDict begin [ /View [/XYZ H.V] /Dest (2443) cvn H.B /DEST pdfmark endps:SDict begin H.S endps:SDict begin 11 H.A endHps:SDict begin [ /View [/XYZ H.V] /Dest (2444) cvn H.B /DEST pdfmark end DIPTrafwasunabletoallocatememoryforanewlterentry.Mostlikelydueto Dmemoryshortage.ps:SDict begin H.S endps:SDict begin 11 H.A endHps:SDict begin [ /View [/XYZ H.V] /Dest (2445) cvn H.B /DEST pdfmark endps:SDict begin H.S endps:SDict begin 11 H.A endHps:SDict begin [ /View [/XYZ H.V] /Dest (2447) cvn H.B /DEST pdfmark endps:SDict begin H.S endps:SDict begin 11 H.A endHps:SDict begin [ /View [/XYZ H.V] /Dest (2448) cvn H.B /DEST pdfmark end0MemoryffLowips:SDict begin H.S endps:SDict begin 11 H.A endHps:SDict begin [ /View [/XYZ H.V] /Dest (2449) cvn H.B /DEST pdfmark endps:SDict begin H.S endps:SDict begin 11 H.A endHps:SDict begin [ /View [/XYZ H.V] /Dest (2450) cvn H.B /DEST pdfmark end|DThismindicatorappearsifmemoryrunslowduetoalotofentriesinafacility.  DShouldTcriticalfunctionsfail(windowcreation,internalallocation),theprogramDcouldterminatewithasegmentationviolation.ps:SDict begin H.S endps:SDict begin 9.9 H.A endHps:SDict begin [ /View [/XYZ H.V] /Dest (2451) cvn H.B /DEST pdfmark endps:SDict begin H.S endps:SDict begin 9.9 H.A endHps:SDict begin [ /View [/XYZ H.V] /Dest (2453) cvn H.B /DEST pdfmark end~XNote:BAnvymessageorindicatoraboutlowmemorEymeansthatyoursystemdoes fXnot9havfeenoughmemorEytohandletheentr"iesv.Itisalmostcer\#tainthatsoonerorXlater,IPTraforotherapplicationswillabor\#tduetothefailureofimportantsystemXcalls}orlibrarEyfunctionsv.Memorymustbeaddedr"ightawvay.ps:SDict begin H.S endps:SDict begin 11 H.A endHps:SDict begin [ /View [/XYZ H.V] /Dest (2454) cvn H.B /DEST pdfmark endps:SDict begin H.S endps:SDict begin 11 H.A endHps:SDict begin [ /View [/XYZ H.V] /Dest (2456) cvn H.B /DEST pdfmark endps:SDict begin H.S endps:SDict begin 11 H.A endHps:SDict begin [ /View [/XYZ H.V] /Dest (2457) cvn H.B /DEST pdfmark end 0IPCffError0`ps:SDict begin H.S endps:SDict begin 11 H.A endHps:SDict begin [ /View [/XYZ H.V] /Dest (2458) cvn H.B /DEST pdfmark endps:SDict begin H.S endps:SDict begin 11 H.A endHps:SDict begin [ /View [/XYZ H.V] /Dest (2459) cvn H.B /DEST pdfmark end ϠDThis7indicatorappearsifanerroroccursreceivingdatafromtheps:SDict begin H.S endps:SDict begin 11 H.A endHps:SDict begin [ /View [/XYZ H.V] /Dest (2460) cvn H.B /DEST pdfmark endrvnamedpro-Dgram(IPCstandsforInterprocessCommunication).ThisindicationshouldnotDoccurundernormalcircumstances.ReportinstancesofthisconditionandtheDcircumstancesRunderwhichithappens.YoumayalsoincludedatafromtheDps:SDict begin H.S endps:SDict begin 11 H.A endHps:SDict begin [ /View [/XYZ H.V] /Dest (2461) cvn H.B /DEST pdfmark endrvnamed.logle.ps:SDict begin H.S endps:SDict begin 11 H.A endHps:SDict begin [ /View [/XYZ H.V] /Dest (2462) cvn H.B /DEST pdfmark endps:SDict begin H.S endps:SDict begin 11 H.A endHps:SDict begin [ /View [/XYZ H.V] /Dest (2464) cvn H.B /DEST pdfmark endps:SDict begin H.S endps:SDict begin 11 H.A endHps:SDict begin [ /View [/XYZ H.V] /Dest (2465) cvn H.B /DEST pdfmark end0Errorffopeningterminal:ps:SDict begin H.S endps:SDict begin 11 H.A endHps:SDict begin [ /View [/XYZ H.V] /Dest (2466) cvn H.B /DEST pdfmark endterminalips:SDict begin H.S endps:SDict begin 11 H.A endHps:SDict begin [ /View [/XYZ H.V] /Dest (2467) cvn H.B /DEST pdfmark endps:SDict begin H.S endps:SDict begin 11 H.A endHps:SDict begin [ /View [/XYZ H.V] /Dest (2468) cvn H.B /DEST pdfmark end IDThe7screenmanagementroutinescannotndtheps:SDict begin H.S endps:SDict begin 11 H.A endHps:SDict begin [ /View [/XYZ H.V] /Dest (2469) cvn H.B /DEST pdfmark endterminfoentryforyourtermi-Dnal.<IPTrafexpectstheterminfodatabaselocatedinps:SDict begin H.S endps:SDict begin 11 H.A endHps:SDict begin [ /View [/XYZ H.V] /Dest (2470) cvn H.B /DEST pdfmark end/usr/share/terminfo.ThisDerrorcouldoccurwhenyourterminfodatabaseislocatedsomewhereelse.ps:SDict begin H.S endps:SDict begin 11 H.A endHps:SDict begin [ /View [/XYZ H.V] /Dest (2471) cvn H.B /DEST pdfmark endSeeDthesectiononcontrollingtheps:SDict begin H.S endps:SDict begin 11 H.A endHps:SDict begin [ /View [/XYZ H.V] /Dest (2472) cvn H.B /DEST pdfmark endterminfosearchpath.ps:SDict begin H.S endps:SDict begin 11 H.A endHps:SDict begin [ /View [/XYZ H.V] /Dest (2473) cvn H.B /DEST pdfmark endps:SDict begin H.S endps:SDict begin 11 H.A endHps:SDict begin [ /View [/XYZ H.V] /Dest (2475) cvn H.B /DEST pdfmark endps:SDict begin H.S endps:SDict begin 11 H.A endHps:SDict begin [ /View [/XYZ H.V] /Dest (2476) cvn H.B /DEST pdfmark end0ThisffwillendyourIPTrafsessionips:SDict begin H.S endps:SDict begin 11 H.A endHps:SDict begin [ /View [/XYZ H.V] /Dest (2477) cvn H.B /DEST pdfmark endps:SDict begin H.S endps:SDict begin 11 H.A endHps:SDict begin [ /View [/XYZ H.V] /Dest (2478) cvn H.B /DEST pdfmark end IDInwinteractivemodeIPTrafasksyoutoconrmyourexitcommand.PressEnterDtojreturntotheshelloranyotherkeytocancelyourcommandandreturntotheDmainmenu. ps:SDict begin H.S endps:SDict begin 11 H.A endSps:SDict begin [ /View [/XYZ H.V] /Dest (RVNAMEDMESSAGES) cvn H.B /DEST pdfmark end"r"vnamed6Messagesps:SDict begin H.S endps:SDict begin 14.641 H.A endKps:SDict begin [ /View [/XYZ H.V] /Dest (12.29.1) cvn H.B /DEST pdfmark end ps:SDict begin H.S endps:SDict begin 11 H.A endHps:SDict begin [ /View [/XYZ H.V] /Dest (2481) cvn H.B /DEST pdfmark end 卑0Asadaemon,rvnameddoesnotsendmessagestothescreen.Itwritesitsmessages0totheleps:SDict begin H.S endps:SDict begin 11 H.A endHps:SDict begin [ /View [/XYZ H.V] /Dest (2482) cvn H.B /DEST pdfmark endrvnamed.logintheIPTraflogdirectory.ps:SDict begin H.S endps:SDict begin 11 H.A endHps:SDict begin [ /View [/XYZ H.V] /Dest (2484) cvn H.B /DEST pdfmark endps:SDict begin H.S endps:SDict begin 11 H.A endHps:SDict begin [ /View [/XYZ H.V] /Dest (2486) cvn H.B /DEST pdfmark endps:SDict begin H.S endps:SDict begin 11 H.A endHps:SDict begin [ /View [/XYZ H.V] /Dest (2487) cvn H.B /DEST pdfmark end.0Unablefftoopenchildcommunicationsocket0`color push Black67 color popD; lS⟷ps:SDict begin /product where{pop product(Distiller)search{pop pop pop version(.)search{exch pop exch pop(3011)eq{gsave newpath 0 0 moveto closepath clip/Courier findfont 10 scalefont setfont 72 72 moveto(.)show grestore}if}{pop}ifelse}{pop}ifelse}if end 0`color push Blackcolor push gray 0ps:SDict begin H.S endcolor push gray 0 color popps:SDict begin H.R endKps:SDict begin [ /View [/XYZ H.V] /Dest (page.68) cvn H.B /DEST pdfmark end color popfdAppendixA.Messages color pop`ps:SDict begin H.S endps:SDict begin 11 H.A endHps:SDict begin [ /View [/XYZ H.V] /Dest (2488) cvn H.B /DEST pdfmark endps:SDict begin H.S endps:SDict begin 11 H.A endHps:SDict begin [ /View [/XYZ H.V] /Dest (2489) cvn H.B /DEST pdfmark end Drvnamedjwasunabletoopenthecommunicationendpointfordatareception Dfrom$thechildrenitcreates.Thisishighlyunusual,andshoulditoccurB,reportDthecircumstances.ps:SDict begin H.S endps:SDict begin 11 H.A endHps:SDict begin [ /View [/XYZ H.V] /Dest (2490) cvn H.B /DEST pdfmark endps:SDict begin H.S endps:SDict begin 11 H.A endHps:SDict begin [ /View [/XYZ H.V] /Dest (2492) cvn H.B /DEST pdfmark endps:SDict begin H.S endps:SDict begin 11 H.A endHps:SDict begin [ /View [/XYZ H.V] /Dest (2493) cvn H.B /DEST pdfmark end0Unablefftoopenclientcommunicationsocketips:SDict begin H.S endps:SDict begin 11 H.A endHps:SDict begin [ /View [/XYZ H.V] /Dest (2494) cvn H.B /DEST pdfmark endps:SDict begin H.S endps:SDict begin 11 H.A endHps:SDict begin [ /View [/XYZ H.V] /Dest (2495) cvn H.B /DEST pdfmark end IDrvnamedwasunabletoopenthecommunicationendpointfordataexchangeDwith%theIPTrafprogram.Thisishighlyunusual,andshoulditoccurB,reporttheDcircumstances.ps:SDict begin H.S endps:SDict begin 11 H.A endHps:SDict begin [ /View [/XYZ H.V] /Dest (2496) cvn H.B /DEST pdfmark endps:SDict begin H.S endps:SDict begin 11 H.A endHps:SDict begin [ /View [/XYZ H.V] /Dest (2498) cvn H.B /DEST pdfmark endps:SDict begin H.S endps:SDict begin 11 H.A endHps:SDict begin [ /View [/XYZ H.V] /Dest (2499) cvn H.B /DEST pdfmark end0ErrorffbindingclientcommunicationsocketErrorbindingchildcommunication0socket0`ps:SDict begin H.S endps:SDict begin 11 H.A endHps:SDict begin [ /View [/XYZ H.V] /Dest (2500) cvn H.B /DEST pdfmark endps:SDict begin H.S endps:SDict begin 11 H.A endHps:SDict begin [ /View [/XYZ H.V] /Dest (2501) cvn H.B /DEST pdfmark end ϠDrvnamed+`wasunabletoassignanametotheindicatedcommunicationsocket.DThismaybeduetoabad,full,orcorruptedlesystem.ps:SDict begin H.S endps:SDict begin 11 H.A endHps:SDict begin [ /View [/XYZ H.V] /Dest (2502) cvn H.B /DEST pdfmark endps:SDict begin H.S endps:SDict begin 11 H.A endHps:SDict begin [ /View [/XYZ H.V] /Dest (2504) cvn H.B /DEST pdfmark endps:SDict begin H.S endps:SDict begin 11 H.A endHps:SDict begin [ /View [/XYZ H.V] /Dest (2505) cvn H.B /DEST pdfmark end0Fatalfferror:nomemoryfordescriptormonitoringips:SDict begin H.S endps:SDict begin 11 H.A endHps:SDict begin [ /View [/XYZ H.V] /Dest (2506) cvn H.B /DEST pdfmark endps:SDict begin H.S endps:SDict begin 11 H.A endHps:SDict begin [ /View [/XYZ H.V] /Dest (2507) cvn H.B /DEST pdfmark end IDrvnamedranoutofmemory.IPTrafwillresorttoblocking,andmayfreeze.ps:SDict begin H.S endps:SDict begin 11 H.A endHps:SDict begin [ /View [/XYZ H.V] /Dest (2508) cvn H.B /DEST pdfmark endps:SDict begin H.S endps:SDict begin 11 H.A endHps:SDict begin [ /View [/XYZ H.V] /Dest (2510) cvn H.B /DEST pdfmark endps:SDict begin H.S endps:SDict begin 11 H.A endHps:SDict begin [ /View [/XYZ H.V] /Dest (2511) cvn H.B /DEST pdfmark end0Errorffonfork,returningIPaddressips:SDict begin H.S endps:SDict begin 11 H.A endHps:SDict begin [ /View [/XYZ H.V] /Dest (2512) cvn H.B /DEST pdfmark endps:SDict begin H.S endps:SDict begin 11 H.A endHps:SDict begin [ /View [/XYZ H.V] /Dest (2513) cvn H.B /DEST pdfmark end IDrvnamedhadaproblemspawningacopyofitselftoresolvetheIPǮaddress.rv-Dnamed%willsimplyreturntheIP$addressinitsliteral,dotted-decimalnotation.DIPTrafDwillstillfunctionnormally.Thismaybeduetolackofmemoryorapro-Dcesslimithit.ps:SDict begin H.S endps:SDict begin 11 H.A endHps:SDict begin [ /View [/XYZ H.V] /Dest (2514) cvn H.B /DEST pdfmark endps:SDict begin H.S endps:SDict begin 11 H.A endHps:SDict begin [ /View [/XYZ H.V] /Dest (2516) cvn H.B /DEST pdfmark endps:SDict begin H.S endps:SDict begin 11 H.A endHps:SDict begin [ /View [/XYZ H.V] /Dest (2517) cvn H.B /DEST pdfmark end0Maximumffchildprocesslimitreachedips:SDict begin H.S endps:SDict begin 11 H.A endHps:SDict begin [ /View [/XYZ H.V] /Dest (2518) cvn H.B /DEST pdfmark endps:SDict begin H.S endps:SDict begin 11 H.A endHps:SDict begin [ /View [/XYZ H.V] /Dest (2519) cvn H.B /DEST pdfmark end IDrvnamedhasreacheditsmaximumnumberofchildprocesses.ThisisintendedDasɬa"brake"topreventtoomanyrvnamedchildrenfromhoggingyourcom-Dputerp'sresourcesandpossiblycrashingit.ps:SDict begin H.S endps:SDict begin 11 H.A endHps:SDict begin [ /View [/XYZ H.V] /Dest (2520) cvn H.B /DEST pdfmark endUnlessIPTrafismonitoringanex-Dtremely1busynetworkwithoutlters,thisshouldn'thappen,atleast,notthatDoften.ТIfyounoticethismessage,tryapplyingltersorcheckyourDNSЍserverB.DManyV!times,thiscanhappenwhentheDNSVservergoesdownforwhateverrea-Dson,andyouhavervnamedchildrentakingtoolongtoresolve.0`color push Black68 color popE; g⟷ps:SDict begin /product where{pop product(Distiller)search{pop pop pop version(.)search{exch pop exch pop(3011)eq{gsave newpath 0 0 moveto closepath clip/Courier findfont 10 scalefont setfont 72 72 moveto(.)show grestore}if}{pop}ifelse}{pop}ifelse}if end 0`color push Blackcolor push gray 0ps:SDict begin H.S endcolor push gray 0 color popps:SDict begin H.R endKps:SDict begin [ /View [/XYZ H.V] /Dest (page.69) cvn H.B /DEST pdfmark end color pop color pop`ps:SDict begin H.S endps:SDict begin 11 H.A endHps:SDict begin [ /View [/XYZ H.V] /Dest (GFDL) cvn H.B /DEST pdfmark end ;AppendixB.GNUFreeDocumentationLicenseps:SDict begin H.S endps:SDict begin 16.105 H.A endHps:SDict begin [ /View [/XYZ H.V] /Dest (13.0) cvn H.B /DEST pdfmark endWps:SDict begin H.S endps:SDict begin 11 H.A endHps:SDict begin [ /View [/XYZ H.V] /Dest (2523) cvn H.B /DEST pdfmark end*0Version1.1,March2000ps:SDict begin H.S endps:SDict begin 9.9 H.A endHps:SDict begin [ /View [/XYZ H.V] /Dest (2524) cvn H.B /DEST pdfmark endps:SDict begin H.S endps:SDict begin 9.9 H.A endHps:SDict begin [ /View [/XYZ H.V] /Dest (2525) cvn H.B /DEST pdfmark endB:9E( pplr8tCopyright5(C)42000Fr֋eeSoftwareFoundation,Inc.59T, emplePlace,Suite330,Boston, f:MA02111-1307USAEveryoneispermittedtocopyanddistributeverbatimcopiesofthis:license@document,butchangingitisnotallowed.ps:SDict begin H.S endps:SDict begin 11 H.A endJps:SDict begin [ /View [/XYZ H.V] /Dest (GFDL-0) cvn H.B /DEST pdfmark end"PREAMBLEps:SDict begin H.S endps:SDict begin 14.641 H.A endKps:SDict begin [ /View [/XYZ H.V] /Dest (13.30.1) cvn H.B /DEST pdfmark endps:SDict begin H.S endps:SDict begin 11 H.A endHps:SDict begin [ /View [/XYZ H.V] /Dest (2528) cvn H.B /DEST pdfmark end 0Thep[purposeofthisLicenseistomakeamanual,textbook,orotherwrittendocu-0mentv"free"inthesenseoffreedom:toassureeveryonetheeectivefreedomtocopy0and#redistributeit,withorwithoutmodifyingit,eithercommerciallyornoncommer-0cially.Secondarily,thisLicensepreservesfortheauthorandpublisherawaytoget0creditlRfortheirwork,whilenotbeingconsideredresponsibleformodicationsmade0byothers.ps:SDict begin H.S endps:SDict begin 11 H.A endHps:SDict begin [ /View [/XYZ H.V] /Dest (2529) cvn H.B /DEST pdfmark end.0ThisLicenseisakindof"copyleft",whichmeansthatderivativeworksofthedocu-0mentmustthemselvesbefreeinthesamesense.ItcomplementstheGNUYGeneral0PublicLicense,whichisacopyleftlicensedesignedforfreesoftware.ps:SDict begin H.S endps:SDict begin 11 H.A endHps:SDict begin [ /View [/XYZ H.V] /Dest (2530) cvn H.B /DEST pdfmark end.0We&havedesignedthisLicenseinordertouseitformanualsforfreesoftware,because0freessoftwareneedsfreedocumentation:afreeprogramshouldcomewithmanuals0providing@thesamefreedomsthatthesoftwaredoes.ButthisLicenseisnotlimited0toXsoftwaremanuals;itcanbeusedforanytextualwork,regardlessofsubjectmatter0orwwhetheritispublishedasaprintedbook.WerecommendthisLicenseprincipally0forworkswhosepurposeisinstructionorreference.ps:SDict begin H.S endps:SDict begin 11 H.A endJps:SDict begin [ /View [/XYZ H.V] /Dest (GFDL-1) cvn H.B /DEST pdfmark end1APPLICABILITY6ANDDEFINITIONSps:SDict begin H.S endps:SDict begin 14.641 H.A endKps:SDict begin [ /View [/XYZ H.V] /Dest (13.31.1) cvn H.B /DEST pdfmark end@ps:SDict begin H.S endps:SDict begin 11 H.A endHps:SDict begin [ /View [/XYZ H.V] /Dest (2533) cvn H.B /DEST pdfmark end n0ThisZ Licenseappliestoanymanualorotherworkthatcontainsanoticeplacedby0the^copyrightholdersayingitcanbedistributedunderthetermsofthisLicense.The0"Document",rbelow,referstoanysuchmanualorwork.Anymemberofthepublicis0alicensee,andisaddressedas"you".ps:SDict begin H.S endps:SDict begin 11 H.A endHps:SDict begin [ /View [/XYZ H.V] /Dest (2534) cvn H.B /DEST pdfmark end.0Aa"ModiedaVersion"oftheDocumentmeansanyworkcontainingtheDocumentor0aportionofit,eithercopiedverbatim,orwithmodicationsand/ortranslatedinto0anotherlanguage.ps:SDict begin H.S endps:SDict begin 11 H.A endHps:SDict begin [ /View [/XYZ H.V] /Dest (2535) cvn H.B /DEST pdfmark end.0AK"SecondarynSection"isanamedappendixorafront-mattersectionoftheDocument0thatdealsexclusivelywiththerelationshipofthepublishersorauthorsoftheDocu-0ment8totheDocument'soverallsubject(ortorelatedmatters)andcontainsnothing0that couldfalldirectlywithinthatoverallsubject.(Forexample,iftheDocumentis0inpartatextbookofmathematics,aSecondarySectionmaynotexplainanymathe-0matics.)Therelationshipcouldbeamatterofhistoricalconnectionwiththesubject0or`withrelatedmatters,oroflegal,commercial,philosophical,ethicalorpoliticalpo-0sitionregardingthem.ps:SDict begin H.S endps:SDict begin 11 H.A endHps:SDict begin [ /View [/XYZ H.V] /Dest (2536) cvn H.B /DEST pdfmark end.0The"InvariantSections"arecertainSecondarySectionswhosetitlesaredesignated,0as*beingthoseofInvariantSections,inthenoticethatsaysthattheDocumentis0releasedunderthisLicense.7ps:SDict begin H.S endps:SDict begin 11 H.A endHps:SDict begin [ /View [/XYZ H.V] /Dest (2537) cvn H.B /DEST pdfmark end 0The"CoverTexts"arecertainshortpassagesoftextthatarelisted,asFront-Cover0Texts"orBack-CoverTexts,inthenoticethatsaysthattheDocumentisreleasedunder0thisLicense.0`color push Black69 color popF; ⟷ps:SDict begin /product where{pop product(Distiller)search{pop pop pop version(.)search{exch pop exch pop(3011)eq{gsave newpath 0 0 moveto closepath clip/Courier findfont 10 scalefont setfont 72 72 moveto(.)show grestore}if}{pop}ifelse}{pop}ifelse}if end 0`color push Blackcolor push gray 0ps:SDict begin H.S endcolor push gray 0 color popps:SDict begin H.R endKps:SDict begin [ /View [/XYZ H.V] /Dest (page.70) cvn H.B /DEST pdfmark end color popfdAppendixB.GNUFreeDocumentationLicense color pop`ps:SDict begin H.S endps:SDict begin 11 H.A endHps:SDict begin [ /View [/XYZ H.V] /Dest (2538) cvn H.B /DEST pdfmark end 0A"Transparent"copyoftheDocumentmeansamachine-readablecopy,represented 0in4aformatwhosespecicationisavailabletothegeneralpublic,whosecontents0canbeviewedandediteddirectlyandstraightforwardlywithgenerictexteditors0orL>(forimagescomposedofpixels)genericpaintprogramsor(fordrawings)some0widely?availabledrawingeditorB,andthatissuitableforinputtotextformattersor0forkautomatictranslationtoavarietyofformatssuitableforinputtotextformatters.A0copy'madeinanotherwiseTransparentleformatwhosemarkuphasbeendesigned0toEthwartordiscouragesubsequentmodicationbyreadersisnotTransparent.A0copythatisnot"Transparent"iscalled"Opaque".ps:SDict begin H.S endps:SDict begin 11 H.A endHps:SDict begin [ /View [/XYZ H.V] /Dest (2539) cvn H.B /DEST pdfmark end.0ExamplesofsuitableformatsforTransparentcopiesincludeplainASCIIuwithout0markup,\Texinfoinputformat,LaTeX@inputformat,SGMLorXMLusingapublicly0available9DTD,andstandard-conformingsimpleHTML9designedforhumanmod-0ication.OpaqueformatsincludePostScript,PDF,proprietaryformatsthatcanbe0readandeditedonlybyproprietarywordprocessors,SGMLorXMLforwhichthe0DTD3and/or3processingtoolsarenotgenerallyavailable,andthemachine-generated0HTMLproducedbysomewordprocessorsforoutputpurposesonly.ps:SDict begin H.S endps:SDict begin 11 H.A endHps:SDict begin [ /View [/XYZ H.V] /Dest (2540) cvn H.B /DEST pdfmark end.0The"Ts8itlePage"means,foraprintedbook,thetitlepageitself,plussuchfollowing0pagesasareneededtohold,legibly,thematerialthisLicenserequirestoappearinthe0title9page.Forworksinformatswhichdonothaveanytitlepageassuch,"Ts8itlePage"0meansFthetextnearthemostprominentappearanceofthework'stitle,precedingthe0beginningofthebodyofthetext.ps:SDict begin H.S endps:SDict begin 11 H.A endJps:SDict begin [ /View [/XYZ H.V] /Dest (GFDL-2) cvn H.B /DEST pdfmark end1VERBA_TIM6COPYINGps:SDict begin H.S endps:SDict begin 14.641 H.A endKps:SDict begin [ /View [/XYZ H.V] /Dest (13.32.1) cvn H.B /DEST pdfmark end@ps:SDict begin H.S endps:SDict begin 11 H.A endHps:SDict begin [ /View [/XYZ H.V] /Dest (2543) cvn H.B /DEST pdfmark end n0You9maycopyanddistributetheDocumentinanymedium,eithercommerciallyor0noncommercially,EprovidedthatthisLicense,thecopyrightnotices,andthelicense0noticesayingthisLicenseappliestotheDocumentarereproducedinallcopies,and0that%youaddnootherconditionswhatsoevertothoseofthisLicense.Youmaynot0use]\)color push BlackF. color popHps:SDict begin H.S endps:SDict begin 11 H.A endHps:SDict begin [ /View [/XYZ H.V] /Dest (2566) cvn H.B /DEST pdfmark endInclude,+ immediatelyafterthecopyrightnotices,alicensenoticegivingthe HpublicpermissiontousetheModiedVersionunderthetermsofthisLicense,HintheformshownintheAddendumbelow.7ps:SDict begin H.S endps:SDict begin 11 H.A endHps:SDict begin [ /View [/XYZ H.V] /Dest (2567) cvn H.B /DEST pdfmark end;^color push BlackG. color popHps:SDict begin H.S endps:SDict begin 11 H.A endHps:SDict begin [ /View [/XYZ H.V] /Dest (2568) cvn H.B /DEST pdfmark endPreserve[ginthatlicensenoticethefulllistsofInvariantSectionsandrequiredHCoverTextsgivenintheDocument'slicensenotice.ps:SDict begin H.S endps:SDict begin 11 H.A endHps:SDict begin [ /View [/XYZ H.V] /Dest (2569) cvn H.B /DEST pdfmark end .:color push BlackH. color popHps:SDict begin H.S endps:SDict begin 11 H.A endHps:SDict begin [ /View [/XYZ H.V] /Dest (2570) cvn H.B /DEST pdfmark endIncludeanunalteredcopyofthisLicense.ps:SDict begin H.S endps:SDict begin 11 H.A endHps:SDict begin [ /View [/XYZ H.V] /Dest (2571) cvn H.B /DEST pdfmark end?Hcolor push BlackI. color popHps:SDict begin H.S endps:SDict begin 11 H.A endHps:SDict begin [ /View [/XYZ H.V] /Dest (2572) cvn H.B /DEST pdfmark endPreserve7thesectionentitled"History",anditstitle,andaddtoitanitemstating Hatmleastthetitle,yearB,newauthors,andpublisheroftheModiedVersionasHgiven"ontheTs8itlePage.Ifthereisnosectionentitled"History"intheDocument,Hcreateonestatingthetitle,yearB,authors,andpublisheroftheDocumentasHgiven)onitsTs8itlePage,thenaddanitemdescribingtheModiedVersionasHstatedintheprevioussentence.ps:SDict begin H.S endps:SDict begin 11 H.A endHps:SDict begin [ /View [/XYZ H.V] /Dest (2573) cvn H.B /DEST pdfmark end .?color push BlackJ. color popHps:SDict begin H.S endps:SDict begin 11 H.A endHps:SDict begin [ /View [/XYZ H.V] /Dest (2574) cvn H.B /DEST pdfmark endPreserve-thenetworklocation,ifany,givenintheDocumentforpublicaccesstoHa4TransparentcopyoftheDocument,andlikewisethenetworklocationsgivenHinhMtheDocumentforpreviousversionsitwasbasedon.Thesemaybeplacedin0`color push Black71 color popH; Է⟷ps:SDict begin /product where{pop product(Distiller)search{pop pop pop version(.)search{exch pop exch pop(3011)eq{gsave newpath 0 0 moveto closepath clip/Courier findfont 10 scalefont setfont 72 72 moveto(.)show grestore}if}{pop}ifelse}{pop}ifelse}if end 0`color push Blackcolor push gray 0ps:SDict begin H.S endcolor push gray 0 color popps:SDict begin H.R endKps:SDict begin [ /View [/XYZ H.V] /Dest (page.72) cvn H.B /DEST pdfmark end color popfdps:SDict begin H.S endps:SDict begin 11 H.A endJps:SDict begin [ /View [/XYZ H.V] /Dest (GFDL-6) cvn H.B /DEST pdfmark endfdAppendixB.GNUFreeDocumentationLicense color popthe"History"section.Youmayomitanetworklocationforaworkthatwaspub- lished}atleastfouryearsbeforetheDocumentitself,oriftheoriginalpublisheroftheversionitreferstogivespermission.`ps:SDict begin H.S endps:SDict begin 11 H.A endHps:SDict begin [ /View [/XYZ H.V] /Dest (2575) cvn H.B /DEST pdfmark end .;xcolor push BlackK. color popHps:SDict begin H.S endps:SDict begin 11 H.A endHps:SDict begin [ /View [/XYZ H.V] /Dest (2576) cvn H.B /DEST pdfmark endInWranysectionentitled"Acknowledgements"or"Dedications",preservethesec-Htion'stitle,andpreserveinthesectionallthesubstanceandtoneofeachoftheHcontributoracknowledgementsand/ordedicationsgiventherein.ps:SDict begin H.S endps:SDict begin 11 H.A endHps:SDict begin [ /View [/XYZ H.V] /Dest (2577) cvn H.B /DEST pdfmark end .<color push BlackL. color popHps:SDict begin H.S endps:SDict begin 11 H.A endHps:SDict begin [ /View [/XYZ H.V] /Dest (2578) cvn H.B /DEST pdfmark endPreservetalltheInvariantSectionsoftheDocument,unalteredintheirtextandHintheirtitles.SectionnumbersortheequivalentarenotconsideredpartoftheHsectiontitles.7ps:SDict begin H.S endps:SDict begin 11 H.A endHps:SDict begin [ /View [/XYZ H.V] /Dest (2579) cvn H.B /DEST pdfmark end9@color push BlackM. color popHps:SDict begin H.S endps:SDict begin 11 H.A endHps:SDict begin [ /View [/XYZ H.V] /Dest (2580) cvn H.B /DEST pdfmark endDelete7anysectionentitled"Endorsements".SuchasectionmaynotbeincludedHintheModiedVersion.ps:SDict begin H.S endps:SDict begin 11 H.A endHps:SDict begin [ /View [/XYZ H.V] /Dest (2581) cvn H.B /DEST pdfmark end:color push BlackN. color popHps:SDict begin H.S endps:SDict begin 11 H.A endHps:SDict begin [ /View [/XYZ H.V] /Dest (2582) cvn H.B /DEST pdfmark endDoFnotretitleanyexistingsectionas"Endorsements"ortoconictintitlewithHanyInvariantSection.ps:SDict begin H.S endps:SDict begin 11 H.A endHps:SDict begin [ /View [/XYZ H.V] /Dest (2583) cvn H.B /DEST pdfmark end.0If& theModiedVersionincludesnewfront-mattersectionsorappendicesthatqualify0as7SecondarySectionsandcontainnomaterialcopiedfromtheDocument,youmay0ata.youroptiondesignatesomeorallofthesesectionsasinvariant.Todothis,add0their}titlestothelistofInvariantSectionsintheModiedVersion'slicensenotice.0Thesetitlesmustbedistinctfromanyothersectiontitles.ps:SDict begin H.S endps:SDict begin 11 H.A endHps:SDict begin [ /View [/XYZ H.V] /Dest (2584) cvn H.B /DEST pdfmark end.0YouOmayaddasectionentitled"Endorsements",provideditcontainsnothingbuten-0dorsementsofyourModiedVersionbyvariousparties--forexample,statementsof0peerrevieworthatthetexthasbeenapprovedbyanorganizationastheauthoritative0denitionofastandard.7ps:SDict begin H.S endps:SDict begin 11 H.A endHps:SDict begin [ /View [/XYZ H.V] /Dest (2585) cvn H.B /DEST pdfmark end 0YoumayaddapassageofuptovewordsasaFront-CoverText,andapassage0of?upto25wordsasaBack-CoverText,totheendofthelistofCoverTextsinthe0ModiedqVersion.OnlyonepassageofFront-CoverTextandoneofBack-CoverText0maycbeaddedby(orthrougharrangementsmadeby)anyoneentity.IftheDocu-0ment<~alreadyincludesacovertextforthesamecoverB,previouslyaddedbyyouorby0arrangementnmadebythesameentityyouareactingonbehalfof,youmaynotadd0another;mbutyoumayreplacetheoldone,onexplicitpermissionfromtheprevious0publisherthataddedtheoldone.ps:SDict begin H.S endps:SDict begin 11 H.A endHps:SDict begin [ /View [/XYZ H.V] /Dest (2586) cvn H.B /DEST pdfmark end.0Theʹauthor(s)andpublisher(s)oftheDocumentdonotbythisLicensegivepermis-0siontousetheirnamesforpublicityforortoassertorimplyendorsementofany0ModiedVersion.7ps:SDict begin H.S endps:SDict begin 11 H.A endJps:SDict begin [ /View [/XYZ H.V] /Dest (GFDL-5) cvn H.B /DEST pdfmark end"mCOMBINING6DOCUMENTSps:SDict begin H.S endps:SDict begin 14.641 H.A endKps:SDict begin [ /View [/XYZ H.V] /Dest (13.35.1) cvn H.B /DEST pdfmark end@ps:SDict begin H.S endps:SDict begin 11 H.A endHps:SDict begin [ /View [/XYZ H.V] /Dest (2589) cvn H.B /DEST pdfmark end n0YouSmaycombinetheDocumentwithotherdocumentsreleasedunderthisLicense,0underthetermsdenedinsection4aboveformodiedversions,providedthatyou0includetbinthecombinationalloftheInvariantSectionsofalloftheoriginaldocu-0ments,{unmodied,andlistthemallasInvariantSectionsofyourcombinedworkin0itslicensenotice.ps:SDict begin H.S endps:SDict begin 11 H.A endHps:SDict begin [ /View [/XYZ H.V] /Dest (2590) cvn H.B /DEST pdfmark end 0ThezcombinedworkneedonlycontainonecopyofthisLicense,andmultipleidenti-0cal+InvariantSectionsmaybereplacedwithasinglecopy.IftherearemultipleInvari-0antSectionswiththesamenamebutdierentcontents,makethetitleofeachsuch0sectionsuniquebyaddingattheendofit,inparentheses,thenameoftheoriginal0author<'orpublisherofthatsectionifknown,orelseauniquenumberB.Makethesame0adjustmentbtothesectiontitlesinthelistofInvariantSectionsinthelicensenoticeof0thecombinedwork.ps:SDict begin H.S endps:SDict begin 11 H.A endHps:SDict begin [ /View [/XYZ H.V] /Dest (2591) cvn H.B /DEST pdfmark end 0In@thecombination,youmustcombineanysectionsentitled"History"inthevarious0originaldocuments,formingonesectionentitled"History";likewisecombineany0`color push Black72 color popI; ⟷ps:SDict begin /product where{pop product(Distiller)search{pop pop pop version(.)search{exch pop exch pop(3011)eq{gsave newpath 0 0 moveto closepath clip/Courier findfont 10 scalefont setfont 72 72 moveto(.)show grestore}if}{pop}ifelse}{pop}ifelse}if end 0`color push Blackcolor push gray 0ps:SDict begin H.S endcolor push gray 0 color popps:SDict begin H.R endKps:SDict begin [ /View [/XYZ H.V] /Dest (page.73) cvn H.B /DEST pdfmark end color popfd/AppendixB.GNUFreeDocumentationLicense color popsectionsDentitled"Acknowledgements",andanysectionsentitled"Dedications".You mustdeleteallsectionsentitled"Endorsements."`7ps:SDict begin H.S endps:SDict begin 11 H.A endJps:SDict begin [ /View [/XYZ H.V] /Dest (GFDL-6) cvn H.B /DEST pdfmark end"mCOLLECTIONS6OFDOCUMENTSps:SDict begin H.S endps:SDict begin 14.641 H.A endKps:SDict begin [ /View [/XYZ H.V] /Dest (13.36.1) cvn H.B /DEST pdfmark end@ps:SDict begin H.S endps:SDict begin 11 H.A endHps:SDict begin [ /View [/XYZ H.V] /Dest (2594) cvn H.B /DEST pdfmark end n0You maymakeacollectionconsistingoftheDocumentandotherdocumentsreleased0underJthisLicense,andreplacetheindividualcopiesofthisLicenseinthevarious0documents\Awithasinglecopythatisincludedinthecollection,providedthatyou0followtherulesofthisLicenseforverbatimcopyingofeachofthedocumentsinall0otherrespects.ps:SDict begin H.S endps:SDict begin 11 H.A endHps:SDict begin [ /View [/XYZ H.V] /Dest (2595) cvn H.B /DEST pdfmark end.0YouKmayextractasingledocumentfromsuchacollection,anddistributeitindividu-0allyrunderthisLicense,providedyouinsertacopyofthisLicenseintotheextracted0document,IandfollowthisLicenseinallotherrespectsregardingverbatimcopying0ofthatdocument.ps:SDict begin H.S endps:SDict begin 11 H.A endJps:SDict begin [ /View [/XYZ H.V] /Dest (GFDL-7) cvn H.B /DEST pdfmark end"mAUGGREGA_TION6WITHINDEPENDENTWORKSps:SDict begin H.S endps:SDict begin 14.641 H.A endKps:SDict begin [ /View [/XYZ H.V] /Dest (13.37.1) cvn H.B /DEST pdfmark end@ps:SDict begin H.S endps:SDict begin 11 H.A endHps:SDict begin [ /View [/XYZ H.V] /Dest (2598) cvn H.B /DEST pdfmark end n0AcompilationoftheDocumentoritsderivativeswithotherseparateandindepen-0dentg5documentsorworks,inoronavolumeofastorageordistributionmedium,0doesinotasawholecountasaModiedVersionoftheDocument,providednocom-0pilationcopyrightisclaimedforthecompilation.Suchacompilationiscalledan0"aggregate",andthisLicensedoesnotapplytotheotherself-containedworksthus0compiled.ZwiththeDocument,onaccountoftheirbeingthuscompiled,iftheyarenot0themselvesderivativeworksoftheDocument.ps:SDict begin H.S endps:SDict begin 11 H.A endHps:SDict begin [ /View [/XYZ H.V] /Dest (2599) cvn H.B /DEST pdfmark end 0IftheCoverTextrequirementofsection3isapplicabletothesecopiesoftheDocu-0ment,EtheniftheDocumentislessthanonequarteroftheentireaggregate,theDocu-0ment'sCoverTextsmaybeplacedoncoversthatsurroundonlytheDocumentwithin0theaggregate.Otherwisetheymustappearoncoversaroundthewholeaggregate.ps:SDict begin H.S endps:SDict begin 11 H.A endJps:SDict begin [ /View [/XYZ H.V] /Dest (GFDL-8) cvn H.B /DEST pdfmark end1TRANSLA_TIONps:SDict begin H.S endps:SDict begin 14.641 H.A endKps:SDict begin [ /View [/XYZ H.V] /Dest (13.38.1) cvn H.B /DEST pdfmark end@ps:SDict begin H.S endps:SDict begin 11 H.A endHps:SDict begin [ /View [/XYZ H.V] /Dest (2602) cvn H.B /DEST pdfmark end n0Translationisconsideredakindofmodication,soyoumaydistributetranslationsof0theDocumentunderthetermsofsection4.ReplacingInvariantSectionswithtransla-0tionsrequiresspecialpermissionfromtheircopyrightholders,butyoumayinclude0translations2ofsomeorallInvariantSectionsinadditiontotheoriginalversionsof0theseInvariantSections.YoumayincludeatranslationofthisLicenseprovidedthat0youalsoincludetheoriginalEnglishversionofthisLicense.Incaseofadisagreement0betweenthetranslationandtheoriginalEnglishversionofthisLicense,theoriginal0Englishversionwillprevail.ps:SDict begin H.S endps:SDict begin 11 H.A endJps:SDict begin [ /View [/XYZ H.V] /Dest (GFDL-9) cvn H.B /DEST pdfmark end1TERMINA_TIONps:SDict begin H.S endps:SDict begin 14.641 H.A endKps:SDict begin [ /View [/XYZ H.V] /Dest (13.39.1) cvn H.B /DEST pdfmark end@ps:SDict begin H.S endps:SDict begin 11 H.A endHps:SDict begin [ /View [/XYZ H.V] /Dest (2605) cvn H.B /DEST pdfmark end n0You5maynotcopy,modify,sublicense,ordistributetheDocumentexceptasexpressly0providedforunderthisLicense.Anyotherattempttocopy,modify,sublicenseor0distribute]theDocumentisvoid,andwillautomaticallyterminateyourrightsunder0thisDLicense.HoweverB,partieswhohavereceivedcopies,orrights,fromyouunder0thisKLicensewillnothavetheirlicensesterminatedsolongassuchpartiesremainin0fullcompliance.ps:SDict begin H.S endps:SDict begin 11 H.A endKps:SDict begin [ /View [/XYZ H.V] /Dest (GFDL-10) cvn H.B /DEST pdfmark end0`color push Black73 color popJ; ⟷ps:SDict begin /product where{pop product(Distiller)search{pop pop pop version(.)search{exch pop exch pop(3011)eq{gsave newpath 0 0 moveto closepath clip/Courier findfont 10 scalefont setfont 72 72 moveto(.)show grestore}if}{pop}ifelse}{pop}ifelse}if end 0`color push Blackcolor push gray 0ps:SDict begin H.S endcolor push gray 0 color popps:SDict begin H.R endKps:SDict begin [ /View [/XYZ H.V] /Dest (page.74) cvn H.B /DEST pdfmark end color popfdAppendixB.GNUFreeDocumentationLicense color pop`FUTURE6REVISIONSOFTHISLICENSEps:SDict begin H.S endps:SDict begin 14.641 H.A endKps:SDict begin [ /View [/XYZ H.V] /Dest (13.40.1) cvn H.B /DEST pdfmark end`@ps:SDict begin H.S endps:SDict begin 11 H.A endHps:SDict begin [ /View [/XYZ H.V] /Dest (2608) cvn H.B /DEST pdfmark end n0The%9FreeSoftwareFoundationmaypublishnew,revisedversionsoftheGNU%Free 0DocumentationRLicensefromtimetotime.Suchnewversionswillbesimilarinspirit0to~othepresentversion,butmaydierindetailtoaddressnewproblemsorconcerns.0Seeps:SDict begin H.S endps:SDict begin 11 H.A endHps:SDict begin [ /View [/XYZ H.V] /Dest (2609) cvn H.B /DEST pdfmark endhttp://www.gnu.org/copyleft/1.ps:SDict begin H.S endps:SDict begin 11 H.A endHps:SDict begin [ /View [/XYZ H.V] /Dest (2610) cvn H.B /DEST pdfmark end.0EachaversionoftheLicenseisgivenadistinguishingversionnumberB.IftheDocu-0mentDlspeciesthataparticularnumberedversionofthisLicense"oranylaterver-0sion"appliestoit,youhavetheoptionoffollowingthetermsandconditionseither0of8thatspeciedversionorofanylaterversionthathasbeenpublished(notasa0draft)bytheFreeSoftwareFoundation.IftheDocumentdoesnotspecifyaversion0numberofthisLicense,youmaychooseanyversioneverpublished(notasadraft)0bytheFreeSoftwareFoundation.ps:SDict begin H.S endps:SDict begin 11 H.A endKps:SDict begin [ /View [/XYZ H.V] /Dest (GFDL-11) cvn H.B /DEST pdfmark end1How6tousethisLicenseforyourdocumentsps:SDict begin H.S endps:SDict begin 14.641 H.A endKps:SDict begin [ /View [/XYZ H.V] /Dest (13.41.1) cvn H.B /DEST pdfmark end hps:SDict begin H.S endps:SDict begin 11 H.A endHps:SDict begin [ /View [/XYZ H.V] /Dest (2613) cvn H.B /DEST pdfmark end>0TousethisLicenseinadocumentyouhavewritten,includeacopyoftheLicensein0the8documentandputthefollowingcopyrightandlicensenoticesjustafterthetitle0page:ps:SDict begin H.S endps:SDict begin 9.9 H.A endHps:SDict begin [ /View [/XYZ H.V] /Dest (2614) cvn H.B /DEST pdfmark endps:SDict begin H.S endps:SDict begin 9.9 H.A endHps:SDict begin [ /View [/XYZ H.V] /Dest (2615) cvn H.B /DEST pdfmark end~:Copyright(c)YEARyYOURNAME.PermissionisgrantedtocopyB,distributeand/or f:modify2thisdocumentunderthetermsoftheGNU2Fr֋eeDocumentationLicense,VBersion:1.1oranylaterversionpublishedbytheFr֋eeSoftwareFoundation;withtheInvariant:SectionsXbeingLISTXTHEIRTITLES,XwiththeFr֋ont-CoverT, extsbeingLISTU,andwiththe:Back-Cover:T, extsbeingLISTU.A~copyofthelicenseisincludedinthesectionentitled:"GNU@Fr֋eeDocumentationLicense".ps:SDict begin H.S endps:SDict begin 11 H.A endHps:SDict begin [ /View [/XYZ H.V] /Dest (2616) cvn H.B /DEST pdfmark end 0If,youhavenoInvariantSections,write"withnoInvariantSections"insteadofsaying0whichUonesareinvariant.IfyouhavenoFront-CoverTexts,write"noFront-Cover0Texts"insteadof"Front-CoverTextsbeingLIST";likewiseforBack-CoverTexts.ps:SDict begin H.S endps:SDict begin 11 H.A endHps:SDict begin [ /View [/XYZ H.V] /Dest (2617) cvn H.B /DEST pdfmark end.0Ifyourdocumentcontainsnontrivialexamplesofprogramcode,werecommendre-0leasingtheseexamplesinparallelunderyourchoiceoffreesoftwarelicense,suchas0theGNUGeneralPublicLicense,topermittheiruseinfreesoftware.Notes0color push Black1. color pop@http://www.gnu.org/copyleft/0`color push Black74 color pop (;Ϻ J9E( pplr8t8ځ phvro8t( pcrro8t& pcrr8t% phvb8t$ځ phvr8t#E( pplr8t" phvb8t!  phvb8t #Z pplr8c pcrro8t pcrro8t pcrr8t O\ phvb8tY pplri8t,  pplb8t phvb8tE( pplr8t#Z pplr8c phvb8t phvb8tE( pplr8t?| ptmr8t b> cmmi10 :Niptraf-3.0.0/INSTALL0100644000076400000000000000421507604000415012677 0ustar rikerroot========================================================================== INSTALLATION INSTRUCTIONS FOR IPTRAF 3.0 -------------------------------------------------------------------------- IMPORTANT: READ THE SYSTEM REQUIREMENTS SECTION IN THE README. IPTRAF 2 REQUIRES LINUX 2.2 OR LATER. To compile and install, just change to the iptraf-3.0.0 top-level directory and type: ./Setup This will automatically compile and install the software. The traditional cd src make clean make make install can still be used. Precompiled binaries are available in the iptraf-3.0.0.i386.bin.tar.gz file. This contains no source code and is expected to run on Intel x86 Linux with the GNU C Library 2.1 or later. UPGRADING FROM 2.4, 2.5, 2.6, or 2.7 IPTraf 2.8 has new filter behavior, and filters now contain additional data to control this behavior. See the RELEASE-NOTES file for details. Because the filter subsystem has been completely redesigned, old filters will no longer work and cannot be upgraded. Filters will have to be redefined. DEALING WITH "ERROR OPENING TERMINAL" The precompiled executable program comes linked with ncurses 4.2. ncurses 4.2 needs to determine your terminal capabilities from the terminfo database in /usr/share/terminfo. If the supplied program fails with "Error opening terminal", check this directory. If it doesn't exist, your terminfo database may be somewhere else. To override the default terminfo search path, you can use the TERMINFO environment variable. Supposing your terminfo is in /usr/lib/terminfo (typical for Slackware distributions) TERMINFO=/usr/lib/terminfo export TERMINFO You may want to place these commands in your login initialization files (/etc/profile or ~/.profile for sh/bash). You can also create a symbolic link /usr/share/terminfo to point to your existing terminfo database. For example, given the same conditions above: ln -s /usr/lib/terminfo /usr/share/terminfo Or, as an alternative, you can simply recompile your program to use your ncurses installation. Be sure you have at least ncurses 1.9.9e. See section on recompiling below. See the README file and the manual for more information. iptraf-3.0.0/README0100644000076400000000000000611607603776425012554 0ustar rikerroot========================================================================== IPTraf 3.0 README -------------------------------------------------------------------------- See the RELEASE-NOTES for important update information. See the INSTALL file for installation instructions. -------------------------------------------------------------------------- DESCRIPTION ----------- IPTraf is a console-based network monitoring program for Linux that displays information about IP traffic. It returns such information as: Current TCP connections UDP, ICMP, OSPF, and other types of IP packets Packet and byte counts on TCP connections IP, TCP, UDP, ICMP, non-IP, and other packet and byte counts TCP/UDP counts by ports Packet counts by packet sizes Packet and byte counts by IP address Interface activity Flag statuses on TCP packets LAN station statistics This program can be used to determine the type of traffic on your network, and what kind of service is the most heavily used on what machines, among others. IPTraf works on Ethernet, FDDI, ISDN, PLIP, loopback, and SLIP/PPP interfaces. Updates and announcements are at the IPTraf Web page at http://iptraf.seul.org. Please send e-mail to riker@seul.org or iptraf@seul.org. Mailing lists iptraf-announce and iptraf-users are also available, see README.contact for more information. IMPORTANT CHANGES ----------------- Important changes are detailed in the RELEASE-NOTES file, please take some time to read it. There are some changes in the log file names, and the policies on multiple instances have been somewhat relaxed. DISTRIBUTION NOTICE ------------------- This is the general release of IPTraf. IPTraf has been incorporated into the Debian GNU/Linux, Turbolinux and S.u.S.E. distributions, as well as the Trinux security toolkit distribution and Red Hat Powertools. Linux distributions may have tailored the IPTraf package to suit their purposes. Direct questions, comments or inquiries about a distribution-specific package to its maintainer. SYSTEM REQUIREMENTS ------------------- IPTraf 2 and later requires at least Linux kernel 2.2. It uses the new PF_PACKET socket family as its capture mechanism. This feature is new to the 2.2 kernel. Make sure you have the Packet Socket driver compiled in or installed as a module, or IPTraf will fail (and so will others like it: tcpdump, netwatch, etc). IPTraf also requires glibc 2.1 or later. COPYING AND DISTRIBUTION ------------------------ This software is OSI Certified Open Source Software OSI Certified is a certification mark of the Open Source Initiative. Redistribution and modification of this software is permitted under the terms of the GNU General Public License. See the included LICENSE file for details. FOR FURTHER INFORMATION ----------------------- Full information is in the manual in the Documentation directory. See also the CHANGES file for a record of fixes and new features. Updates and announcements are in the IPTraf Web page indicated above. Other README files contain some other bits of information. The RELEASE-NOTES file contains important release-specific information. iptraf-3.0.0/README.interfaces0100644000076400000000000000507707523757221014675 0ustar rikerroot============================================================================ Supported Interface Information as of version 2.8, July 2002 ---------------------------------------------------------------------------- IPTraf has been slowly improving with its interface support since its first release. IPTraf currently supports the following types of links: Local loopback Ethernet (10 and 100 Mbps) SLIP and variants Asynchronous PPP over analog telephone lines Synchronous PPP over digital ISDN lines ISDN using raw IP encapsulation ISDN using Cisco-HDLC encapsulation FDDI (now includes Ethernet-emulating interfces) Frame Relay FRAD/DLCI interfaces (new as of IPTraf 2.5.0) PLIP (Parallel Line IP) Token Ring DVB satellite-receive interfaces SBNI long-range modem interfaces Wireless LAN interfaces Free s/WAN logical interfaces IPsec logical interfaces Some tunnelling interfaces Some bridging interfaces ADDITIONAL INTERFACE SUPPORT As much as I would like to support every concievable interface in existence, we know that's just not possible. I myself do not have a lot of interface types. However, that does not mean I'm unwilling to support more. So here's the deal. If you'd like me to include support for a new type of interface I will need this information as much as possible: * Resulting link type in spkt_family after a recvfrom() on a (PF_PACKET, SOCK_RAW) socket (ARPHRD_ETHER, ARPHRD_PPP, etc). * Standard interface name for the type of network medium (eth0, eth1, ppp0, etc) after the recvfrom() mentioned above. * Packet structure. How many bytes are there in its data-link header (with Ethernet, there are 14, with FDDI, 21) as returned by recvfrom on a (PF_PACKET, SOCK_RAW) socket? * Pointers to other sources of information if possible. This is necessary for cases like ISDN, which claim to be ARPHRD_ETHER, but have completely different frame structures, so I needed the appropriate ioctl() information. Token Ring packets may have a RIF structure or not. These factors need to be taken into consideration. Then finally, if you come up with a request for support for a new interface, I'd really like an offer to have it tested, obviously, since I do not have the interface myself (for example, my country is primarily leased-line territory, and ISDN is only starting, and it isn't even in my city yet). If I do not receive an offer to test, then support cannot be included. Patches, even quick-and-dirty ones, are very much welcome. All information and patches will be fully credited in the CHANGES file. Looking forward to serving you. -- Gerard iptraf-3.0.0/README.platforms0100644000076400000000000000167107523757155014563 0ustar rikerroot============================================================================ IPTraf Development Platform Information ---------------------------------------------------------------------------- As of IPTraf 2.8.0, development is primarily done on an Intel 1.6-GHz Pentium 4 development workstation, as well as a lower-end 400 MHz Pentium II. I have to make it clear that my development platform is Linux for the x86 family of processors *only*. I cannot always debug or troubleshoot quirks specific to non-x86 machines, as much as I would like to. However, I know I have to be accommodating so if you do give me a bug report, I will try my best to fix it, but I need: 1. All the information needed describing the bug 2. To the best extent possible, gdb or strace outputs. 3. An offer to test the fixes. Without these, especially #3, I cannot exert effort on the quirk. I'm sorry, but it's just impossible without the necessary machines. iptraf-3.0.0/README.rvnamed0100644000076400000000000000502207375066055014177 0ustar rikerroot============================================================================ README DOCUMENT FOR RVNAMED ---------------------------------------------------------------------------- DESCRIPTION ----------- rvnamed is a supplementary program distributed with IPTraf 1.1 and later. This is a reverse name resolution daemon used by IPTraf to resolve IP addresses to host names in the background, keeping IPTraf from waiting until the lookup is completed. Starting with version 1.1.0, if Reverse Lookup is enabled in the Options menu, the IP Traffic Monitor will attempt to start rvnamed. If for some reason rvnamed is already running, IPTraf will use it immediately. Otherwise, it will attempt to start rvnamed. As of IPTraf 1.2.0, the rvnamed is placed together with the main IPTraf executable in /usr/local/bin. When the traffic monitor is done, IPTraf tells rvnamed to quit. PROTOCOL -------- rvnamed and IPTraf communicate with each other with the BSD UNIX domain socket IPC facility. They use datagram sockets. rvnamed recognizes only 4 types of messages: RVN_HELLO the Hello packet. This simply causes rvnamed to throw it back to IPTraf, telling it rvnamed is active. RVN_REQUEST a reverse lookup request. This message includes an IP address to resolve. When rvnamed receives this request, it checks its internal cache to see if this IP address is already resolved or being resolved. If it isn't in the cache yet, rvnamed forks off a copy which resolves in the background, while it returns the IP address in the meantime. Subsequent requests will get the IP address until such time that the child has completed the resolution, at which time, a request will get the host name in reply. RVN_REPLY rvnamed marks reply packets with this tag. Reply packets contain the resolved host name or the ASCII representation of the IP address, and an indicator of the state of the resolution for this address (NOTRESOLVED, RESOLVING, or RESOLVED). RVN_QUIT Tells rvnamed to terminate. The datagram structure and #define's are found in the rvnamed.h header file. Important rvnamed messages are written to /var/log/iptraf/rvnamed.log. IPTraf 2.5.0 and 2.6.0 refined rvnamed's operation by including timeouts for child processes (5 minutes) and better management of the internal IP address/FQDN cache. See the CHANGES file. To reduce overhead, IPTraf will query rvnamed only once per invocation of the IP traffic monitor. rvnamed should work properly with a correct installation. Report any problems to me at riker@seul.org. iptraf-3.0.0/src/0040755000076400000000000000000010311513666012444 5ustar rikerrootiptraf-3.0.0/src/deskman.c0100644000076400000000000001736210311472356014240 0ustar rikerroot/*** deskman.c - desktop management routines Written by Gerard Paul Java Copyright (c) Gerard Paul Java 1997, 1998 This software is open source; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 2 of the License, or (at your option) any later version. This program is distributed WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License in the included COPYING file for details. ***/ #include #include #include #include #include #include #include #include "deskman.h" /* Attribute variables */ int STDATTR; int HIGHATTR; int BOXATTR; int ACTIVEATTR; int BARSTDATTR; int BARHIGHATTR; int BARPTRATTR; int DLGTEXTATTR; int DLGBOXATTR; int DLGHIGHATTR; int DESCATTR; int STATUSBARATTR; int IPSTATLABELATTR; int IPSTATATTR; int DESKTEXTATTR; int PTRATTR; int FIELDATTR; int ERRBOXATTR; int ERRTXTATTR; int OSPFATTR; int UDPATTR; int IGPATTR; int IGMPATTR; int IGRPATTR; int GREATTR; int ARPATTR; int UNKNIPATTR; int UNKNATTR; /* draw the basic desktop common to my screen-oriented programs */ void draw_desktop(void) { int row; /* counter for desktop construction */ char sp_buf[10]; sprintf(sp_buf, "%%%dc", COLS); scrollok(stdscr, 0); attrset(STATUSBARATTR); move(0, 0); printw(sp_buf, ' '); /* these two print the top n' bottom */ move(LINES - 1, 0); printw(sp_buf, ' '); /* lines */ attrset(FIELDATTR); for (row = 1; row <= LINES - 2; row++) { /* draw the background */ move(row, 0); printw(sp_buf, ' '); } refresh(); } void about() { WINDOW *win; PANEL *panel; int ch; win = newwin(15, 50, (LINES - 15) / 2, (COLS - 50) / 2); panel = new_panel(win); tx_stdwinset(win); wtimeout(win, -1); wattrset(win, BOXATTR); tx_colorwin(win); tx_box(win, ACS_VLINE, ACS_HLINE); wattrset(win, STDATTR); mvwprintw(win, 1, 2, "IPTraf"); mvwprintw(win, 2, 2, "An IP Network Statistics Utility"); mvwprintw(win, 3, 2, "Version %s", VERSION); mvwprintw(win, 5, 2, "Written by Gerard Paul Java"); mvwprintw(win, 6, 2, "Copyright (c) Gerard Paul Java 1997-2004"); mvwprintw(win, 8, 2, "This program is open-source software released"); mvwprintw(win, 9, 2, "under the terms of the GNU General Public"); mvwprintw(win, 10, 2, "Public License Version 2 or any later version."); mvwprintw(win, 11, 2, "See the included LICENSE file for details."); wattrset(win, HIGHATTR); mvwprintw(win, 13, 2, ANYKEY_MSG); update_panels(); doupdate(); do { ch = wgetch(win); if (ch == 12) tx_refresh_screen(); } while (ch == 12); del_panel(panel); delwin(win); update_panels(); doupdate(); } void show_sort_statwin(WINDOW ** statwin, PANEL ** panel) { *statwin = newwin(5, 30, (LINES - 5) / 2, (COLS - 30) / 2); *panel = new_panel(*statwin); wattrset(*statwin, BOXATTR); tx_colorwin(*statwin); tx_box(*statwin, ACS_VLINE, ACS_HLINE); wattrset(*statwin, STDATTR); mvwprintw(*statwin, 2, 2, "Sorting, please wait..."); } void printnomem() { attrset(ERRTXTATTR); mvprintw(0, 68, " Memory Low "); } void printipcerr() { attrset(ERRTXTATTR); mvprintw(0, 68, " IPC Error "); } void stdkeyhelp(WINDOW * win) { tx_printkeyhelp("Enter", "-accept ", win, DLGHIGHATTR, DLGTEXTATTR); tx_printkeyhelp("Ctrl+X", "-cancel", win, DLGHIGHATTR, DLGTEXTATTR); } void sortkeyhelp(void) { tx_printkeyhelp("S", "-sort ", stdscr, HIGHATTR, STATUSBARATTR); } void stdexitkeyhelp(void) { tx_printkeyhelp("X", "-exit", stdscr, HIGHATTR, STATUSBARATTR); tx_coloreol(); } void scrollkeyhelp(void) { tx_printkeyhelp("Up/Down/PgUp/PgDn", "-scroll window ", stdscr, HIGHATTR, STDATTR); } void tabkeyhelp(WINDOW * win) { tx_printkeyhelp("Tab", "-next field ", win, DLGHIGHATTR, DLGTEXTATTR); } void indicate(char *message) { char sp_buf[10]; attrset(STATUSBARATTR); sprintf(sp_buf, "%%%dc", COLS); mvprintw(LINES - 1, 0, sp_buf, ' '); mvprintw(LINES - 1, 1, message); refresh(); } void printlargenum(unsigned long long i, WINDOW * win) { if (i < 100000000) /* less than 100 million */ wprintw(win, "%9llu", i); else if (i < 1000000000) /* less than 1 billion */ wprintw(win, "%8lluK", i / 1000); else if (i < 1000000000000ULL) /* less than 1 trillion */ wprintw(win, "%8lluM", i / 1000000); else if (i < 1000000000000000ULL) /* less than 1000 trillion */ wprintw(win, "%8lluG", i / 1000000000ULL); else wprintw(win, "%8lluT", i / 1000000000000ULL); } void standardcolors(int color) { if ((color) && (has_colors())) { init_pair(1, COLOR_BLUE, COLOR_WHITE); init_pair(2, COLOR_BLACK, COLOR_CYAN); init_pair(3, COLOR_CYAN, COLOR_BLUE); init_pair(4, COLOR_YELLOW, COLOR_RED); init_pair(5, COLOR_WHITE, COLOR_RED); init_pair(6, COLOR_BLUE, COLOR_CYAN); init_pair(7, COLOR_BLUE, COLOR_WHITE); init_pair(9, COLOR_RED, COLOR_WHITE); init_pair(10, COLOR_GREEN, COLOR_BLUE); init_pair(11, COLOR_CYAN, COLOR_BLACK); init_pair(12, COLOR_RED, COLOR_CYAN); init_pair(14, COLOR_YELLOW, COLOR_BLUE); init_pair(15, COLOR_YELLOW, COLOR_BLACK); init_pair(16, COLOR_WHITE, COLOR_CYAN); init_pair(17, COLOR_YELLOW, COLOR_CYAN); init_pair(18, COLOR_GREEN, COLOR_BLACK); init_pair(19, COLOR_WHITE, COLOR_BLUE); STDATTR = COLOR_PAIR(14) | A_BOLD; HIGHATTR = COLOR_PAIR(3) | A_BOLD; BOXATTR = COLOR_PAIR(3); ACTIVEATTR = COLOR_PAIR(10) | A_BOLD; BARSTDATTR = COLOR_PAIR(15) | A_BOLD; BARHIGHATTR = COLOR_PAIR(11) | A_BOLD; BARPTRATTR = COLOR_PAIR(18) | A_BOLD; DESCATTR = COLOR_PAIR(2); DLGTEXTATTR = COLOR_PAIR(2); DLGBOXATTR = COLOR_PAIR(6); DLGHIGHATTR = COLOR_PAIR(12); STATUSBARATTR = STDATTR; IPSTATLABELATTR = COLOR_PAIR(2); IPSTATATTR = COLOR_PAIR(12); DESKTEXTATTR = COLOR_PAIR(7); PTRATTR = COLOR_PAIR(10) | A_BOLD; FIELDATTR = COLOR_PAIR(1); ERRBOXATTR = COLOR_PAIR(5) | A_BOLD; ERRTXTATTR = COLOR_PAIR(4) | A_BOLD; OSPFATTR = COLOR_PAIR(2); UDPATTR = COLOR_PAIR(9); IGPATTR = COLOR_PAIR(12); IGMPATTR = COLOR_PAIR(10) | A_BOLD; IGRPATTR = COLOR_PAIR(16) | A_BOLD; ARPATTR = COLOR_PAIR(5) | A_BOLD; GREATTR = COLOR_PAIR(1); UNKNIPATTR = COLOR_PAIR(19) | A_BOLD; UNKNATTR = COLOR_PAIR(4) | A_BOLD; } else { STDATTR = A_REVERSE; HIGHATTR = A_REVERSE; BOXATTR = A_REVERSE; ACTIVEATTR = A_BOLD; BARSTDATTR = A_NORMAL; BARHIGHATTR = A_BOLD; BARPTRATTR = A_NORMAL; DESCATTR = A_BOLD; DLGBOXATTR = A_REVERSE; DLGTEXTATTR = A_REVERSE; DLGHIGHATTR = A_BOLD; STATUSBARATTR = A_REVERSE; IPSTATLABELATTR = A_REVERSE; IPSTATATTR = A_STANDOUT; DESKTEXTATTR = A_NORMAL; PTRATTR = A_REVERSE; FIELDATTR = A_BOLD; ERRBOXATTR = A_BOLD; ERRTXTATTR = A_NORMAL; OSPFATTR = A_REVERSE; UDPATTR = A_BOLD; IGPATTR = A_REVERSE; IGMPATTR = A_REVERSE; IGRPATTR = A_REVERSE; ARPATTR = A_BOLD; GREATTR = A_BOLD; UNKNIPATTR = A_BOLD; UNKNATTR = A_BOLD; } tx_init_error_attrs(ERRBOXATTR, ERRTXTATTR, ERRBOXATTR); tx_init_info_attrs(BOXATTR, STDATTR, HIGHATTR); } iptraf-3.0.0/src/error.c0100644000076400000000000000162010311472356013735 0ustar rikerroot /*** error.c - Error-handling subroutines Written by Gerard Paul Java Copyright (c) Gerard Paul Java 1997, 1998 This software is open source; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 2 of the License, or (at your option) any later version. This program is distributed WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License in the included COPYING file for details. ***/ #include #include #include #include #include "deskman.h" #include "attrs.h" #include "error.h" #include "log.h" void write_error(char *msg, int daemonized) { int response; if (daemonized) write_daemon_err(msg); else tx_errbox(msg, ANYKEY_MSG, &response); } iptraf-3.0.0/src/ifstats.c0100644000076400000000000011026310311472356014265 0ustar rikerroot /*** ifstats.c - the interface statistics module Written by Gerard Paul Java Copyright (c) Gerard Paul Java 1997-2002 This software is open source; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 2 of the License, or (at your option) any later version. This program is distributed WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License in the included COPYING file for details. ***/ #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include "ifstats.h" #include "ifaces.h" #include "isdntab.h" #include "fltdefs.h" #include "fltselect.h" #include "packet.h" #include "options.h" #include "log.h" #include "dirs.h" #include "deskman.h" #include "ipcsum.h" #include "attrs.h" #include "serv.h" #include "timer.h" #include "instances.h" #include "mode.h" #include "logvars.h" #include "promisc.h" #include "error.h" #define SCROLLUP 0 #define SCROLLDOWN 1 extern int exitloop; extern int daemonized; /* from log.c, applicable only to this module */ void writegstatlog(struct iftab *table, int unit, unsigned long nsecs, FILE * logfile); void writedstatlog(char *ifname, int unit, float activity, float pps, float peakactivity, float peakpps, float peakactivity_in, float peakpps_in, float peakactivity_out, float peakpps_out, struct iftotals *ts, unsigned long nsecs, FILE * logfile); /* * USR1 log-rotation signal handlers */ void rotate_gstat_log() { rotate_flag = 1; strcpy(target_logname, GSTATLOG); signal(SIGUSR1, rotate_gstat_log); } void rotate_dstat_log() { rotate_flag = 1; strcpy(target_logname, current_logfile); signal(SIGUSR1, rotate_dstat_log); } /* * Function to check if an interface is already in the interface list. * This eliminates duplicate interface entries due to aliases */ int ifinlist(struct iflist *list, char *ifname) { struct iflist *ptmp = list; int result = 0; while ((ptmp != NULL) && (result == 0)) { result = (strcmp(ifname, ptmp->ifname) == 0); ptmp = ptmp->next_entry; } return result; } /* * Initialize the list of interfaces. This linked list is used in the * selection boxes as well as in the general interface statistics screen. * * This function parses the /proc/net/dev file and grabs the interface names * from there. The SIOGIFFLAGS ioctl() call is used to determine whether the * interfaces are active. Inactive interfaces are omitted from selection * lists. */ void initiflist(struct iflist **list) { FILE *fd; char buf[161]; char ifname[10]; struct iflist *itmp = NULL; struct iflist *tail = NULL; unsigned int index = 0; int resp; *list = NULL; fd = open_procnetdev(); if (fd == NULL) { tx_errbox("Unable to obtain interface list", ANYKEY_MSG, &resp); return; } do { strcpy(buf, ""); get_next_iface(fd, ifname); if (strcmp(ifname, "") != 0) { if (!(iface_supported(ifname))) continue; if (ifinlist(*list, ifname)) /* ignore entry if already in */ continue; /* interface list */ /* * Check if the interface is actually up running. This prevents * inactive devices in /proc/net/dev from actually appearing in * interface lists used by IPTraf. */ if (!iface_up(ifname)) continue; /* * At this point, the interface is now sure to be up and running. */ itmp = malloc(sizeof(struct iflist)); bzero(itmp, sizeof(struct iflist)); strcpy(itmp->ifname, ifname); index++; itmp->index = index; if (*list == NULL) { *list = itmp; itmp->prev_entry = NULL; } else { tail->next_entry = itmp; itmp->prev_entry = tail; } tail = itmp; itmp->next_entry = NULL; } } while (strcmp(ifname, "") != 0); fclose(fd); } void positionptr(struct iftab *table, struct iflist **ptmp, char *ifname) { struct iflist *plast = NULL; int ok = 0; *ptmp = table->head; while ((*ptmp != NULL) && (!ok)) { ok = (strcmp((*ptmp)->ifname, ifname) == 0); if (!ok) { if ((*ptmp)->next_entry == NULL) plast = *ptmp; *ptmp = (*ptmp)->next_entry; } } if (*ptmp == NULL) { *ptmp = malloc(sizeof(struct iflist)); bzero(*ptmp, sizeof(struct iflist)); (*ptmp)->index = plast->index + 1; plast->next_entry = *ptmp; (*ptmp)->prev_entry = plast; (*ptmp)->next_entry = NULL; strcpy((*ptmp)->ifname, ifname); if ((*ptmp)->index <= LINES - 4) table->lastvisible = *ptmp; } } void destroyiflist(struct iflist *list) { struct iflist *ctmp; struct iflist *ptmp; if (list != NULL) { ptmp = list; ctmp = ptmp->next_entry; do { free(ptmp); ptmp = ctmp; if (ctmp != NULL) ctmp = ctmp->next_entry; } while (ptmp != NULL); } } void no_ifaces_error(void) { write_error ("No active interfaces. Check their status or the /proc filesystem", daemonized); } void updaterates(struct iftab *table, int unit, time_t starttime, time_t now, unsigned int idx) { struct iflist *ptmp = table->firstvisible; wattrset(table->statwin, HIGHATTR); do { wmove(table->statwin, ptmp->index - idx, 52 * COLS / 80); if (unit == KBITS) { ptmp->rate = ((float) (ptmp->spanbr * 8 / 1000)) / ((float) (now - starttime)); wprintw(table->statwin, "%8.2f kbits/sec", ptmp->rate); } else { ptmp->rate = ((float) (ptmp->spanbr / 1024)) / ((float) (now - starttime)); wprintw(table->statwin, "%8.2f kbytes/sec", ptmp->rate); } if (ptmp->rate > ptmp->peakrate) ptmp->peakrate = ptmp->rate; ptmp->spanbr = 0; ptmp = ptmp->next_entry; } while (ptmp != table->lastvisible->next_entry); } void printifentry(struct iflist *ptmp, WINDOW * win, unsigned int idx) { unsigned int target_row; if ((ptmp->index < idx) || (ptmp->index > idx + (LINES - 5))) return; target_row = ptmp->index - idx; wattrset(win, STDATTR); wmove(win, target_row, 1); wprintw(win, "%s", ptmp->ifname); wattrset(win, HIGHATTR); wmove(win, target_row, 12 * COLS / 80); printlargenum(ptmp->total, win); wmove(win, target_row, 22 * COLS / 80); printlargenum(ptmp->iptotal, win); wmove(win, target_row, 32 * COLS / 80); printlargenum(ptmp->noniptotal, win); wmove(win, target_row, 42 * COLS / 80); wprintw(win, "%8lu", ptmp->badtotal); } void preparescreen(struct iftab *table) { struct iflist *ptmp = table->head; unsigned int i = 1; unsigned int winht = LINES - 4; table->firstvisible = table->head; do { printifentry(ptmp, table->statwin, 1); if (i <= winht) table->lastvisible = ptmp; ptmp = ptmp->next_entry; i++; } while ((ptmp != NULL) && (i <= winht)); } void labelstats(WINDOW * win) { wmove(win, 0, 1); wprintw(win, " Iface "); wmove(win, 0, 16 * COLS / 80); wprintw(win, " Total "); wmove(win, 0, 29 * COLS / 80); wprintw(win, " IP "); wmove(win, 0, 36 * COLS / 80); wprintw(win, " NonIP "); wmove(win, 0, 45 * COLS / 80); wprintw(win, " BadIP "); wmove(win, 0, 55 * COLS / 80); wprintw(win, " Activity "); } void initiftab(struct iftab *table) { table->borderwin = newwin(LINES - 2, COLS, 1, 0); table->borderpanel = new_panel(table->borderwin); move(LINES - 1, 1); scrollkeyhelp(); stdexitkeyhelp(); wattrset(table->borderwin, BOXATTR); tx_box(table->borderwin, ACS_VLINE, ACS_HLINE); labelstats(table->borderwin); table->statwin = newwin(LINES - 4, COLS - 2, 2, 1); table->statpanel = new_panel(table->statwin); tx_stdwinset(table->statwin); wtimeout(table->statwin, -1); wattrset(table->statwin, STDATTR); tx_colorwin(table->statwin); wattrset(table->statwin, BOXATTR); wmove(table->borderwin, LINES - 3, 32 * COLS / 80); wprintw(table->borderwin, " Total, IP, NonIP, and BadIP are packet counts "); } /* * Scrolling routines for the general interface statistics window */ void scrollgstatwin(struct iftab *table, int direction, unsigned int *idx) { char buf[255]; sprintf(buf, "%%%dc", COLS - 2); wattrset(table->statwin, STDATTR); if (direction == SCROLLUP) { if (table->lastvisible->next_entry != NULL) { wscrl(table->statwin, 1); table->lastvisible = table->lastvisible->next_entry; table->firstvisible = table->firstvisible->next_entry; (*idx)++; wmove(table->statwin, LINES - 5, 0); scrollok(table->statwin, 0); wprintw(table->statwin, buf, ' '); scrollok(table->statwin, 1); printifentry(table->lastvisible, table->statwin, *idx); } } else { if (table->firstvisible != table->head) { wscrl(table->statwin, -1); table->firstvisible = table->firstvisible->prev_entry; table->lastvisible = table->lastvisible->prev_entry; (*idx)--; wmove(table->statwin, 0, 0); wprintw(table->statwin, buf, ' '); printifentry(table->firstvisible, table->statwin, *idx); } } } void pagegstatwin(struct iftab *table, int direction, int *idx) { int i = 1; if (direction == SCROLLUP) { while ((i <= LINES - 5) && (table->lastvisible->next_entry != NULL)) { i++; scrollgstatwin(table, direction, idx); } } else { while ((i <= LINES - 5) && (table->firstvisible != table->head)) { i++; scrollgstatwin(table, direction, idx); } } } /* * The general interface statistics function */ void ifstats(const struct OPTIONS *options, struct filterstate *ofilter, int facilitytime) { int logging = options->logging; struct iftab table; char buf[MAX_PACKET_SIZE]; char *packet; int pkt_result = 0; struct sockaddr_ll fromaddr; unsigned short linktype; struct iflist *ptmp = NULL; unsigned int idx = 1; int fd; FILE *logfile = NULL; int br; char ifname[10]; int ch; struct timeval tv; unsigned long starttime = 0; unsigned long statbegin = 0; unsigned long now = 0; unsigned long long unow = 0; unsigned long startlog = 0; unsigned long updtime = 0; unsigned long long updtime_usec = 0; struct promisc_states *promisc_list; if (!facility_active(GSTATIDFILE, "")) mark_facility(GSTATIDFILE, "general interface statistics", ""); else { write_error ("General interface stats already active in another process", daemonized); return; } initiflist(&(table.head)); if (table.head == NULL) { no_ifaces_error(); unmark_facility(GSTATIDFILE, ""); return; } initiftab(&table); open_socket(&fd); if (fd < 0) { unmark_facility(GSTATIDFILE, ""); return; } if ((first_active_facility()) && (options->promisc)) { init_promisc_list(&promisc_list); save_promisc_list(promisc_list); srpromisc(1, promisc_list); destroy_promisc_list(&promisc_list); } adjust_instance_count(PROCCOUNTFILE, 1); active_facility_countfile[0] = '\0'; if (logging) { if (strcmp(current_logfile, "") == 0) { strcpy(current_logfile, GSTATLOG); if (!daemonized) input_logfile(current_logfile, &logging); } } if (logging) { opentlog(&logfile, GSTATLOG); if (logfile == NULL) logging = 0; } if (logging) signal(SIGUSR1, rotate_gstat_log); rotate_flag = 0; writelog(logging, logfile, "******** General interface statistics started ********"); if (table.head != NULL) { preparescreen(&table); update_panels(); doupdate(); isdnfd = -1; exitloop = 0; gettimeofday(&tv, NULL); starttime = startlog = statbegin = tv.tv_sec; while (!exitloop) { gettimeofday(&tv, NULL); now = tv.tv_sec; unow = tv.tv_sec * 1e+6 + tv.tv_usec; if ((now - starttime) >= 5) { updaterates(&table, options->actmode, starttime, now, idx); printelapsedtime(statbegin, now, LINES - 3, 1, table.borderwin); starttime = now; } if (((now - startlog) >= options->logspan) && (logging)) { writegstatlog(&table, options->actmode, time((time_t *) NULL) - statbegin, logfile); startlog = now; } if (((options->updrate != 0) && (now - updtime >= options->updrate)) || ((options->updrate == 0) && (unow - updtime_usec >= DEFAULT_UPDATE_DELAY))) { update_panels(); doupdate(); updtime = now; updtime_usec = unow; } check_rotate_flag(&logfile, logging); if ((facilitytime != 0) && (((now - statbegin) / 60) >= facilitytime)) exitloop = 1; getpacket(fd, buf, &fromaddr, &ch, &br, ifname, table.statwin); if (ch != ERR) { switch (ch) { case KEY_UP: scrollgstatwin(&table, SCROLLDOWN, &idx); break; case KEY_DOWN: scrollgstatwin(&table, SCROLLUP, &idx); break; case KEY_PPAGE: case '-': pagegstatwin(&table, SCROLLDOWN, &idx); break; case KEY_NPAGE: case ' ': pagegstatwin(&table, SCROLLUP, &idx); break; case 12: case 'l': case 'L': tx_refresh_screen(); break; case 'Q': case 'q': case 'X': case 'x': case 27: case 24: exitloop = 1; break; } } if (br > 0) { pkt_result = processpacket(buf, &packet, &br, NULL, NULL, NULL, &fromaddr, &linktype, ofilter, MATCH_OPPOSITE_USECONFIG, ifname, NULL); if (pkt_result != PACKET_OK && pkt_result != MORE_FRAGMENTS) continue; positionptr(&table, &ptmp, ifname); ptmp->total++; ptmp->spanbr += br; ptmp->br += br; if (fromaddr.sll_protocol == ETH_P_IP) { ptmp->iptotal++; if (pkt_result == CHECKSUM_ERROR) { (ptmp->badtotal)++; continue; } } else { (ptmp->noniptotal)++; } printifentry(ptmp, table.statwin, idx); } } close(fd); } if ((options->promisc) && (is_last_instance())) { load_promisc_list(&promisc_list); srpromisc(0, promisc_list); destroy_promisc_list(&promisc_list); } adjust_instance_count(PROCCOUNTFILE, -1); del_panel(table.statpanel); delwin(table.statwin); del_panel(table.borderpanel); delwin(table.borderwin); update_panels(); doupdate(); if (logging) { signal(SIGUSR1, SIG_DFL); writegstatlog(&table, options->actmode, time((time_t *) NULL) - statbegin, logfile); writelog(logging, logfile, "******** General interface statistics stopped ********"); fclose(logfile); } destroyiflist(table.head); pkt_cleanup(); unmark_facility(GSTATIDFILE, ""); strcpy(current_logfile, ""); } void printdetlabels(WINDOW * win, struct iftotals *totals) { wattrset(win, BOXATTR); mvwprintw(win, 2, 14, " Total Total Incoming Incoming Outgoing Outgoing"); mvwprintw(win, 3, 14, "Packets Bytes Packets Bytes Packets Bytes"); wattrset(win, STDATTR); mvwprintw(win, 4, 2, "Total:"); mvwprintw(win, 5, 2, "IP:"); mvwprintw(win, 6, 2, "TCP:"); mvwprintw(win, 7, 2, "UDP:"); mvwprintw(win, 8, 2, "ICMP:"); mvwprintw(win, 9, 2, "Other IP:"); mvwprintw(win, 10, 2, "Non-IP:"); mvwprintw(win, 13, 2, "Total rates:"); mvwprintw(win, 16, 2, "Incoming rates:"); mvwprintw(win, 19, 2, "Outgoing rates:"); mvwprintw(win, 13, 45, "Broadcast packets:"); mvwprintw(win, 14, 45, "Broadcast bytes:"); mvwprintw(win, 18, 45, "IP checksum errors:"); update_panels(); doupdate(); } void printstatrow(WINDOW * win, int row, unsigned long long total, unsigned long long btotal, unsigned long long total_in, unsigned long long btotal_in, unsigned long long total_out, unsigned long long btotal_out) { wmove(win, row, 12); printlargenum(total, win); wmove(win, row, 23); printlargenum(btotal, win); wmove(win, row, 35); printlargenum(total_in, win); wmove(win, row, 46); printlargenum(btotal_in, win); wmove(win, row, 58); printlargenum(total_out, win); wmove(win, row, 69); printlargenum(btotal_out, win); } void printdetails(struct iftotals *totals, WINDOW * win) { wattrset(win, HIGHATTR); /* Print totals on the IP protocols */ printstatrow(win, 4, totals->total, totals->bytestotal, totals->total_in, totals->bytestotal_in, totals->total_out, totals->bytestotal_out); printstatrow(win, 5, totals->iptotal, totals->ipbtotal, totals->iptotal_in, totals->ipbtotal_in, totals->iptotal_out, totals->ipbtotal_out); printstatrow(win, 6, totals->tcptotal, totals->tcpbtotal, totals->tcptotal_in, totals->tcpbtotal_in, totals->tcptotal_out, totals->tcpbtotal_out); printstatrow(win, 7, totals->udptotal, totals->udpbtotal, totals->udptotal_in, totals->udpbtotal_in, totals->udptotal_out, totals->udpbtotal_out); printstatrow(win, 8, totals->icmptotal, totals->icmpbtotal, totals->icmptotal_in, totals->icmpbtotal_in, totals->icmptotal_out, totals->icmpbtotal_out); printstatrow(win, 9, totals->othtotal, totals->othbtotal, totals->othtotal_in, totals->othbtotal_in, totals->othtotal_out, totals->othbtotal_out); /* Print non-IP totals */ printstatrow(win, 10, totals->noniptotal, totals->nonipbtotal, totals->noniptotal_in, totals->nonipbtotal_in, totals->noniptotal_out, totals->nonipbtotal_out); /* Broadcast totals */ wmove(win, 13, 67); printlargenum(totals->bcast, win); wmove(win, 14, 67); printlargenum(totals->bcastbytes, win); /* Bad packet count */ mvwprintw(win, 18, 68, "%8lu", totals->badtotal); } /* * The detailed interface statistics function */ void detstats(char *iface, const struct OPTIONS *options, int facilitytime, struct filterstate *ofilter) { int logging = options->logging; WINDOW *statwin; PANEL *statpanel; char buf[MAX_PACKET_SIZE]; char *packet; struct iphdr *ipacket = NULL; char *tpacket; unsigned int iphlen; char ifname[10]; struct sockaddr_ll fromaddr; unsigned short linktype; int fd; int br; int framelen = 0; int pkt_result = 0; FILE *logfile = NULL; unsigned int iplen = 0; struct iftotals totals; int ch; struct timeval tv; unsigned long updtime = 0; unsigned long long updtime_usec = 0; unsigned long starttime, now; unsigned long statbegin, startlog; unsigned long rate_interval; unsigned long long unow; float spanbr = 0; float spanpkt = 0; float spanbr_in = 0; float spanbr_out = 0; float spanpkt_in = 0; float spanpkt_out = 0; float activity = 0; float activity_in = 0; float activity_out = 0; float peakactivity = 0; float peakactivity_in = 0; float peakactivity_out = 0; float pps = 0; float peakpps = 0; float pps_in = 0; float pps_out = 0; float peakpps_in = 0; float peakpps_out = 0; char unitstring[7]; struct promisc_states *promisc_list; char err_msg[80]; #ifdef ACTIVATE_GRAPHING FILE *graphing_fd; unsigned long last_graph_time; unsigned long graph_interval; float graph_span_pkts = 0; float graph_span_bytes = 0; float graph_span_pkts_in = 0; float graph_span_bytes_in = 0; float graph_span_pkts_out = 0; float graph_span_bytes_out = 0; #endif /* * Mark this facility */ if (!facility_active(DSTATIDFILE, iface)) mark_facility(DSTATIDFILE, "detailed interface statistics", iface); else { snprintf(err_msg, 80, "Detailed interface stats already monitoring %s", iface); write_error(err_msg, daemonized); return; } open_socket(&fd); if (fd < 0) { unmark_facility(DSTATIDFILE, iface); return; } if (!iface_supported(iface)) { err_iface_unsupported(); unmark_facility(DSTATIDFILE, iface); return; } if (!iface_up(iface)) { err_iface_down(); unmark_facility(DSTATIDFILE, iface); return; } if ((first_active_facility()) && (options->promisc)) { init_promisc_list(&promisc_list); save_promisc_list(promisc_list); srpromisc(1, promisc_list); destroy_promisc_list(&promisc_list); } adjust_instance_count(PROCCOUNTFILE, 1); active_facility_countfile[0] = '\0'; move(LINES - 1, 1); stdexitkeyhelp(); statwin = newwin(LINES - 2, COLS, 1, 0); statpanel = new_panel(statwin); tx_stdwinset(statwin); wtimeout(statwin, -1); wattrset(statwin, BOXATTR); tx_colorwin(statwin); tx_box(statwin, ACS_VLINE, ACS_HLINE); wmove(statwin, 0, 1); wprintw(statwin, " Statistics for %s ", iface); wattrset(statwin, STDATTR); update_panels(); doupdate(); bzero(&totals, sizeof(struct iftotals)); if (logging) { if (strcmp(current_logfile, "") == 0) { snprintf(current_logfile, 64, "%s-%s.log", DSTATLOG, iface); if (!daemonized) input_logfile(current_logfile, &logging); } } if (logging) { opentlog(&logfile, current_logfile); if (logfile == NULL) logging = 0; } if (logging) signal(SIGUSR1, rotate_dstat_log); rotate_flag = 0; writelog(logging, logfile, "******** Detailed interface statistics started ********"); printdetlabels(statwin, &totals); printdetails(&totals, statwin); update_panels(); doupdate(); spanbr = 0; gettimeofday(&tv, NULL); starttime = startlog = statbegin = tv.tv_sec; #ifdef ACTIVATE_GRAPHING last_graph_time = starttime; #endif leaveok(statwin, TRUE); isdnfd = -1; exitloop = 0; dispmode(options->actmode, unitstring); /* * Data-gathering loop */ while (!exitloop) { gettimeofday(&tv, NULL); now = tv.tv_sec; unow = tv.tv_sec * 1e+6 + tv.tv_usec; rate_interval = now - starttime; if (rate_interval >= 5) { wattrset(statwin, BOXATTR); printelapsedtime(statbegin, now, LINES - 3, 1, statwin); if (options->actmode == KBITS) { activity = (float) (spanbr * 8 / 1000) / (float) rate_interval; activity_in = (float) (spanbr_in * 8 / 1000) / (float) rate_interval; activity_out = (float) (spanbr_out * 8 / 1000) / (float) rate_interval; } else { activity = (float) (spanbr / 1024) / (float) rate_interval; activity_in = (float) (spanbr_in / 1024) / (float) rate_interval; activity_out = (float) (spanbr_out / 1024) / (float) rate_interval; } pps = (float) (spanpkt) / (float) (now - starttime); pps_in = (float) (spanpkt_in) / (float) (now - starttime); pps_out = (float) (spanpkt_out) / (float) (now - starttime); spanbr = spanbr_in = spanbr_out = 0; spanpkt = spanpkt_in = spanpkt_out = 0; starttime = now; wattrset(statwin, HIGHATTR); mvwprintw(statwin, 13, 19, "%8.1f %s/sec", activity, unitstring); mvwprintw(statwin, 14, 19, "%8.1f packets/sec", pps); mvwprintw(statwin, 16, 19, "%8.1f %s/sec", activity_in, unitstring); mvwprintw(statwin, 17, 19, "%8.1f packets/sec", pps_in); mvwprintw(statwin, 19, 19, "%8.1f %s/sec", activity_out, unitstring); mvwprintw(statwin, 20, 19, "%8.1f packets/sec", pps_out); if (activity > peakactivity) peakactivity = activity; if (activity_in > peakactivity_in) peakactivity_in = activity_in; if (activity_out > peakactivity_out) peakactivity_out = activity_out; if (pps > peakpps) peakpps = pps; if (pps_in > peakpps_in) peakpps_in = pps_in; if (pps_out > peakpps_out) peakpps_out = pps_out; } if ((now - startlog) >= options->logspan && logging) { writedstatlog(iface, options->actmode, activity, pps, peakactivity, peakpps, peakactivity_in, peakpps_in, peakactivity_out, peakpps_out, &totals, time((time_t *) NULL) - statbegin, logfile); startlog = now; } #ifdef ACTIVATE_GRAPHING graph_interval = now - last_graph_time; if (daemonized && graph_interval >= 60 && graphing_logfile[0] != '\0') { graphing_fd = fopen(graphing_logfile, "w"); if (graphing_fd == NULL) { write_error ("Unable to open raw logfile, raw logging diabled", 1); graphing_logfile[0] = '\0'; } else { fprintf(graphing_fd, "%lu %8.2f %8.2f %8.2f %8.2f\n", now, (float) graph_span_pkts_out / (float) graph_interval, (float) (graph_span_bytes_out * 8 / 1000) / (float) graph_interval, (float) graph_span_pkts_in / (float) graph_interval, (float) (graph_span_bytes_in * 8 / 1000) / (float) graph_interval); fclose(graphing_fd); last_graph_time = now; graph_span_pkts_out = 0; graph_span_bytes_out = 0; graph_span_pkts_in = 0; graph_span_bytes_in = 0; } } #endif if (((options->updrate == 0) && (unow - updtime_usec >= DEFAULT_UPDATE_DELAY)) || ((options->updrate != 0) && (now - updtime >= options->updrate))) { printdetails(&totals, statwin); update_panels(); doupdate(); updtime_usec = unow; updtime = now; } check_rotate_flag(&logfile, logging); if ((facilitytime != 0) && (((now - statbegin) / 60) >= facilitytime)) exitloop = 1; getpacket(fd, buf, &fromaddr, &ch, &br, ifname, statwin); if (ch != ERR) { switch (ch) { case 12: case 'l': case 'L': tx_refresh_screen(); break; case 'Q': case 'q': case 'X': case 'x': case 24: case 27: exitloop = 1; break; } } if (br > 0) { framelen = br; pkt_result = processpacket(buf, &packet, &br, NULL, NULL, NULL, &fromaddr, &linktype, ofilter, MATCH_OPPOSITE_USECONFIG, ifname, iface); if (pkt_result != PACKET_OK && pkt_result != MORE_FRAGMENTS) continue; totals.total++; totals.bytestotal += framelen; if (fromaddr.sll_pkttype == PACKET_OUTGOING) { totals.total_out++; totals.bytestotal_out += framelen; spanbr_out += framelen; spanpkt_out++; } else { totals.total_in++; totals.bytestotal_in += framelen; spanbr_in += framelen; spanpkt_in++; } if (fromaddr.sll_pkttype == PACKET_BROADCAST) { totals.bcast++; totals.bcastbytes += framelen; } spanbr += framelen; spanpkt++; if (fromaddr.sll_protocol == ETH_P_IP) { if (pkt_result == CHECKSUM_ERROR) { totals.badtotal++; continue; } ipacket = (struct iphdr *) packet; iphlen = ipacket->ihl * 4; tpacket = packet + iphlen; iplen = ntohs(ipacket->tot_len); totals.iptotal++; totals.ipbtotal += iplen; #ifdef ACTIVATE_GRAPHING graph_span_pkts++; graph_span_bytes += framelen; #endif if (fromaddr.sll_pkttype == PACKET_OUTGOING) { totals.iptotal_out++; totals.ipbtotal_out += iplen; #ifdef ACTIVATE_GRAPHING graph_span_pkts_out++; graph_span_bytes_out += framelen; #endif } else { totals.iptotal_in++; totals.ipbtotal_in += iplen; #ifdef ACTIVATE_GRAPHING graph_span_pkts_in++; graph_span_bytes_in += framelen; #endif } switch (ipacket->protocol) { case IPPROTO_TCP: totals.tcptotal++; totals.tcpbtotal += iplen; if (fromaddr.sll_pkttype == PACKET_OUTGOING) { totals.tcptotal_out++; totals.tcpbtotal_out += iplen; } else { totals.tcptotal_in++; totals.tcpbtotal_in += iplen; } break; case IPPROTO_UDP: totals.udptotal++; totals.udpbtotal += iplen; if (fromaddr.sll_pkttype == PACKET_OUTGOING) { totals.udptotal_out++; totals.udpbtotal_out += iplen; } else { totals.udptotal_in++; totals.udpbtotal_in += iplen; } break; case IPPROTO_ICMP: totals.icmptotal++; totals.icmpbtotal += iplen; if (fromaddr.sll_pkttype == PACKET_OUTGOING) { totals.icmptotal_out++; totals.icmpbtotal_out += iplen; } else { totals.icmptotal_in++; totals.icmpbtotal_in += iplen; } break; default: totals.othtotal++; totals.othbtotal += iplen; if (fromaddr.sll_pkttype == PACKET_OUTGOING) { totals.othtotal_out++; totals.othbtotal_out += iplen; } else { totals.othtotal_in++; totals.othbtotal_in += iplen; } break; } } else { totals.noniptotal++; totals.nonipbtotal += br; if (fromaddr.sll_pkttype == PACKET_OUTGOING) { totals.noniptotal_out++; totals.nonipbtotal_out += br; } else { totals.noniptotal_in++; totals.nonipbtotal_in += br; } } } } close(fd); if ((options->promisc) && (is_last_instance())) { load_promisc_list(&promisc_list); srpromisc(0, promisc_list); destroy_promisc_list(&promisc_list); } adjust_instance_count(PROCCOUNTFILE, -1); if (logging) { signal(SIGUSR1, SIG_DFL); writedstatlog(iface, options->actmode, activity, pps, peakactivity, peakpps, peakactivity_in, peakpps_in, peakactivity_out, peakpps_out, &totals, time((time_t *) NULL) - statbegin, logfile); writelog(logging, logfile, "******** Detailed interface statistics stopped ********"); fclose(logfile); } del_panel(statpanel); delwin(statwin); unmark_facility(DSTATIDFILE, iface); strcpy(current_logfile, ""); pkt_cleanup(); update_panels(); doupdate(); } void selectiface(char *ifname, int withall, int *aborted) { int ch; struct iflist *list; struct iflist *ptmp; struct scroll_list scrolllist; initiflist(&list); if (list == NULL) { no_ifaces_error(); *aborted = 1; return; } if ((withall) && (list != NULL)) { ptmp = malloc(sizeof(struct iflist)); strcpy(ptmp->ifname, "All interfaces"); ptmp->prev_entry = NULL; list->prev_entry = ptmp; ptmp->next_entry = list; list = ptmp; } tx_listkeyhelp(STDATTR, HIGHATTR); ptmp = list; tx_init_listbox(&scrolllist, 24, 14, (COLS - 24) / 2 - 9, (LINES - 14) / 2, STDATTR, BOXATTR, BARSTDATTR, HIGHATTR); tx_set_listbox_title(&scrolllist, "Select Interface", 1); while (ptmp != NULL) { tx_add_list_entry(&scrolllist, (char *) ptmp, ptmp->ifname); ptmp = ptmp->next_entry; } tx_show_listbox(&scrolllist); tx_operate_listbox(&scrolllist, &ch, aborted); tx_close_listbox(&scrolllist); if (!(*aborted) && (list != NULL)) { ptmp = (struct iflist *) scrolllist.textptr->nodeptr; if ((withall) && (ptmp->prev_entry == NULL)) /* All Interfaces */ strcpy(ifname, ""); else strcpy(ifname, ptmp->ifname); } tx_destroy_list(&scrolllist); destroyiflist(list); update_panels(); doupdate(); } iptraf-3.0.0/src/ipcsum.c0100644000076400000000000000215210311472356014105 0ustar rikerroot /* * in_cksum -- * Checksum routine for Internet Protocol family headers (C Version) * * borrowed from the ping program from the Linux NetKit. * This is a standard C version of the * IP header checksum calculation algorithm. */ #include int in_cksum(u_short * addr, int len) { register int nleft = len; register u_short *w = addr; register int sum = 0; u_short answer = 0; /* * Our algorithm is simple, using a 32 bit accumulator (sum), we add * sequential 16 bit words to it, and at the end, fold back all the * carry bits from the top 16 bits into the lower 16 bits. */ while (nleft > 1) { sum += *w++; nleft -= 2; } /* mop up an odd byte, if necessary */ if (nleft == 1) { *(u_char *) (&answer) = *(u_char *) w; sum += answer; } /* add back carry outs from top 16 bits to low 16 bits */ sum = (sum >> 16) + (sum & 0xffff); /* add hi 16 to low 16 */ sum += (sum >> 16); /* add carry */ answer = ~sum; /* truncate to 16 bits */ return (answer); } iptraf-3.0.0/src/iptraf.c0100644000076400000000000004655510311472356014111 0ustar rikerroot/* =========================================================================== IPTraf An IP Network Statistics Utility Written by Gerard Paul Java Copyright (c) Gerard Paul Java 1997-2004 Version 3.0.0 Main Module --------------------------------------------------------------------------- This software is open-source; you may redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 2 of the License, or (at your option) any later version. This program is distributed WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License in the included COPYING file for details. --------------------------------------------------------------------------- */ #define MAIN_MODULE #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include "dirs.h" #include "deskman.h" #include "fltdefs.h" #include "fltselect.h" #include "fltmgr.h" #include "fltedit.h" #include "ifstats.h" #include "serv.h" #include "options.h" #include "promisc.h" #include "externs.h" #include "instances.h" #include "tcptable.h" #include "log.h" #include "attrs.h" #include "rvnamed.h" #include "logvars.h" #include "getpath.h" #define WITHALL 1 #define WITHOUTALL 0 const char *ALLSPEC = "all"; /* * Important globals used throughout the * program. */ int exitloop = 0; int daemonized = 0; int facility_running = 0; int is_first_instance; char active_facility_lockfile[64]; char active_facility_countfile[64]; int accept_unsupported_interfaces = 0; char graphing_filter[80]; extern void about(); void press_enter_to_continue(void) { fprintf(stderr, "Press Enter to continue.\n"); getchar(); } void clearfiles(char *prefix, char *directory) { DIR *dir; struct dirent *dir_entry; char target_name[80]; dir = opendir(directory); if (dir == NULL) { fprintf(stderr, "\nUnable to read directory %s\n%s\n", directory, strerror(errno)); press_enter_to_continue(); return; } do { dir_entry = readdir(dir); if (dir_entry != NULL) { if (strncmp(dir_entry->d_name, prefix, strlen(prefix)) == 0) { snprintf(target_name, 80, "%s/%s", directory, dir_entry->d_name); unlink(target_name); } } } while (dir_entry != NULL); closedir(dir); } void removetags(void) { clearfiles("iptraf", LOCKDIR); } void remove_sockets(void) { clearfiles(SOCKET_PREFIX, WORKDIR); } /* * Handlers for the TERM signal and HUP signals. There's nothing we can do * for the KILL. */ void term_signal_handler(int signo) { erase(); refresh(); endwin(); if (signo != SIGHUP) fprintf(stderr, "IPTraf process %u exiting on signal %d\n\n", getpid(), signo); if (active_facility_lockfile[0] != '\0') { unlink(active_facility_lockfile); adjust_instance_count(PROCCOUNTFILE, -1); if (active_facility_countfile[0] != '\0') adjust_instance_count(active_facility_countfile, -1); } if (is_first_instance) unlink(IPTIDFILE); exit(1); } /* * Handler for the SIGSEGV, Segmentation Fault. Tries to clear the screen * and issue a better message than "Segmentation fault". May not always * clean up properly. */ void segvhandler() { erase(); refresh(); endwin(); fprintf(stderr, "Fatal: memory allocation error\n\n"); fprintf(stderr, "If you suspect a bug, please report the exact circumstances under which this\n"); fprintf(stderr, "error was generated. If possible, include gdb or strace data which may point\n"); fprintf(stderr, "out where the error occured. Bug reports may be sent in to iptraf@seul.org.\n\n"); fprintf(stderr, "An attempt will be made to clear all lock files, but if stale lock files\n"); fprintf(stderr, "remain, exit all other instances of IPTraf and restart with the -f\n"); fprintf(stderr, "command-line parameter.\n\n"); fprintf(stderr, "IPTraf process %u aborting on signal 11.\n\n", getpid()); if (active_facility_lockfile[0] != '\0') unlink(active_facility_lockfile); if (is_first_instance) unlink(IPTIDFILE); if (active_facility_lockfile[0] != '\0') { unlink(active_facility_lockfile); adjust_instance_count(PROCCOUNTFILE, -1); if (active_facility_countfile[0] != '\0') adjust_instance_count(active_facility_countfile, -1); } exit(2); } /* * USR2 handler. Used to normally exit a daemonized facility. */ void term_usr2_handler() { exitloop = 1; } void init_break_menu(struct MENU *break_menu) { tx_initmenu(break_menu, 6, 20, (LINES - 6) / 2, COLS / 2, BOXATTR, STDATTR, HIGHATTR, BARSTDATTR, BARHIGHATTR, DESCATTR); tx_additem(break_menu, " By packet ^s^ize", "Displays packet counts by packet size range"); tx_additem(break_menu, " By TCP/UDP ^p^ort", "Displays packet and byte counts by service port"); tx_additem(break_menu, NULL, NULL); tx_additem(break_menu, " E^x^it menu", "Return to main menu"); } /* * Get the ball rolling: The program interface routine. */ void program_interface(struct OPTIONS *options, int opt, char *optarg, int facilitytime) { struct MENU menu; struct MENU break_menu; int endloop = 0; int row = 1; int break_row = 1; int aborted; int break_aborted; struct filterstate ofilter; struct ffnode *fltfiles; char ifname[10]; char *ifptr = NULL; struct porttab *ports; draw_desktop(); attrset(STATUSBARATTR); mvprintw(0, 1, "IPTraf"); /* * Load saved filter or graphing filter if specified */ if (graphing_logfile[0] != '\0') { loadfilterlist(&fltfiles); memset(&ofilter, 0, sizeof(struct filterstate)); loadfilter(pickfilterbyname(fltfiles, graphing_filter), &(ofilter.fl), FLT_RESOLVE); } else { loadfilters(&ofilter); indicate(""); } loadaddports(&ports); if (opt == 0) { attrset(STATUSBARATTR); mvprintw(LINES - 1, 1, PLATFORM); about(); tx_initmenu(&menu, 13, 35, (LINES - 14) / 2, (COLS - 35) / 2, BOXATTR, STDATTR, HIGHATTR, BARSTDATTR, BARHIGHATTR, DESCATTR); tx_additem(&menu, " IP traffic ^m^onitor", "Displays current IP traffic information"); tx_additem(&menu, " General interface ^s^tatistics", "Displays some statistics for attached interfaces"); tx_additem(&menu, " ^D^etailed interface statistics", "Displays more statistics for a selected interface"); tx_additem(&menu, " Statistical ^b^reakdowns...", "Facilities for traffic counts by packet size or TCP/UDP port"); tx_additem(&menu, " ^L^AN station monitor", "Displays statistics on detected LAN stations"); tx_additem(&menu, NULL, NULL); tx_additem(&menu, " ^F^ilters...", "Allows you to select traffic display and logging criteria"); tx_additem(&menu, NULL, NULL); tx_additem(&menu, " C^o^nfigure...", "Set various program options"); tx_additem(&menu, NULL, NULL); tx_additem(&menu, " E^x^it", "Exits program"); endloop = 0; do { tx_showmenu(&menu); tx_operatemenu(&menu, &row, &aborted); switch (row) { case 1: selectiface(ifname, WITHALL, &aborted); if (!aborted) { if (strcmp(ifname, "") != 0) ifptr = ifname; else ifptr = NULL; ipmon(options, &ofilter, 0, ifptr); } break; case 2: ifstats(options, &ofilter, 0); break; case 3: selectiface(ifname, WITHOUTALL, &aborted); if (!aborted) detstats(ifname, options, 0, &ofilter); break; case 4: break_row = 1; init_break_menu(&break_menu); tx_showmenu(&break_menu); tx_operatemenu(&break_menu, &break_row, &break_aborted); switch (break_row) { case 1: selectiface(ifname, WITHOUTALL, &aborted); if (!aborted) packet_size_breakdown(options, ifname, 0, &ofilter); break; case 2: selectiface(ifname, WITHOUTALL, &aborted); if (!aborted) servmon(ifname, ports, options, 0, &ofilter); break; case 4: break; } tx_destroymenu(&break_menu); break; case 5: selectiface(ifname, WITHALL, &aborted); if (!aborted) { if (strcmp(ifname, "") != 0) ifptr = ifname; else ifptr = NULL; hostmon(options, 0, ifptr, &ofilter); } break; case 7: config_filters(&ofilter); savefilters(&ofilter); break; case 9: setoptions(options, &ports); saveoptions(options); break; case 11: endloop = 1; break; } } while (!endloop); tx_destroymenu(&menu); } else { switch (opt) { case 'i': if ((strcmp(optarg, ALLSPEC) == 0) || (strcmp(optarg, "") == 0)) ifptr = NULL; else ifptr = optarg; ipmon(options, &ofilter, facilitytime, ifptr); break; case 'g': ifstats(options, &ofilter, facilitytime); break; case 'd': detstats(optarg, options, facilitytime, &ofilter); break; case 's': servmon(optarg, ports, options, facilitytime, &ofilter); break; case 'z': packet_size_breakdown(options, optarg, facilitytime, &ofilter); break; case 'l': if ((strcmp(optarg, ALLSPEC) == 0) || (strcmp(optarg, "") == 0)) ifptr = NULL; else ifptr = optarg; hostmon(options, facilitytime, ifptr, &ofilter); break; } } destroyporttab(ports); erase(); update_panels(); doupdate(); } /* * Command-line help facility. */ void commandhelp() { printf("\nSyntax:\n"); printf (" iptraf [ -f ] [ { -i iface | -g | -d iface | -s iface | -z iface |\n"); printf (" -l iface } [ -t timeout ] [ -B ] [ -L logfile ] [-I interval] ] \n\n"); printf ("Issue the iptraf command with no parameters for menu-driven operation.\n"); printf("These options can also be supplied to the command:\n\n"); printf ("-i iface - start the IP traffic monitor (use \"-i all\" for all interfaces)\n"); printf("-g - start the general interface statistics\n"); printf ("-d iface - start the detailed statistics facility on an interface\n"); printf ("-s iface - start the TCP and UDP monitor on an interface\n"); printf("-z iface - shows the packet size counts on an interface\n"); printf ("-l iface - start the LAN station monitor (\"-l all\" for all LAN interfaces)\n"); printf ("-B - run in background (use only with one of the above parameters)\n"); printf ("-t timeout - when used with one of the above parameters, tells\n"); printf (" the facility to run only for the specified number of\n"); printf(" minutes (timeout)\n"); printf ("-L logfile - specifies an alternate log file for any direct invocation\n"); printf (" of a facility from the command line. The log is placed in\n"); printf(" %s if path is not specified.\n", LOGDIR); printf ("-I interval - specifies the log interval for all facilities except the IP\n"); printf(" traffic monitor. Value is in minutes.\n"); printf ("-f - clear all locks and counters. Use with great caution.\n"); printf (" Normally used to recover from an abnormal termination.\n\n"); printf("IPTraf %s Copyright (c) Gerard Paul Java 1997-2004\n", VERSION); } int first_instance() { int fd; fd = open(IPTIDFILE, O_RDONLY); if (fd < 0) return !0; else { close(fd); return 0; } } void mark_first_instance() { int fd; fd = open(IPTIDFILE, O_CREAT | O_WRONLY | O_TRUNC, S_IRUSR | S_IWUSR); if (fd < 0) { fprintf(stderr, "\nWarning: unable to tag this process\r\n"); press_enter_to_continue(); return; } close(fd); } /* * Main routine */ int main(int argc, char **argv) { struct OPTIONS options; int opt = 0; int command = 0; char keyparm[12]; int facilitytime = 0; int current_log_interval; #ifndef ALLOWUSERS if (getuid() != 0) { fprintf(stderr, "\nIPTraf Version %s\n", VERSION); fprintf(stderr, "Copyright (c) Gerard Paul Java 1997-2004l\n\n"); fprintf(stderr, "This program can be run only by the system administrator\n\n"); exit(1); } #endif strcpy(current_logfile, ""); strcpy(graphing_logfile, ""); strcpy(graphing_filter, ""); /* * Parse command line */ if (argc > 1) { do { opterr = 0; opt = getopt(argc, argv, "i:gd:s:z:l:hfqt:BL:uI:G:F:"); if (opt == 'h') { commandhelp(); exit(0); } else if (opt == 'f') { removetags(); remove_sockets(); } else if (opt == 't') { facilitytime = atoi(optarg); if (facilitytime == 0) { fprintf(stderr, "\nInvalid time value\n\n"); exit(1); } } else if (opt == 'B') { daemonized = 1; setenv("TERM", "linux", 1); } else if (opt == 'L') { if (strchr(optarg, '/') != NULL) strncpy(current_logfile, optarg, 80); else strncpy(current_logfile, get_path(T_LOGDIR, optarg), 80); } else if (opt == 'q') { /* -q parameter now ignored, maintained for compatibility */ } else if (opt == 'u') { accept_unsupported_interfaces = 1; } else if (opt == 'I') { current_log_interval = atoi(optarg); if (current_log_interval == 0) fprintf(stderr, "Invalid log interval value\n"); exit(1); } else if (opt == 'G') { if (strchr(optarg, '/') != NULL) strncpy(graphing_logfile, optarg, 80); else strncpy(graphing_logfile, get_path(T_LOGDIR, optarg), 80); daemonized = 1; } else if (opt == 'F') { strncpy(graphing_filter, optarg, 80); } else if (opt == '?') { fprintf(stderr, "\nInvalid option or missing parameter, use iptraf -h for help\n\n"); exit(1); } else if (opt != -1) { if (optarg != 0) { bzero(keyparm, 12); strncpy(keyparm, optarg, 11); } else strcpy(keyparm, ""); command = opt; } } while ((opt != '?') && (opt != -1)); } is_first_instance = first_instance(); if ((getenv("TERM") == NULL) && (!daemonized)) { fprintf(stderr, "Your TERM variable is not set.\n"); fprintf(stderr, "Please set it to an appropriate value.\n"); exit(1); } if (graphing_logfile[0] != '\0' && graphing_filter[0] == '\0') { fprintf(stderr, "Specify an IP filter name with -F\n"); exit(1); } loadoptions(&options); /* * If a facility is directly invoked from the command line, check for * a daemonization request */ if ((daemonized) && (command != 0)) { switch (fork()) { case 0: /* child */ setsid(); freopen("/dev/null", "w", stdout); /* redirect std output */ freopen("/dev/null", "r", stdin); /* redirect std input */ freopen("/dev/null", "w", stderr); /* redirect std error */ signal(SIGUSR2, (void *) term_usr2_handler); if (graphing_logfile[0] != '\0') options.logging = 0; /* if raw logging is specified */ else /* then standard logging is disabled */ options.logging = 1; break; case -1: /* error */ fprintf(stderr, "\nFork error, IPTraf cannot run in background\n\n"); exit(1); default: /* parent */ exit(0); } } #ifdef SIMDAEMON daemonized = 1; freopen("/dev/null", "w", stdout); /* redirect std output */ freopen("/dev/null", "r", stdin); freopen("/dev/null", "w", stderr); #endif initscr(); if ((LINES < 24) || (COLS < 80)) { endwin(); fprintf(stderr, "\nThis program requires a screen size of at least 80 columns by 24 lines\n"); fprintf(stderr, "Please resize your window\n\n"); exit(1); } mark_first_instance(); signal(SIGTERM, (void *) term_signal_handler); signal(SIGHUP, (void *) term_signal_handler); signal(SIGSEGV, (void *) segvhandler); signal(SIGTSTP, SIG_IGN); signal(SIGINT, SIG_IGN); signal(SIGUSR1, SIG_IGN); start_color(); standardcolors(options.color); noecho(); nonl(); cbreak(); #ifndef DEBUG curs_set(0); #endif /* * Set logfilename variable to NULL if -L was specified without an * appropriate facility on the command line. */ if (command == 0) strcpy(current_logfile, ""); /* * If by this time the logfile is still acceptable, obtain the * logspan from the command line if so specified. */ if (current_logfile[0] != '\0') { options.logging = 1; if (current_log_interval != 0) { options.logspan = current_log_interval; } } program_interface(&options, command, keyparm, facilitytime); endwin(); if (is_first_instance) unlink(IPTIDFILE); return (0); } iptraf-3.0.0/src/itrafmon.c0100644000076400000000000012632210311472356014432 0ustar rikerroot/*** itrafmon.c - the IP traffic monitor module Written by Gerard Paul Java Copyright (c) Gerard Paul Java 1997, 1998 This software is open source; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 2 of the License, or (at your option) any later version. This program is distributed WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License in the included COPYING file for details. ***/ #include #include #include #include #include #include #include #include "options.h" #include "tcptable.h" #include "othptab.h" #include "fltdefs.h" #include "fltselect.h" #include "isdntab.h" #include "packet.h" #include "ifaces.h" #include "promisc.h" #include "deskman.h" #include "error.h" #include "attrs.h" #include "log.h" #include "revname.h" #include "rvnamed.h" #include "dirs.h" #include "timer.h" #include "ipfrag.h" #include "instances.h" #include "logvars.h" #include "bar.h" #define SCROLLUP 0 #define SCROLLDOWN 1 extern int exitloop; extern int daemonized; void writetcplog(int logging, FILE * fd, struct tcptableent *entry, unsigned int pktlen, int mac, char *message); void write_tcp_unclosed(int logging, FILE * fd, struct tcptable *table); void rotate_ipmon_log() { rotate_flag = 1; strcpy(target_logname, current_logfile); signal(SIGUSR1, rotate_ipmon_log); } /* Hot key indicators for the bottom line */ void ipmonhelp() { move(LINES - 1, 1); tx_printkeyhelp("Up/Dn/PgUp/PgDn", "-scroll ", stdscr, HIGHATTR, STATUSBARATTR); move(LINES - 1, 43); tx_printkeyhelp("W", "-chg actv win ", stdscr, HIGHATTR, STATUSBARATTR); tx_printkeyhelp("S", "-sort TCP ", stdscr, HIGHATTR, STATUSBARATTR); stdexitkeyhelp(); }; void uniq_help(int what) { move(LINES - 1, 25); if (!what) tx_printkeyhelp("M", "-more TCP info ", stdscr, HIGHATTR, STATUSBARATTR); else tx_printkeyhelp("Lft/Rt", "-vtcl scrl ", stdscr, HIGHATTR, STATUSBARATTR); } /* Mark general packet count indicators */ void prepare_statwin(WINDOW * win) { wattrset(win, IPSTATLABELATTR); wmove(win, 0, 1); wprintw(win, "Pkts captured (all interfaces):"); mvwaddch(win, 0, 45 * COLS / 80, ACS_VLINE); } void markactive(int curwin, WINDOW * tw, WINDOW * ow) { WINDOW *win1; WINDOW *win2; int x1, y1, x2, y2; if (!curwin) { win1 = tw; win2 = ow; } else { win1 = ow; win2 = tw; } getmaxyx(win1, y1, x1); getmaxyx(win2, y2, x2); wmove(win1, --y1, COLS - 10); wattrset(win1, ACTIVEATTR); wprintw(win1, " Active "); wattrset(win1, BOXATTR); wmove(win2, --y2, COLS - 10); whline(win2, ACS_HLINE, 8); } void show_stats(WINDOW * win, unsigned long long total) { wattrset(win, IPSTATATTR); wmove(win, 0, 35 * COLS / 80); printlargenum(total, win); } /* * Scrolling and paging routines for the upper (TCP) window */ void scrollupperwin(struct tcptable *table, int direction, unsigned long *idx, int mode) { char sp_buf[10]; sprintf(sp_buf, "%%%dc", COLS - 2); wattrset(table->tcpscreen, STDATTR); if (direction == SCROLLUP) { if (table->lastvisible != table->tail) { wscrl(table->tcpscreen, 1); table->lastvisible = table->lastvisible->next_entry; table->firstvisible = table->firstvisible->next_entry; (*idx)++; wmove(table->tcpscreen, table->imaxy - 1, 0); scrollok(table->tcpscreen, 0); wprintw(table->tcpscreen, sp_buf, ' '); scrollok(table->tcpscreen, 1); printentry(table, table->lastvisible, *idx, mode); } } else { if (table->firstvisible != table->head) { wscrl(table->tcpscreen, -1); table->firstvisible = table->firstvisible->prev_entry; table->lastvisible = table->lastvisible->prev_entry; (*idx)--; wmove(table->tcpscreen, 0, 0); wprintw(table->tcpscreen, sp_buf, ' '); printentry(table, table->firstvisible, *idx, mode); } } } void pageupperwin(struct tcptable *table, int direction, unsigned long *idx, int mode) { int i = 1; wattrset(table->tcpscreen, STDATTR); if (direction == SCROLLUP) { while ((i <= table->imaxy - 3) && (table->lastvisible != table->tail)) { i++; table->firstvisible = table->firstvisible->next_entry; table->lastvisible = table->lastvisible->next_entry; (*idx)++; } } else { while ((i <= table->imaxy - 3) && (table->firstvisible != table->head)) { i++; table->firstvisible = table->firstvisible->prev_entry; table->lastvisible = table->lastvisible->prev_entry; (*idx)--; } } } /* * Scrolling and paging routines for the lower (non-TCP) window. */ void scrolllowerwin(struct othptable *table, int direction) { if (direction == SCROLLUP) { if (table->lastvisible != table->tail) { wscrl(table->othpwin, 1); table->lastvisible = table->lastvisible->next_entry; table->firstvisible = table->firstvisible->next_entry; if (table->htstat == HIND) { /* Head indicator on? */ wmove(table->borderwin, table->obmaxy - 1, 1); whline(table->borderwin, ACS_HLINE, 8); table->htstat = NOHTIND; } printothpentry(table, table->lastvisible, table->oimaxy - 1, 0, (FILE *) NULL); } } else { if (table->firstvisible != table->head) { wscrl(table->othpwin, -1); table->firstvisible = table->firstvisible->prev_entry; table->lastvisible = table->lastvisible->prev_entry; if (table->htstat == TIND) { /* Tail indicator on? */ wmove(table->borderwin, table->obmaxy - 1, 1); whline(table->borderwin, ACS_HLINE, 8); table->htstat = NOHTIND; } printothpentry(table, table->firstvisible, 0, 0, (FILE *) NULL); } } } void pagelowerwin(struct othptable *table, int direction) { int i = 1; if (direction == SCROLLUP) { while ((i <= table->oimaxy - 2) && (table->lastvisible != table->tail)) { i++; table->firstvisible = table->firstvisible->next_entry; table->lastvisible = table->lastvisible->next_entry; if (table->htstat == HIND) { /* Head indicator on? */ wmove(table->borderwin, table->obmaxy - 1, 1); whline(table->borderwin, ACS_HLINE, 8); table->htstat = NOHTIND; } } } else { while ((i <= table->oimaxy - 2) && (table->firstvisible != table->head)) { i++; table->firstvisible = table->firstvisible->prev_entry; table->lastvisible = table->lastvisible->prev_entry; if (table->htstat == TIND) { /* Tail indicator on? */ wmove(table->borderwin, table->obmaxy - 1, 1); whline(table->borderwin, ACS_HLINE, 8); table->htstat = NOHTIND; } } } } /* * Pop up sorting key window */ void show_tcpsort_win(WINDOW ** win, PANEL ** panel) { *win = newwin(9, 35, (LINES - 8) / 2, COLS - 40); *panel = new_panel(*win); wattrset(*win, DLGBOXATTR); tx_colorwin(*win); tx_box(*win, ACS_VLINE, ACS_HLINE); wattrset(*win, DLGTEXTATTR); mvwprintw(*win, 2, 2, "Select sort criterion"); wmove(*win, 4, 2); tx_printkeyhelp("P", " - sort by packet count", *win, DLGHIGHATTR, DLGTEXTATTR); wmove(*win, 5, 2); tx_printkeyhelp("B", " - sort by byte count", *win, DLGHIGHATTR, DLGTEXTATTR); wmove(*win, 6, 2); tx_printkeyhelp("Any other key", " - cancel sort", *win, DLGHIGHATTR, DLGTEXTATTR); update_panels(); doupdate(); } /* * Routine to swap two TCP entries. p1 and p2 are pointers to TCP entries, * but p1 must be ahead of p2. It's a linked list thing. */ void swap_tcp_entries(struct tcptable *table, struct tcptableent *p1, struct tcptableent *p2) { struct tcptableent *p2nextsaved; struct tcptableent *p1prevsaved; unsigned int tmp; if (p1 == p2) return; tmp = p1->index; p1->index = p2->index; p2->index = tmp; p1->next_entry->index = p1->index + 1; p2->next_entry->index = p2->index + 1; if (p1->prev_entry != NULL) p1->prev_entry->next_entry = p2; else table->head = p2; if (p2->next_entry->next_entry != NULL) p2->next_entry->next_entry->prev_entry = p1->next_entry; else table->tail = p1->next_entry; p2nextsaved = p2->next_entry->next_entry; p1prevsaved = p1->prev_entry; if (p1->next_entry->next_entry == p2) { /* swapping adjacent entries */ p2->next_entry->next_entry = p1; p1->prev_entry = p2->next_entry; } else { p2->next_entry->next_entry = p1->next_entry->next_entry; p1->prev_entry = p2->prev_entry; p2->prev_entry->next_entry = p1; p1->next_entry->next_entry->prev_entry = p2->next_entry; } p2->prev_entry = p1prevsaved; p1->next_entry->next_entry = p2nextsaved; } unsigned long long qt_getkey(struct tcptableent *entry, int ch) { if (ch == 'B') return (max(entry->bcount, entry->oth_connection->bcount)); return (max(entry->pcount, entry->oth_connection->pcount)); } struct tcptableent *qt_partition(struct tcptable *table, struct tcptableent **low, struct tcptableent **high, int ch, struct OPTIONS *opts, int logging, FILE * logfile, int *nomem) { struct tcptableent *pivot = *low; struct tcptableent *left = *low; struct tcptableent *right = *high; struct tcptableent *ptmp; unsigned long long pivot_value; time_t now; pivot_value = qt_getkey(pivot, ch); now = time(NULL); while (left->index < right->index) { while ((qt_getkey(left, ch) >= pivot_value) && (left->next_entry->next_entry != NULL)) { /* * Might as well check out timed out entries here too. */ if ((opts->timeout > 0) && ((now - left->lastupdate) / 60 > opts->timeout) && (!(left->inclosed))) { left->timedout = left->oth_connection->timedout = 1; addtoclosedlist(table, left, nomem); if (logging) write_timeout_log(logging, logfile, left, opts); } left = left->next_entry->next_entry; } while (qt_getkey(right, ch) < pivot_value) { /* * Might as well check out timed out entries here too. */ if ((opts->timeout > 0) && ((now - right->lastupdate) / 60 > opts->timeout) && (!(right->inclosed))) { right->timedout = right->oth_connection->timedout = 1; addtoclosedlist(table, right, nomem); if (logging) write_timeout_log(logging, logfile, right, opts); } right = right->prev_entry->prev_entry; } if (left->index < right->index) { swap_tcp_entries(table, left, right); if (*low == left) *low = right; if (*high == right) *high = left; ptmp = left; left = right; right = ptmp; } } swap_tcp_entries(table, pivot, right); if (*low == pivot) *low = right; if (*high == right) *high = pivot; return pivot; } /* * Quicksort the TCP entries. */ void quicksort_tcp_entries(struct tcptable *table, struct tcptableent *low, struct tcptableent *high, int ch, struct OPTIONS *opts, int logging, FILE * logfile, int *nomem) { struct tcptableent *pivot; if ((high == NULL) || (low == NULL)) return; if (high->index > low->index) { pivot = qt_partition(table, &low, &high, ch, opts, logging, logfile, nomem); if (pivot->prev_entry != NULL) quicksort_tcp_entries(table, low, pivot->prev_entry->prev_entry, ch, opts, logging, logfile, nomem); quicksort_tcp_entries(table, pivot->next_entry->next_entry, high, ch, opts, logging, logfile, nomem); } } /* * This function sorts the TCP window. The old exchange sort has been * replaced with a Quicksort algorithm. */ void sortipents(struct tcptable *table, unsigned long *idx, int ch, int mode, int logging, FILE * logfile, time_t timeout, int *nomem, struct OPTIONS *opts) { struct tcptableent *tcptmp1; unsigned int idxtmp; if ((table->head == NULL) || (table->head->next_entry->next_entry == NULL)) return; ch = toupper(ch); if ((ch != 'P') && (ch != 'B')) return; quicksort_tcp_entries(table, table->head, table->tail->prev_entry, ch, opts, logging, logfile, nomem); update_panels(); doupdate(); tx_colorwin(table->tcpscreen); tcptmp1 = table->firstvisible = table->head; *idx = 1; idxtmp = 0; while ((tcptmp1 != NULL) && (idxtmp <= table->imaxy - 1)) { if (idxtmp++ <= table->imaxy - 1) table->lastvisible = tcptmp1; tcptmp1 = tcptmp1->next_entry; } } /* * Attempt to communicate with rvnamed, and if it doesn't respond, try * to start it. */ int checkrvnamed(void) { int execstat = 0; pid_t cpid = 0; int cstat; extern int errno; indicate("Trying to communicate with reverse lookup server"); if (!rvnamedactive()) { indicate("Starting reverse lookup server"); if ((cpid = fork()) == 0) { execstat = execl(RVNDFILE, NULL); /* * execl() never returns, so if we reach this point, we have * a problem. */ _exit(1); } else if (cpid == -1) { write_error("Can't spawn new process; lookups will block", daemonized); return 0; } else { while (waitpid(cpid, &cstat, 0) < 0) if (errno != EINTR) break; if (WEXITSTATUS(cstat) == 1) { write_error("Can't start rvnamed; lookups will block", daemonized); return 0; } else { sleep(1); return 1; } } } return 1; } void update_flowrate(WINDOW * win, struct tcptableent *entry, time_t now, int *cleared, int mode) { float rate = 0; char units[10]; wattrset(win, IPSTATLABELATTR); mvwprintw(win, 0, COLS * 47 / 80, "TCP flow rate: "); wattrset(win, IPSTATATTR); if (mode == KBITS) { strcpy(units, "kbits/s"); rate = (float) (entry->spanbr * 8 / 1000) / (float) (now - entry-> starttime); } else { strcpy(units, "kbytes/s"); rate = (float) (entry->spanbr / 1024) / (float) (now - entry->starttime); } mvwprintw(win, 0, COLS * 50 / 80 + 13, "%8.2f %s", rate, units); entry->spanbr = 0; *cleared = 0; } /* * The IP Traffic Monitor */ void ipmon(struct OPTIONS *options, struct filterstate *ofilter, int facilitytime, char *ifptr) { int logging = options->logging; struct sockaddr_ll fromaddr; /* iface info */ unsigned short linktype; /* data link type */ int fd; /* raw socket */ char tpacket[MAX_PACKET_SIZE]; /* raw packet data */ char *packet = NULL; /* network packet ptr */ struct iphdr *ippacket; struct tcphdr *transpacket; /* IP-encapsulated packet */ unsigned int sport = 0, dport = 0; /* TCP/UDP port values */ char sp_buf[10]; unsigned long screen_idx = 1; struct timeval tv; unsigned long starttime = 0; unsigned long now = 0; unsigned long timeint = 0; unsigned long updtime = 0; unsigned long long updtime_usec = 0; unsigned long long unow = 0; unsigned long closedint = 0; WINDOW *statwin; PANEL *statpanel; WINDOW *sortwin; PANEL *sortpanel; FILE *logfile = NULL; int curwin = 0; int readlen; char ifname[10]; unsigned long long total_pkts = 0; unsigned int br; /* bytes read. Differs from readlen */ /* only when packets fragmented */ unsigned int iphlen; unsigned int totalhlen; struct tcptable table; struct tcptableent *tcpentry; struct tcptableent *tmptcp; int mode = 0; struct othptable othptbl; struct othptabent *othpent; int p_sstat = 0, p_dstat = 0; /* Reverse lookup statuses prior to */ /* reattempt in updateentry() */ int pkt_result = 0; /* Non-IP filter ok */ int fragment = 0; /* Set to 1 if not first fragment */ int ch; int keymode = 0; char msgstring[80]; int nomem = 0; struct promisc_states *promisc_list; int rvnfd = 0; int instance_id; int revlook = options->revlook; int statcleared = 0; int wasempty = 1; const int statx = COLS * 47 / 80; /* * Mark this instance of the traffic monitor */ if (!facility_active(IPMONIDFILE, ifptr)) mark_facility(IPMONIDFILE, "IP traffic monitor", ifptr); else { snprintf(msgstring, 80, "IP Traffic Monitor already listening on %s", gen_iface_msg(ifptr)); write_error(msgstring, daemonized); return; } if (ifptr != NULL) { if (!iface_supported(ifptr)) { err_iface_unsupported(); unmark_facility(IPMONIDFILE, ifptr); return; } if (!iface_up(ifptr)) { err_iface_down(); unmark_facility(IPMONIDFILE, ifptr); return; } } open_socket(&fd); if (fd < 0) { unmark_facility(IPMONIDFILE, ifptr); return; } if (options->promisc) { if (first_active_facility()) { init_promisc_list(&promisc_list); save_promisc_list(promisc_list); srpromisc(1, promisc_list); } } /* * Adjust instance counters */ adjust_instance_count(PROCCOUNTFILE, 1); instance_id = adjust_instance_count(ITRAFMONCOUNTFILE, 1); strncpy(active_facility_countfile, ITRAFMONCOUNTFILE, 64); init_tcp_table(&table); init_othp_table(&othptbl, options->mac); statwin = newwin(1, COLS, LINES - 2, 0); statpanel = new_panel(statwin); wattrset(statwin, IPSTATLABELATTR); wmove(statwin, 0, 0); sprintf(sp_buf, "%%%dc", COLS); wprintw(statwin, sp_buf, ' '); prepare_statwin(statwin); show_stats(statwin, 0); markactive(curwin, table.borderwin, othptbl.borderwin); update_panels(); doupdate(); if (revlook) { if (checkrvnamed()) open_rvn_socket(&rvnfd); } else rvnfd = 0; ipmonhelp(); uniq_help(0); update_panels(); doupdate(); if (options->servnames) setservent(1); /* * Try to open log file if logging activated. Turn off logging * (for this session only) if an error was discovered in opening * the log file. Configuration setting is kept. Who knows, the * situation may be corrected later. */ if (logging) { if (strcmp(current_logfile, "") == 0) { strncpy(current_logfile, gen_instance_logname(IPMONLOG, instance_id), 80); if (!daemonized) input_logfile(current_logfile, &logging); } } if (logging) opentlog(&logfile, current_logfile); if (logfile == NULL) logging = 0; if (logging) signal(SIGUSR1, rotate_ipmon_log); setprotoent(1); rotate_flag = 0; writelog(logging, logfile, "******** IP traffic monitor started ********"); isdnfd = -1; exitloop = 0; gettimeofday(&tv, NULL); starttime = timeint = closedint = tv.tv_sec; while (!exitloop) { gettimeofday(&tv, NULL); now = tv.tv_sec; unow = tv.tv_sec * 1e+06 + tv.tv_usec; /* * Print timer at bottom of screen */ if (now - timeint >= 5) { printelapsedtime(starttime, now, othptbl.obmaxy - 1, 15, othptbl.borderwin); timeint = now; } /* * Automatically clear closed/timed out entries */ if ((options->closedint != 0) && ((now - closedint) / 60 >= options->closedint)) { flushclosedentries(&table, &screen_idx, logging, logfile, options); refreshtcpwin(&table, screen_idx, mode); closedint = now; } /* * Update screen at configured intervals. */ if (((options->updrate != 0) && (now - updtime >= options->updrate)) || ((options->updrate == 0) && (unow - updtime_usec >= DEFAULT_UPDATE_DELAY))) { update_panels(); doupdate(); updtime = now; updtime_usec = unow; } /* * If highlight bar is on some entry, update the flow rate * indicator after five seconds. */ if (table.barptr != NULL) { if ((now - table.barptr->starttime) >= 5) { update_flowrate(statwin, table.barptr, now, &statcleared, options->actmode); table.barptr->starttime = now; } } else { wattrset(statwin, IPSTATATTR); mvwprintw(statwin, 0, statx, "No TCP entries "); } /* * Terminate facility should a lifetime be specified at the * command line */ if ((facilitytime != 0) && (((now - starttime) / 60) >= facilitytime)) exitloop = 1; /* * Close and rotate log file if signal was received */ if ((rotate_flag == 1) && (logging)) { announce_rotate_prepare(logfile); write_tcp_unclosed(logging, logfile, &table); rotate_logfile(&logfile, target_logname); announce_rotate_complete(logfile); rotate_flag = 0; } getpacket(fd, tpacket, &fromaddr, &ch, &readlen, ifname, table.tcpscreen); if (ch != ERR) { if (keymode == 0) { switch (ch) { case KEY_UP: if (!curwin) { if (table.barptr != NULL) { if (table.barptr->prev_entry != NULL) { tmptcp = table.barptr; set_barptr((char **) &(table.barptr), (char *) table.barptr-> prev_entry, &(table.barptr->prev_entry-> starttime), (char *) &(table.barptr-> prev_entry->spanbr), sizeof(unsigned long), statwin, &statcleared, statx); printentry(&table, tmptcp, screen_idx, mode); if (table.baridx == 1) scrollupperwin(&table, SCROLLDOWN, &screen_idx, mode); else (table.baridx)--; printentry(&table, table.barptr, screen_idx, mode); } } } else scrolllowerwin(&othptbl, SCROLLDOWN); break; case KEY_DOWN: if (!curwin) { if (table.barptr != NULL) { if (table.barptr->next_entry != NULL) { tmptcp = table.barptr; set_barptr((char **) &(table.barptr), (char *) table.barptr-> next_entry, &(table.barptr->next_entry-> starttime), (char *) &(table.barptr-> next_entry->spanbr), sizeof(unsigned long), statwin, &statcleared, statx); printentry(&table, tmptcp, screen_idx, mode); if (table.baridx == table.imaxy) scrollupperwin(&table, SCROLLUP, &screen_idx, mode); else (table.baridx)++; printentry(&table, table.barptr, screen_idx, mode); } } } else scrolllowerwin(&othptbl, SCROLLUP); break; case KEY_RIGHT: if (curwin) { if (othptbl.strindex != VSCRL_OFFSET) othptbl.strindex = VSCRL_OFFSET; refresh_othwindow(&othptbl); } break; case KEY_LEFT: if (curwin) { if (othptbl.strindex != 0) othptbl.strindex = 0; refresh_othwindow(&othptbl); } break; case KEY_PPAGE: case '-': if (!curwin) { if (table.barptr != NULL) { pageupperwin(&table, SCROLLDOWN, &screen_idx, mode); set_barptr((char **) &(table.barptr), (char *) table.lastvisible, &(table.lastvisible->starttime), (char *) &(table.lastvisible-> spanbr), sizeof(unsigned long), statwin, &statcleared, statx); table.baridx = table.lastvisible->index - screen_idx + 1; refreshtcpwin(&table, screen_idx, mode); } } else { pagelowerwin(&othptbl, SCROLLDOWN); refresh_othwindow(&othptbl); } break; case KEY_NPAGE: case ' ': if (!curwin) { if (table.barptr != NULL) { pageupperwin(&table, SCROLLUP, &screen_idx, mode); set_barptr((char **) &(table.barptr), (char *) table.firstvisible, &(table.firstvisible->starttime), (char *) &(table.firstvisible-> spanbr), sizeof(unsigned long), statwin, &statcleared, statx); table.baridx = 1; refreshtcpwin(&table, screen_idx, mode); } } else { pagelowerwin(&othptbl, SCROLLUP); refresh_othwindow(&othptbl); } break; case KEY_F(6): case 'w': case 'W': case 9: curwin = !curwin; markactive(curwin, table.borderwin, othptbl.borderwin); uniq_help(curwin); break; case 'm': case 'M': if (!curwin) { mode = (mode + 1) % 3; if ((mode == 1) && (!options->mac)) mode = 2; refreshtcpwin(&table, screen_idx, mode); } break; case 12: case 'l': case 'L': tx_refresh_screen(); break; case 'F': case 'f': case 'c': case 'C': flushclosedentries(&table, &screen_idx, logging, logfile, options); refreshtcpwin(&table, screen_idx, mode); break; case 's': case 'S': keymode = 1; show_tcpsort_win(&sortwin, &sortpanel); break; case 'Q': case 'q': case 'X': case 'x': case 24: case 27: exitloop = 1; break; } } else if (keymode == 1) { keymode = 0; del_panel(sortpanel); delwin(sortwin); show_sort_statwin(&sortwin, &sortpanel); update_panels(); doupdate(); sortipents(&table, &screen_idx, ch, mode, logging, logfile, options->timeout, &nomem, options); if (table.barptr != NULL) { set_barptr((char **) &(table.barptr), (char *) table.firstvisible, &(table.firstvisible->starttime), (char *) &(table.firstvisible->spanbr), sizeof(unsigned long), statwin, &statcleared, statx); table.baridx = 1; } refreshtcpwin(&table, screen_idx, mode); del_panel(sortpanel); delwin(sortwin); update_panels(); doupdate(); } } if (readlen > 0) { total_pkts++; show_stats(statwin, total_pkts); pkt_result = processpacket((char *) tpacket, &packet, &readlen, &br, &sport, &dport, &fromaddr, &linktype, ofilter, MATCH_OPPOSITE_ALWAYS, ifname, ifptr); if (pkt_result != PACKET_OK) continue; if (fromaddr.sll_protocol != ETH_P_IP) { othpent = add_othp_entry(&othptbl, &table, 0, 0, NOT_IP, fromaddr.sll_protocol, linktype, (char *) tpacket, (char *) packet, br, ifname, 0, 0, 0, logging, logfile, options->servnames, 0, &nomem); continue; } else { ippacket = (struct iphdr *) packet; iphlen = ippacket->ihl * 4; transpacket = (struct tcphdr *) (packet + iphlen); if (ippacket->protocol == IPPROTO_TCP) { tcpentry = in_table(&table, ippacket->saddr, ippacket->daddr, ntohs(sport), ntohs(dport), ifname, logging, logfile, &nomem, options); /* * Add a new entry if it doesn't exist, and, * to reduce the chances of stales, not a FIN. */ if ((ntohs(ippacket->frag_off) & 0x3fff) == 0) { /* first frag only */ totalhlen = iphlen + transpacket->doff * 4; if ((tcpentry == NULL) && (!(transpacket->fin))) { /* * Ok, so we have a packet. Add it if this connection * is not yet closed, or if it is a SYN packet. */ if (!nomem) { wasempty = (table.head == NULL); tcpentry = addentry(&table, (unsigned long) ippacket->saddr, (unsigned long) ippacket->daddr, sport, dport, ippacket->protocol, ifname, &revlook, rvnfd, options->servnames, &nomem); if (tcpentry != NULL) { printentry(&table, tcpentry->oth_connection, screen_idx, mode); if (wasempty) { set_barptr((char **) &(table.barptr), (char *) table. firstvisible, &(table.firstvisible-> starttime), (char *) &(table. firstvisible-> spanbr), sizeof(unsigned long), statwin, &statcleared, statx); table.baridx = 1; } if ((table.barptr == tcpentry) || (table.barptr == tcpentry->oth_connection)) set_barptr((char **) &(table.barptr), (char *) table.barptr, &(table.barptr-> starttime), (char *) &(table. barptr-> spanbr), sizeof(unsigned long), statwin, &statcleared, statx); } } } } /* * If we had an addentry() success, we should have no * problem here. Same thing if we had a table lookup * success. */ if (tcpentry != NULL) { /* * Don't bother updating the entry if the connection * has been previously reset. (Does this really * happen in practice?) */ if (!(tcpentry->stat & FLAG_RST)) { if (revlook) { p_sstat = tcpentry->s_fstat; p_dstat = tcpentry->d_fstat; } updateentry(&table, tcpentry, transpacket, tpacket, linktype, readlen, br, ippacket->frag_off, logging, &revlook, rvnfd, options, logfile, &nomem); /* * Log first packet of a TCP connection except if * it's a RST, which was already logged earlier in * updateentry() */ if ((tcpentry->pcount == 1) && (!(tcpentry->stat & FLAG_RST)) && (logging)) { strcpy(msgstring, "first packet"); if (transpacket->syn) strcat(msgstring, " (SYN)"); writetcplog(logging, logfile, tcpentry, readlen, options->mac, msgstring); } if ((revlook) && (((p_sstat != RESOLVED) && (tcpentry->s_fstat == RESOLVED)) || ((p_dstat != RESOLVED) && (tcpentry->d_fstat == RESOLVED)))) { clearaddr(&table, tcpentry, screen_idx); clearaddr(&table, tcpentry->oth_connection, screen_idx); } printentry(&table, tcpentry, screen_idx, mode); /* * Special cases: Update other direction if it's * an ACK in response to a FIN. * * -- or -- * * Addresses were just resolved for the other * direction, so we should also do so here. */ if (((tcpentry->oth_connection->finsent == 2) && /* FINed and ACKed */ (ntohl(transpacket->seq) == tcpentry->oth_connection->finack)) || ((revlook) && (((p_sstat != RESOLVED) && (tcpentry->s_fstat == RESOLVED)) || ((p_dstat != RESOLVED) && (tcpentry->d_fstat == RESOLVED))))) printentry(&table, tcpentry->oth_connection, screen_idx, mode); } } } else { /* now for the other IP protocols */ fragment = ((ntohs(ippacket->frag_off) & 0x1fff) != 0); if (ippacket->protocol == IPPROTO_ICMP) { /* * Cancel the corresponding TCP entry if an ICMP * Destination Unreachable or TTL Exceeded message * is received. */ if (((struct icmphdr *) transpacket)->type == ICMP_DEST_UNREACH) process_dest_unreach(&table, (char *) transpacket, ifname, &nomem); } othpent = add_othp_entry(&othptbl, &table, ippacket->saddr, ippacket->daddr, IS_IP, ippacket->protocol, linktype, (char *) tpacket, (char *) transpacket, readlen, ifname, &revlook, rvnfd, options->timeout, logging, logfile, options->servnames, fragment, &nomem); } } } } if (get_instance_count(ITRAFMONCOUNTFILE) <= 1) killrvnamed(); if (options->servnames) endservent(); endprotoent(); close_rvn_socket(rvnfd); if ((options->promisc) && (is_last_instance())) { load_promisc_list(&promisc_list); srpromisc(0, promisc_list); destroy_promisc_list(&promisc_list); } adjust_instance_count(PROCCOUNTFILE, -1); adjust_instance_count(ITRAFMONCOUNTFILE, -1); attrset(STDATTR); mvprintw(0, COLS - 20, " "); del_panel(table.tcppanel); del_panel(table.borderpanel); del_panel(othptbl.othppanel); del_panel(othptbl.borderpanel); del_panel(statpanel); update_panels(); doupdate(); delwin(table.tcpscreen); delwin(table.borderwin); delwin(othptbl.othpwin); delwin(othptbl.borderwin); delwin(statwin); close(fd); destroytcptable(&table); destroyothptable(&othptbl); pkt_cleanup(); writelog(logging, logfile, "******** IP traffic monitor stopped ********\n"); unmark_facility(IPMONIDFILE, ifptr); if (logfile != NULL) fclose(logfile); strcpy(current_logfile, ""); signal(SIGUSR1, SIG_DFL); return; } iptraf-3.0.0/src/options.c0100644000076400000000000002634410311472356014311 0ustar rikerroot/*** options.c - implements the configuration section of the utility Written by Gerard Paul Java Copyright (c) Gerard Paul Java 1997, 1998 This software is open source; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 2 of the License, or (at your option) any later version. This program is distributed WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License in the included COPYING file for details. ***/ #include #include #include #include #include #include #include #include #include #include #include "links.h" #include "serv.h" #include "options.h" #include "deskman.h" #include "attrs.h" #include "landesc.h" #include "promisc.h" #include "dirs.h" #include "instances.h" #define ALLOW_ZERO 1 #define DONT_ALLOW_ZERO 0 void makeoptionmenu(struct MENU *menu) { tx_initmenu(menu, 19, 40, (LINES - 19) / 2 - 1, (COLS - 40) / 16, BOXATTR, STDATTR, HIGHATTR, BARSTDATTR, BARHIGHATTR, DESCATTR); tx_additem(menu, " ^R^everse DNS lookups", "Toggles resolution of IP addresses into host names"); tx_additem(menu, " TCP/UDP ^s^ervice names", "Displays TCP/UDP service names instead of numeric ports"); tx_additem(menu, " Force ^p^romiscuous mode", "Toggles capture of all packets by LAN interfaces"); tx_additem(menu, " ^C^olor", "Turns color on or off (restart IPTraf to effect change)"); tx_additem(menu, " ^L^ogging", "Toggles logging of traffic to a data file"); tx_additem(menu, " Acti^v^ity mode", "Toggles activity indicators between kbits/s and kbytes/s"); tx_additem(menu, " Source ^M^AC addrs in traffic monitor", "Toggles display of source MAC addresses in the IP Traffic Monitor"); tx_additem(menu, NULL, NULL); tx_additem(menu, " ^T^imers...", "Configures timeouts and intervals"); tx_additem(menu, NULL, NULL); tx_additem(menu, " ^A^dditional ports...", "Allows you to add port numbers higher than 1023 for the service stats"); tx_additem(menu, " ^D^elete port/range...", "Deletes a port or range of ports earlier added"); tx_additem(menu, NULL, NULL); tx_additem(menu, " ^E^thernet/PLIP host descriptions...", "Manages descriptions for Ethernet and PLIP addresses"); tx_additem(menu, " ^F^DDI/Token Ring host descriptions...", "Manages descriptions for FDDI and FDDI addresses"); tx_additem(menu, NULL, NULL); tx_additem(menu, " E^x^it configuration", "Returns to main menu"); } void maketimermenu(struct MENU *menu) { tx_initmenu(menu, 8, 35, (LINES - 19) / 2 + 7, (COLS - 35) / 2, BOXATTR, STDATTR, HIGHATTR, BARSTDATTR, BARHIGHATTR, DESCATTR); tx_additem(menu, " TCP ^t^imeout...", "Sets the length of time before inactive TCP entries are considered idle"); tx_additem(menu, " ^L^ogging interval...", "Sets the time between loggings for interface, host, and service stats"); tx_additem(menu, " ^S^creen update interval...", "Sets the screen update interval in seconds (set to 0 for fastest updates)"); tx_additem(menu, " TCP closed/idle ^p^ersistence...", "Determines how long closed/idle/reset entries stay onscreen"); tx_additem(menu, NULL, NULL); tx_additem(menu, " E^x^it menu", "Returns to the configuration menu"); } void printoptonoff(unsigned int option, WINDOW * win) { if (option) wprintw(win, " On"); else wprintw(win, "Off"); } void indicatesetting(int row, struct OPTIONS *options, WINDOW * win) { wmove(win, row, 30); wattrset(win, HIGHATTR); switch (row) { case 1: printoptonoff(options->revlook, win); break; case 2: printoptonoff(options->servnames, win); break; case 3: printoptonoff(options->promisc, win); break; case 4: printoptonoff(options->color, win); break; case 5: printoptonoff(options->logging, win); break; case 6: wmove(win, row, 25); if (options->actmode == KBITS) wprintw(win, " kbits/s"); else wprintw(win, "kbytes/s"); break; case 7: printoptonoff(options->mac, win); break; } } void saveoptions(struct OPTIONS *options) { int fd; int bw; int response; fd = open(CONFIGFILE, O_CREAT | O_TRUNC | O_WRONLY, S_IRUSR | S_IWUSR); if (fd < 0) { tx_errbox("Cannot create config file", ANYKEY_MSG, &response); return; } bw = write(fd, options, sizeof(struct OPTIONS)); if (bw < 0) tx_errbox("Unable to write config file", ANYKEY_MSG, &response); close(fd); } void setdefaultopts(struct OPTIONS *options) { options->revlook = 0; options->promisc = 0; options->servnames = 0; options->color = 1; options->logging = 0; options->actmode = KBITS; options->mac = 0; options->timeout = 15; options->logspan = 3600; options->updrate = 0; options->closedint = 0; } void loadoptions(struct OPTIONS *options) { int fd; int br; setdefaultopts(options); fd = open(CONFIGFILE, O_RDONLY); if (fd < 0) return; br = read(fd, options, sizeof(struct OPTIONS)); close(fd); } void updatetimes(struct OPTIONS *options, WINDOW * win) { wattrset(win, HIGHATTR); mvwprintw(win, 9, 25, "%3u mins", options->timeout); mvwprintw(win, 10, 25, "%3u mins", options->logspan / 60); mvwprintw(win, 11, 25, "%3u secs", options->updrate); mvwprintw(win, 12, 25, "%3u mins", options->closedint); } void showoptions(struct OPTIONS *options, WINDOW * win) { int i; for (i = 1; i <= 7; i++) indicatesetting(i, options, win); updatetimes(options, win); } void settimeout(unsigned int *value, const char *units, int allow_zero, int *aborted) { WINDOW *dlgwin; PANEL *dlgpanel; struct FIELDLIST field; int resp; unsigned int tmval = 0; dlgwin = newwin(7, 40, (LINES - 7) / 2, (COLS - 40) / 4); dlgpanel = new_panel(dlgwin); wattrset(dlgwin, DLGBOXATTR); tx_colorwin(dlgwin); tx_box(dlgwin, ACS_VLINE, ACS_HLINE); wattrset(dlgwin, DLGTEXTATTR); wmove(dlgwin, 2, 2); wprintw(dlgwin, "Enter value in %s", units); wmove(dlgwin, 5, 2); stdkeyhelp(dlgwin); tx_initfields(&field, 1, 10, (LINES - 7) / 2 + 3, (COLS - 40) / 4 + 2, DLGTEXTATTR, FIELDATTR); tx_addfield(&field, 3, 0, 0, ""); do { tx_fillfields(&field, aborted); if (!(*aborted)) { tmval = atoi(field.list->buf); if ((!allow_zero) && (tmval == 0)) tx_errbox("Invalid timeout value", ANYKEY_MSG, &resp); } } while (((!allow_zero) && (tmval == 0)) && (!(*aborted))); if (!(*aborted)) *value = tmval; del_panel(dlgpanel); delwin(dlgwin); tx_destroyfields(&field); update_panels(); doupdate(); } void setoptions(struct OPTIONS *options, struct porttab **ports) { int row = 1; int trow = 1; /* row for timer submenu */ int aborted; int resp; struct MENU menu; struct MENU timermenu; WINDOW *statwin; PANEL *statpanel; if (!is_first_instance) { tx_errbox("Only the first instance of IPTraf can configure", ANYKEY_MSG, &resp); return; } makeoptionmenu(&menu); statwin = newwin(14, 35, (LINES - 19) / 2 - 1, (COLS - 40) / 16 + 40); statpanel = new_panel(statwin); wattrset(statwin, BOXATTR); tx_colorwin(statwin); tx_box(statwin, ACS_VLINE, ACS_HLINE); wmove(statwin, 8, 1); whline(statwin, ACS_HLINE, 33); mvwprintw(statwin, 0, 1, " Current Settings "); wattrset(statwin, STDATTR); mvwprintw(statwin, 1, 2, "Reverse DNS lookups:"); mvwprintw(statwin, 2, 2, "Service names:"); mvwprintw(statwin, 3, 2, "Promiscuous:"); mvwprintw(statwin, 4, 2, "Color:"); mvwprintw(statwin, 5, 2, "Logging:"); mvwprintw(statwin, 6, 2, "Activity mode:"); mvwprintw(statwin, 7, 2, "MAC addresses:"); mvwprintw(statwin, 9, 2, "TCP timeout:"); mvwprintw(statwin, 10, 2, "Log interval:"); mvwprintw(statwin, 11, 2, "Update interval:"); mvwprintw(statwin, 12, 2, "Closed/idle persist:"); showoptions(options, statwin); do { tx_showmenu(&menu); tx_operatemenu(&menu, &row, &aborted); switch (row) { case 1: options->revlook = ~(options->revlook); break; case 2: options->servnames = ~(options->servnames); break; case 3: options->promisc = ~(options->promisc); break; case 4: options->color = ~(options->color); break; case 5: options->logging = ~(options->logging); break; case 6: options->actmode = ~(options->actmode); break; case 7: options->mac = ~(options->mac); break; case 9: maketimermenu(&timermenu); trow = 1; do { tx_showmenu(&timermenu); tx_operatemenu(&timermenu, &trow, &aborted); switch (trow) { case 1: settimeout(&(options->timeout), "minutes", DONT_ALLOW_ZERO, &aborted); if (!aborted) updatetimes(options, statwin); break; case 2: settimeout((unsigned int *) &(options->logspan), "minutes", DONT_ALLOW_ZERO, &aborted); if (!aborted) { options->logspan = options->logspan * 60; updatetimes(options, statwin); } break; case 3: settimeout(&options->updrate, "seconds", ALLOW_ZERO, &aborted); if (!aborted) updatetimes(options, statwin); break; case 4: settimeout(&options->closedint, "minutes", ALLOW_ZERO, &aborted); if (!aborted) updatetimes(options, statwin); break; } } while (trow != 6); tx_destroymenu(&timermenu); update_panels(); doupdate(); break; case 11: addmoreports(ports); break; case 12: removeaport(ports); break; case 14: ethdescmgr(LINK_ETHERNET); break; case 15: ethdescmgr(LINK_FDDI); break; } indicatesetting(row, options, statwin); } while (row != 17); tx_destroymenu(&menu); del_panel(statpanel); delwin(statwin); update_panels(); doupdate(); } iptraf-3.0.0/src/fltselect.h0100644000076400000000000000110410311472356014573 0ustar rikerroot /*** othfilter.h - declarations for the non-TCP filter module Written by Gerard Paul Java Copyright (c) Gerard Paul Java 1997 ***/ #include #include #include "ipfilter.h" struct filterstate { char filename[FLT_FILENAME_MAX]; int filtercode; struct filterlist fl; unsigned int arp:1, rarp:1, nonip:1, padding:13; }; void config_filters(struct filterstate *filter); void loadfilters(struct filterstate *filter); void savefilters(struct filterstate *filter); int nonipfilter(struct filterstate *filter, unsigned int protocol); iptraf-3.0.0/src/othptab.c0100644000076400000000000005145210311472356014255 0ustar rikerroot/*** othptab.c - non-TCP protocol display module Written by Gerard Paul Java Copyright (c) Gerard Paul Java 1997, 1998 This software is open source; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 2 of the License, or (at your option) any later version. This program is distributed WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License in the included COPYING file for details. ***/ #include #include #include #include #include #include "arphdr.h" #include "options.h" #include "tcptable.h" #include "othptab.h" #include "deskman.h" #include "attrs.h" #include "log.h" #include "revname.h" #include "rvnamed.h" #include "links.h" #define MSGSTRING_MAX 240 #define SHORTSTRING_MAX 40 void convmacaddr(char *addr, char *result); /* external; from hostmon.c */ void writeothplog(int logging, FILE * fd, char *protname, char *description, char *additional, int is_ip, int withmac, struct othptabent *entry); void init_othp_table(struct othptable *table, int mac) { unsigned int winht; unsigned int wintop; unsigned int obmaxx; winht = LINES - (LINES * 0.6) - 2; wintop = (LINES * 0.6) + 1; table->count = 0; table->lastpos = 0; table->strindex = 0; table->htstat = NOHTIND; table->head = table->tail = NULL; table->firstvisible = table->lastvisible = NULL; table->borderwin = newwin(winht, COLS, wintop, 0); table->borderpanel = new_panel(table->borderwin); wattrset(table->borderwin, BOXATTR); tx_box(table->borderwin, ACS_VLINE, ACS_HLINE); table->head = table->tail = NULL; table->othpwin = newwin(winht - 2, COLS - 2, wintop + 1, 1); table->othppanel = new_panel(table->othpwin); wattrset(table->othpwin, STDATTR); tx_colorwin(table->othpwin); update_panels(); doupdate(); tx_stdwinset(table->othpwin); getmaxyx(table->borderwin, table->obmaxy, obmaxx); table->oimaxy = table->obmaxy - 2; table->mac = mac; } void process_dest_unreach(struct tcptable *table, char *packet, char *ifname, int *nomem) { struct iphdr *ip; struct tcphdr *tcp; struct tcptableent *tcpentry; ip = (struct iphdr *) (packet + 8); if (ip->protocol != IPPROTO_TCP) return; tcp = (struct tcphdr *) (packet + 8 + (ip->ihl * 4)); /* * We really won't be making use of nomem here. Timeout checking * won't be performed either, so we just pass NULL as the pointer * to the configuration structure. in_table() will recognize this * and set its internal timeout variable to 0. */ tcpentry = in_table(table, ip->saddr, ip->daddr, ntohs(tcp->source), ntohs(tcp->dest), ifname, 0, NULL, nomem, NULL); if (tcpentry != NULL) { tcpentry->stat = tcpentry->oth_connection->stat = FLAG_RST; addtoclosedlist(table, tcpentry, nomem); } } struct othptabent *add_othp_entry(struct othptable *table, struct tcptable *tcptab, unsigned long saddr, unsigned long daddr, int is_ip, int protocol, unsigned short linkproto, char *packet, char *packet2, unsigned int br, char *ifname, int *rev_lookup, int rvnfd, unsigned int tm, int logging, FILE * logfile, int servnames, int fragment, int *nomem) { struct othptabent *new_entry; struct othptabent *temp; struct in_addr isaddr, idaddr; new_entry = malloc(sizeof(struct othptabent)); if (new_entry == NULL) { printnomem(); *nomem = 1; return NULL; } bzero(new_entry, sizeof(struct othptabent)); new_entry->is_ip = is_ip; new_entry->fragment = fragment; if ((table->mac) || (!is_ip)) { if ((linkproto == LINK_ETHERNET) || (linkproto == LINK_PLIP)) { convmacaddr(((struct ethhdr *) packet)->h_source, new_entry->smacaddr); convmacaddr(((struct ethhdr *) packet)->h_dest, new_entry->dmacaddr); } else if (linkproto == LINK_FDDI) { convmacaddr(((struct fddihdr *) packet)->saddr, new_entry->smacaddr); convmacaddr(((struct fddihdr *) packet)->daddr, new_entry->dmacaddr); } else if (linkproto == LINK_TR) { convmacaddr(((struct trh_hdr *) packet)->saddr, new_entry->smacaddr); convmacaddr(((struct trh_hdr *) packet)->daddr, new_entry->dmacaddr); } } if (is_ip) { new_entry->saddr = isaddr.s_addr = saddr; new_entry->daddr = idaddr.s_addr = daddr; revname(rev_lookup, &isaddr, new_entry->s_fqdn, rvnfd); revname(rev_lookup, &idaddr, new_entry->d_fqdn, rvnfd); if (!fragment) { if (protocol == IPPROTO_ICMP) { new_entry->un.icmp.type = ((struct icmphdr *) packet2)->type; new_entry->un.icmp.code = ((struct icmphdr *) packet2)->code; } else if (protocol == IPPROTO_UDP) { servlook(servnames, ((struct udphdr *) packet2)->source, IPPROTO_UDP, new_entry->un.udp.s_sname, 10); servlook(servnames, ((struct udphdr *) packet2)->dest, IPPROTO_UDP, new_entry->un.udp.d_sname, 10); } else if (protocol == IPPROTO_OSPFIGP) { new_entry->un.ospf.type = ((struct ospfhdr *) packet2)->ospf_type; new_entry->un.ospf.area = ntohl(((struct ospfhdr *) packet2)->ospf_areaid. s_addr); strcpy(new_entry->un.ospf.routerid, inet_ntoa(((struct ospfhdr *) packet2)->ospf_routerid)); } } } else { new_entry->linkproto = linkproto; if (protocol == ETH_P_ARP) { new_entry->un.arp.opcode = ((struct arp_hdr *) packet2)->ar_op; memcpy(&(new_entry->un.arp.src_ip_address), &(((struct arp_hdr *) packet2)->ar_sip), 4); memcpy(&(new_entry->un.arp.dest_ip_address), &(((struct arp_hdr *) packet2)->ar_tip), 4); } else if (protocol == ETH_P_RARP) { new_entry->un.rarp.opcode = ((struct arphdr *) packet2)->ar_op; memcpy(&(new_entry->un.rarp.src_mac_address), &(((struct arp_hdr *) packet2)->ar_sha), 6); memcpy(&(new_entry->un.rarp.dest_mac_address), &(((struct arp_hdr *) packet2)->ar_tha), 6); } } new_entry->protocol = protocol; strcpy(new_entry->iface, ifname); new_entry->pkt_length = br; if (table->head == NULL) { new_entry->prev_entry = NULL; table->head = new_entry; table->firstvisible = new_entry; } /* * Max number of entries in the lower window is 512. Upon reaching * this figure, oldest entries are thrown out. */ if (table->count == 512) { if (table->firstvisible == table->head) { wscrl(table->othpwin, 1); printothpentry(table, table->lastvisible->next_entry, table->oimaxy - 1, logging, logfile); table->firstvisible = table->firstvisible->next_entry; table->lastvisible = table->lastvisible->next_entry; } temp = table->head; table->head = table->head->next_entry; table->head->prev_entry = NULL; free(temp); } else table->count++; if (table->tail != NULL) { new_entry->prev_entry = table->tail; table->tail->next_entry = new_entry; } table->tail = new_entry; new_entry->next_entry = NULL; table->lastpos++; new_entry->index = table->lastpos; if (table->count <= table->oimaxy) { table->lastvisible = new_entry; printothpentry(table, new_entry, table->count - 1, logging, logfile); } else if (table->lastvisible == table->tail->prev_entry) { wscrl(table->othpwin, 1); table->firstvisible = table->firstvisible->next_entry; table->lastvisible = table->tail; printothpentry(table, new_entry, table->oimaxy - 1, logging, logfile); } return new_entry; } /* * Function to retrieve non-IP packet tags. No further details are * provided beyond the type. */ char *packetlookup(unsigned int protocol) { unsigned int i = 0; static struct packetstruct packettypes[] = { {"DEC MOP dump/load", 0x6001}, {"DEC MOP remote console", 0x6002}, {"DEC DECnet Phase IV", 0x6003}, {"DEC LAT", 0x6004}, {"DEC DECnet Diagnostics", 0x6005}, {"DEC DECnet Customer Use", 0x6006}, {"DEC DECnet SCA", 0x6007}, {"IPX", 0x8137}, {NULL, 0x0} }; while ((packettypes[i].packet_name != NULL) && (packettypes[i].protocol != protocol)) i++; return packettypes[i].packet_name; } void printothpentry(struct othptable *table, struct othptabent *entry, unsigned int target_row, int logging, FILE * logfile) { char protname[SHORTSTRING_MAX]; char description[SHORTSTRING_MAX]; char additional[MSGSTRING_MAX]; char msgstring[MSGSTRING_MAX]; char scratchpad[MSGSTRING_MAX]; char sp_buf[SHORTSTRING_MAX]; char *startstr; char *packet_type; struct in_addr saddr; char rarp_mac_addr[15]; unsigned int unknown = 0; struct protoent *protptr; sprintf(sp_buf, "%%%dc", COLS - 2); wmove(table->borderwin, table->obmaxy - 1, 1); if ((table->lastvisible == table->tail) && (table->htstat != TIND) && (table->count >= table->oimaxy)) { wprintw(table->borderwin, " Bottom "); table->htstat = TIND; } else if ((table->firstvisible == table->head) && (table->htstat != HIND)) { wprintw(table->borderwin, " Top "); table->htstat = HIND; } if (!(entry->is_ip)) { wmove(table->othpwin, target_row, 0); scrollok(table->othpwin, 0); wattrset(table->othpwin, UNKNATTR); wprintw(table->othpwin, sp_buf, ' '); scrollok(table->othpwin, 1); wmove(table->othpwin, target_row, 1); switch (entry->protocol) { case ETH_P_ARP: sprintf(msgstring, "ARP "); switch (ntohs(entry->un.arp.opcode)) { case ARPOP_REQUEST: strcat(msgstring, "request for "); memcpy(&(saddr.s_addr), entry->un.arp.dest_ip_address, 4); break; case ARPOP_REPLY: strcat(msgstring, "reply from "); memcpy(&(saddr.s_addr), entry->un.arp.src_ip_address, 4); break; } sprintf(scratchpad, inet_ntoa(saddr)); strcat(msgstring, scratchpad); wattrset(table->othpwin, ARPATTR); break; case ETH_P_RARP: sprintf(msgstring, "RARP "); memset(rarp_mac_addr, 0, 15); switch (ntohs(entry->un.rarp.opcode)) { case ARPOP_RREQUEST: strcat(msgstring, "request for "); convmacaddr(entry->un.rarp.dest_mac_address, rarp_mac_addr); break; case ARPOP_RREPLY: strcat(msgstring, "reply from "); convmacaddr(entry->un.rarp.src_mac_address, rarp_mac_addr); break; } sprintf(scratchpad, rarp_mac_addr); strcat(msgstring, scratchpad); wattrset(table->othpwin, ARPATTR); break; default: packet_type = packetlookup(entry->protocol); if (packet_type == NULL) sprintf(msgstring, "Non-IP (0x%x)", entry->protocol); else sprintf(msgstring, "Non-IP (%s)", packet_type); wattrset(table->othpwin, UNKNATTR); } strcpy(protname, msgstring); sprintf(scratchpad, " (%u bytes)", entry->pkt_length); strcat(msgstring, scratchpad); if ((entry->linkproto == LINK_ETHERNET) || (entry->linkproto == LINK_PLIP) || (entry->linkproto == LINK_FDDI)) { sprintf(scratchpad, " from %s to %s on %s", entry->smacaddr, entry->dmacaddr, entry->iface); strcat(msgstring, scratchpad); } startstr = msgstring + table->strindex; waddnstr(table->othpwin, startstr, COLS - 4); writeothplog(logging, logfile, protname, "", "", 0, 0, entry); return; } strcpy(additional, ""); strcpy(description, ""); switch (entry->protocol) { case IPPROTO_UDP: wattrset(table->othpwin, UDPATTR); strcpy(protname, "UDP"); break; case IPPROTO_ICMP: wattrset(table->othpwin, STDATTR); strcpy(protname, "ICMP"); break; case IPPROTO_OSPFIGP: wattrset(table->othpwin, OSPFATTR); strcpy(protname, "OSPF"); break; case IPPROTO_IGP: wattrset(table->othpwin, IGPATTR); strcpy(protname, "IGP"); break; case IPPROTO_IGMP: wattrset(table->othpwin, IGMPATTR); strcpy(protname, "IGMP"); break; case IPPROTO_IGRP: wattrset(table->othpwin, IGRPATTR); strcpy(protname, "IGRP"); break; case IPPROTO_GRE: wattrset(table->othpwin, GREATTR); strcpy(protname, "GRE"); break; default: wattrset(table->othpwin, UNKNIPATTR); protptr = getprotobynumber(entry->protocol); if (protptr != NULL) { sprintf(protname, protptr->p_aliases[0]); } else { sprintf(protname, "IP protocol"); unknown = 1; } } if (!(entry->fragment)) { if (entry->protocol == IPPROTO_ICMP) { switch (entry->un.icmp.type) { case ICMP_ECHOREPLY: strcpy(description, "echo rply"); break; case ICMP_ECHO: strcpy(description, "echo req"); break; case ICMP_DEST_UNREACH: strcpy(description, "dest unrch"); switch (entry->un.icmp.code) { case ICMP_NET_UNREACH: strcpy(additional, "ntwk"); break; case ICMP_HOST_UNREACH: strcpy(additional, "host"); break; case ICMP_PROT_UNREACH: strcpy(additional, "proto"); break; case ICMP_PORT_UNREACH: strcpy(additional, "port"); break; case ICMP_FRAG_NEEDED: strcpy(additional, "DF set"); break; case ICMP_SR_FAILED: strcpy(additional, "src rte fail"); break; case ICMP_NET_UNKNOWN: strcpy(additional, "net unkn"); break; case ICMP_HOST_UNKNOWN: strcpy(additional, "host unkn"); break; case ICMP_HOST_ISOLATED: strcpy(additional, "src isltd"); break; case ICMP_NET_ANO: strcpy(additional, "net comm denied"); break; case ICMP_HOST_ANO: strcpy(additional, "host comm denied"); break; case ICMP_NET_UNR_TOS: strcpy(additional, "net unrch for TOS"); break; case ICMP_HOST_UNR_TOS: strcpy(additional, "host unrch for TOS"); break; case ICMP_PKT_FILTERED: strcpy(additional, "pkt fltrd"); break; case ICMP_PREC_VIOLATION: strcpy(additional, "prec violtn"); break; case ICMP_PREC_CUTOFF: strcpy(additional, "prec cutoff"); break; } break; case ICMP_SOURCE_QUENCH: strcpy(description, "src qnch"); break; case ICMP_REDIRECT: strcpy(description, "redirct"); break; case ICMP_TIME_EXCEEDED: strcpy(description, "time excd"); break; case ICMP_PARAMETERPROB: strcpy(description, "param prob"); break; case ICMP_TIMESTAMP: strcpy(description, "timestmp req"); break; case ICMP_INFO_REQUEST: strcpy(description, "info req"); break; case ICMP_INFO_REPLY: strcpy(description, "info rep"); break; case ICMP_ADDRESS: strcpy(description, "addr mask req"); break; case ICMP_ADDRESSREPLY: strcpy(description, "addr mask rep"); break; default: strcpy(description, "bad/unkn"); break; } } else if (entry->protocol == IPPROTO_OSPFIGP) { switch (entry->un.ospf.type) { case OSPF_TYPE_HELLO: strcpy(description, "hlo"); break; case OSPF_TYPE_DB: strcpy(description, "DB desc"); break; case OSPF_TYPE_LSR: strcpy(description, "LSR"); break; case OSPF_TYPE_LSU: strcpy(description, "LSU"); break; case OSPF_TYPE_LSA: strcpy(description, "LSA"); break; } sprintf(additional, "a=%lu r=%s", entry->un.ospf.area, entry->un.ospf.routerid); } } else strcpy(description, "fragment"); strcpy(msgstring, protname); strcat(msgstring, " "); if (strcmp(description, "") != 0) { strcat(msgstring, description); strcat(msgstring, " "); } if (strcmp(additional, "") != 0) { sprintf(scratchpad, "(%s) ", additional); strcat(msgstring, scratchpad); } if (unknown) { sprintf(scratchpad, "%u ", entry->protocol); strcat(msgstring, scratchpad); } sprintf(scratchpad, "(%u bytes) ", entry->pkt_length); strcat(msgstring, scratchpad); if ((entry->protocol == IPPROTO_UDP) && (!(entry->fragment))) { sprintf(scratchpad, "from %.25s:%s to %.25s:%s", entry->s_fqdn, entry->un.udp.s_sname, entry->d_fqdn, entry->un.udp.d_sname); } else { sprintf(scratchpad, "from %.25s to %.25s", entry->s_fqdn, entry->d_fqdn); } strcat(msgstring, scratchpad); if (((entry->smacaddr)[0] != '\0') && (table->mac)) { snprintf(scratchpad, MSGSTRING_MAX, " (src HWaddr %s)", entry->smacaddr); strcat(msgstring, scratchpad); } strcat(msgstring, " on "); strcat(msgstring, entry->iface); wmove(table->othpwin, target_row, 0); scrollok(table->othpwin, 0); wprintw(table->othpwin, sp_buf, ' '); scrollok(table->othpwin, 1); wmove(table->othpwin, target_row, 1); startstr = msgstring + table->strindex; waddnstr(table->othpwin, startstr, COLS - 4); if (logging) writeothplog(logging, logfile, protname, description, additional, 1, table->mac, entry); } void refresh_othwindow(struct othptable *table) { int target_row = 0; struct othptabent *entry; wattrset(table->othpwin, STDATTR); tx_colorwin(table->othpwin); entry = table->firstvisible; while ((entry != NULL) && (entry != table->lastvisible->next_entry)) { printothpentry(table, entry, target_row, 0, (FILE *) NULL); target_row++; entry = entry->next_entry; } update_panels(); doupdate(); } void destroyothptable(struct othptable *table) { struct othptabent *ctemp; struct othptabent *ctemp_next; if (table->head != NULL) { ctemp = table->head; ctemp_next = table->head->next_entry; while (ctemp != NULL) { free(ctemp); ctemp = ctemp_next; if (ctemp_next != NULL) ctemp_next = ctemp_next->next_entry; } } } iptraf-3.0.0/src/revname.c0100644000076400000000000001272110311472356014245 0ustar rikerroot/*** revname.c - reverse DNS resolution module for IPTraf. As of IPTraf 1.1, this module now communicates with the rvnamed process to resolve in the background while allowing the foreground process to continue with the interim IP addresses in the meantime. Written by Gerard Paul Java Copyright (c) Gerard Paul Java 1998 This software is open source; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 2 of the License, or (at your option) any later version. This program is distributed WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License in the included COPYING file for details. ***/ #include #include #include #include #include #include #include #include #include #include #include #include #include #include "deskman.h" #include "getpath.h" #include "rvnamed.h" char revname_socket[80]; char *gen_unix_sockname(void) { static char scratch[80]; srandom(time(NULL)); snprintf(scratch, 80, "%s-%lu%d%ld", SOCKET_PREFIX, time(NULL), getpid(), random()); return scratch; } int rvnamedactive(void) { int fd; fd_set sockset; struct rvn rpkt; struct sockaddr_un su; int sstat; struct timeval tv; int fr; int br; char unix_socket[80]; strncpy(unix_socket, get_path(T_WORKDIR, gen_unix_sockname()), 80); unlink(unix_socket); fd = socket(PF_UNIX, SOCK_DGRAM, 0); su.sun_family = AF_UNIX; strcpy(su.sun_path, unix_socket); bind(fd, (struct sockaddr *) &su, sizeof(su.sun_family) + strlen(su.sun_path)); su.sun_family = AF_UNIX; strcpy(su.sun_path, IPTSOCKNAME); rpkt.type = RVN_HELLO; sendto(fd, &rpkt, sizeof(struct rvn), 0, (struct sockaddr *) &su, sizeof(su.sun_family) + strlen(su.sun_path)); tv.tv_sec = 1; tv.tv_usec = 0; FD_ZERO(&sockset); FD_SET(fd, &sockset); do { sstat = select(fd + 1, &sockset, NULL, NULL, &tv); } while ((sstat < 0) && (errno != ENOMEM) && (errno == EINTR)); if (sstat == 1) { fr = sizeof(su.sun_family) + strlen(su.sun_path); do { br = recvfrom(fd, &rpkt, sizeof(struct rvn), 0, (struct sockaddr *) &su, &fr); } while ((br < 0) && (errno == EINTR)); if (br < 0) printipcerr(); } close(fd); unlink(unix_socket); if (sstat == 0) return 0; else return 1; } /* * Terminate rvnamed process */ void killrvnamed() { int fd; struct sockaddr_un su; struct rvn rvnpkt; fd = socket(PF_UNIX, SOCK_DGRAM, 0); su.sun_family = AF_UNIX; strcpy(su.sun_path, IPTSOCKNAME); rvnpkt.type = RVN_QUIT; sendto(fd, &rvnpkt, sizeof(struct rvn), 0, (struct sockaddr *) &su, sizeof(su.sun_family) + strlen(su.sun_path)); close(fd); } void open_rvn_socket(int *fd) { struct sockaddr_un su; strncpy(revname_socket, get_path(T_WORKDIR, gen_unix_sockname()), 80); unlink(revname_socket); *fd = socket(PF_UNIX, SOCK_DGRAM, 0); su.sun_family = AF_UNIX; strcpy(su.sun_path, revname_socket); bind(*fd, (struct sockaddr *) &su, sizeof(su.sun_family) + strlen(su.sun_path)); } void close_rvn_socket(int fd) { if (fd > 0) { close(fd); unlink(revname_socket); } } int revname(int *lookup, struct in_addr *saddr, char *target, int rvnfd) { struct hostent *he; struct rvn rpkt; int br; struct sockaddr_un su; int fl; fd_set sockset; struct timeval tv; int sstat = 0; bzero(target, 45); if (*lookup) { if (rvnfd > 0) { su.sun_family = AF_UNIX; strcpy(su.sun_path, IPTSOCKNAME); rpkt.type = RVN_REQUEST; rpkt.saddr.s_addr = saddr->s_addr; sendto(rvnfd, &rpkt, sizeof(struct rvn), 0, (struct sockaddr *) &su, sizeof(su.sun_family) + strlen(su.sun_path)); fl = sizeof(su.sun_family) + strlen(su.sun_path); do { tv.tv_sec = 10; tv.tv_usec = 0; FD_ZERO(&sockset); FD_SET(rvnfd, &sockset); do { sstat = select(rvnfd + 1, &sockset, NULL, NULL, &tv); } while ((sstat < 0) && (errno == EINTR)); if (FD_ISSET(rvnfd, &sockset)) br = recvfrom(rvnfd, &rpkt, sizeof(struct rvn), 0, (struct sockaddr *) &su, &fl); else br = -1; } while ((br < 0) && (errno == EINTR)); if (br < 0) { strcpy(target, inet_ntoa(*saddr)); printipcerr(); *lookup = 0; return RESOLVED; } strncpy(target, rpkt.fqdn, 44); return (rpkt.ready); } else { he = gethostbyaddr((char *) saddr, sizeof(struct in_addr), AF_INET); if (he == NULL) strcpy(target, inet_ntoa(*saddr)); else strncpy(target, he->h_name, 44); return RESOLVED; } } else { strcpy(target, inet_ntoa(*saddr)); return RESOLVED; } } iptraf-3.0.0/src/tcptable.c0100644000076400000000000010642710311472356014415 0ustar rikerroot /*** tcptable.c - table manipulation routines for the IP monitor Written by Gerard Paul Java Copyright (c) Gerard Paul Java 1997, 1998 This software is open source; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 2 of the License, or (at your option) any later version. This program is distributed WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License in the included COPYING file for details. ***/ #include #include "options.h" #include "tcptable.h" #include "deskman.h" #include "attrs.h" #include "log.h" #include "revname.h" #include "rvnamed.h" #define MSGSTRING_MAX 320 unsigned int bmaxy = 0; unsigned int imaxy = 0; void convmacaddr(char *addr, char *result); void writetcplog(int logging, FILE * fd, struct tcptableent *entry, unsigned int pktlen, int mac, char *message); void setlabels(WINDOW * win, int mode) { wmove(win, 0, 42 * COLS / 80); whline(win, ACS_HLINE, 23 * COLS / 80); if (mode == 0) { wmove(win, 0, 47 * COLS / 80); wprintw(win, " Packets "); wmove(win, 0, 59 * COLS / 80); wprintw(win, " Bytes "); } else if (mode == 1) { mvwprintw(win, 0, 47 * COLS / 80, " Source MAC Addr "); } else if (mode == 2) { wmove(win, 0, 45 * COLS / 80); wprintw(win, " Pkt Size "); wmove(win, 0, 56 * COLS / 80); wprintw(win, " Win Size "); } } /* * The hash function for the TCP hash table */ unsigned int tcp_hash(unsigned long saddr, unsigned int sport, unsigned long daddr, unsigned int dport, char *ifname) { int i; int ifsum = 0; for (i = 0; i <= strlen(ifname) - 1; i++) ifsum += ifname[i]; return ((ifsum + (4 * saddr) + (3 * sport) + (2 * daddr) + dport) % ENTRIES_IN_HASH_TABLE); } void print_tcp_num_entries(struct tcptable *table) { mvwprintw(table->borderwin, table->bmaxy - 1, 1, " TCP: %6u entries ", table->count); } void init_tcp_table(struct tcptable *table) { int i; table->bmaxy = LINES * 0.6; /* 60% of total screen */ table->imaxy = table->bmaxy - 2; table->borderwin = newwin(table->bmaxy, COLS, 1, 0); table->borderpanel = new_panel(table->borderwin); wattrset(table->borderwin, BOXATTR); tx_box(table->borderwin, ACS_VLINE, ACS_HLINE); wmove(table->borderwin, 0, 1); wprintw(table->borderwin, " TCP Connections (Source Host:Port) "); setlabels(table->borderwin, 0); /* initially use mode 0 */ wmove(table->borderwin, 0, 65 * COLS / 80); wprintw(table->borderwin, " Flags "); wmove(table->borderwin, 0, 72 * COLS / 80); wprintw(table->borderwin, " Iface "); update_panels(); doupdate(); table->head = table->tail = NULL; table->firstvisible = table->lastvisible = NULL; table->tcpscreen = newwin(table->imaxy, COLS - 2, 2, 1); table->tcppanel = new_panel(table->tcpscreen); table->closedentries = table->closedtail = NULL; wattrset(table->tcpscreen, BOXATTR); tx_colorwin(table->tcpscreen); table->lastpos = 0; table->count = 0; wtimeout(table->tcpscreen, -1); tx_stdwinset(table->tcpscreen); print_tcp_num_entries(table); /* * Initialize hash table to nulls */ for (i = 0; i <= ENTRIES_IN_HASH_TABLE - 1; i++) { table->hash_table[i] = NULL; table->hash_tails[i] = NULL; } table->barptr = NULL; table->baridx = 0; } /* * Add a TCP entry to the hash table. */ int add_tcp_hash_entry(struct tcptable *table, struct tcptableent *entry) { unsigned int hp; /* hash position in table */ struct tcp_hashentry *ptmp; hp = tcp_hash(entry->saddr.s_addr, entry->sport, entry->daddr.s_addr, entry->dport, entry->ifname); ptmp = malloc(sizeof(struct tcp_hashentry)); bzero(ptmp, sizeof(struct tcp_hashentry)); if (ptmp == NULL) return 1; /* * Add backpointer from screen node to hash node for deletion later * (Actually point to its predecessor coz of the header cell). */ entry->hash_node = ptmp; /* * Update hash node and add it to list. */ ptmp->tcpnode = entry; ptmp->hp = hp; if (table->hash_table[hp] == NULL) { ptmp->prev_entry = NULL; table->hash_table[hp] = ptmp; ptmp->index = 1; } if (table->hash_tails[hp] != NULL) { table->hash_tails[hp]->next_entry = ptmp; ptmp->prev_entry = table->hash_tails[hp]; ptmp->index = ptmp->prev_entry->index + 1; } table->hash_tails[hp] = ptmp; ptmp->next_entry = NULL; return 0; } /* * Delete a hash table node */ void del_tcp_hash_node(struct tcptable *table, struct tcptableent *entry) { struct tcp_hashentry *ptmp; ptmp = entry->hash_node; /* ptmp now points to the target */ /* * If the targeted node is the last entry, adjust the corresponding tail * pointer to the preceeding node; */ if (ptmp->next_entry == NULL) table->hash_tails[ptmp->hp] = ptmp->prev_entry; if (ptmp->prev_entry != NULL) ptmp->prev_entry->next_entry = ptmp->next_entry; else table->hash_table[ptmp->hp] = ptmp->next_entry; if (ptmp->next_entry != NULL) ptmp->next_entry->prev_entry = ptmp->prev_entry; free(ptmp); } /* * Add a new entry to the TCP screen table */ struct tcptableent *addentry(struct tcptable *table, unsigned long int saddr, unsigned long int daddr, unsigned int sport, unsigned int dport, int protocol, char *ifname, int *rev_lookup, int rvnfd, int servnames, int *nomem) { struct tcptableent *new_entry; struct closedlist *ctemp; /* * Allocate and attach a new node if no closed entries found */ if (table->closedentries == NULL) { new_entry = malloc(sizeof(struct tcptableent)); if (new_entry != NULL) new_entry->oth_connection = malloc(sizeof(struct tcptableent)); if ((new_entry->oth_connection == NULL) || (new_entry == NULL)) { printnomem(); *nomem = 1; return NULL; } new_entry->oth_connection->oth_connection = new_entry; if (table->head == NULL) { new_entry->prev_entry = NULL; table->head = new_entry; table->firstvisible = new_entry; } if (table->tail != NULL) { table->tail->next_entry = new_entry; new_entry->prev_entry = table->tail; } table->lastpos++; new_entry->index = table->lastpos; table->lastpos++; new_entry->oth_connection->index = table->lastpos; table->tail = new_entry->oth_connection; new_entry->next_entry = new_entry->oth_connection; new_entry->next_entry->prev_entry = new_entry; new_entry->next_entry->next_entry = NULL; if (new_entry->oth_connection->index <= table->firstvisible->index + (table->imaxy - 1)) table->lastvisible = new_entry->oth_connection; else if (new_entry->index <= table->firstvisible->index + (table->imaxy - 1)) table->lastvisible = new_entry; new_entry->reused = new_entry->oth_connection->reused = 0; table->count++; print_tcp_num_entries(table); } else { /* * If we reach this point, we're allocating off the list of closed * entries. In this case, we take the top entry, let the new_entry * variable point to whatever the top is pointing to. The new_entry's * oth_connection also points to the reused entry's oth_connection */ new_entry = table->closedentries->closedentry; new_entry->oth_connection = table->closedentries->pair; ctemp = table->closedentries; table->closedentries = table->closedentries->next_entry; free(ctemp); /* * Mark the closed list's tail as NULL if we use the last entry * in the list to prevent a dangling reference. */ if (table->closedentries == NULL) table->closedtail = NULL; new_entry->reused = new_entry->oth_connection->reused = 1; /* * Delete the old hash entries for this reallocated node; */ del_tcp_hash_node(table, new_entry); del_tcp_hash_node(table, new_entry->oth_connection); } /* * Fill in address fields with raw IP addresses */ new_entry->saddr.s_addr = new_entry->oth_connection->daddr.s_addr = saddr; new_entry->daddr.s_addr = new_entry->oth_connection->saddr.s_addr = daddr; new_entry->protocol = protocol; /* * Initialize count fields */ new_entry->pcount = new_entry->bcount = 0; new_entry->win = new_entry->psize = 0; new_entry->timedout = new_entry->oth_connection->timedout = 0; new_entry->oth_connection->pcount = new_entry->oth_connection->bcount = 0; new_entry->oth_connection->win = new_entry->oth_connection->psize = 0; /* * Store interface name */ strcpy(new_entry->ifname, ifname); strcpy(new_entry->oth_connection->ifname, ifname); /* * Zero out MAC address fields */ bzero(new_entry->smacaddr, 15); bzero(new_entry->oth_connection->smacaddr, 15); /* * Set raw port numbers */ new_entry->sport = new_entry->oth_connection->dport = ntohs(sport); new_entry->dport = new_entry->oth_connection->sport = ntohs(dport); new_entry->stat = new_entry->oth_connection->stat = 0; new_entry->s_fstat = revname(rev_lookup, &(new_entry->saddr), new_entry->s_fqdn, rvnfd); new_entry->d_fstat = revname(rev_lookup, &(new_entry->daddr), new_entry->d_fqdn, rvnfd); /* * Set port service names (where applicable) */ servlook(servnames, sport, IPPROTO_TCP, new_entry->s_sname, 10); servlook(servnames, dport, IPPROTO_TCP, new_entry->d_sname, 10); strcpy(new_entry->oth_connection->s_sname, new_entry->d_sname); strcpy(new_entry->oth_connection->d_sname, new_entry->s_sname); strcpy(new_entry->oth_connection->d_fqdn, new_entry->s_fqdn); strcpy(new_entry->oth_connection->s_fqdn, new_entry->d_fqdn); new_entry->oth_connection->s_fstat = new_entry->d_fstat; new_entry->oth_connection->d_fstat = new_entry->s_fstat; if (new_entry->index < new_entry->oth_connection->index) { new_entry->half_bracket = ACS_ULCORNER; new_entry->oth_connection->half_bracket = ACS_LLCORNER; } else { new_entry->half_bracket = ACS_LLCORNER; new_entry->oth_connection->half_bracket = ACS_ULCORNER; } new_entry->inclosed = new_entry->oth_connection->inclosed = 0; new_entry->finack = new_entry->oth_connection->finack = 0; new_entry->finsent = new_entry->oth_connection->finsent = 0; new_entry->partial = new_entry->oth_connection->partial = 0; new_entry->spanbr = new_entry->oth_connection->spanbr = 0; new_entry->conn_starttime = new_entry->oth_connection->conn_starttime = time(NULL); /* * Mark flow rate start time and byte counter for flow computation * if the highlight bar is on either flow of the new connection. */ if (table->barptr == new_entry) { new_entry->starttime = time(NULL); new_entry->spanbr = 0; } else if (table->barptr == new_entry->oth_connection) { new_entry->oth_connection->starttime = time(NULL); new_entry->oth_connection->spanbr = 0; } /* * Add entries to hash table */ *nomem = add_tcp_hash_entry(table, new_entry); *nomem = add_tcp_hash_entry(table, new_entry->oth_connection); return new_entry; } void addtoclosedlist(struct tcptable *table, struct tcptableent *entry, int *nomem) { struct closedlist *ctemp; ctemp = malloc(sizeof(struct closedlist)); if (ctemp == NULL) { printnomem(); *nomem = 1; return; } /* * Point to closed entries */ ctemp->closedentry = entry; ctemp->pair = entry->oth_connection; entry->inclosed = entry->oth_connection->inclosed = 1; /* * Add node to closed entry list. */ if (table->closedtail != NULL) table->closedtail->next_entry = ctemp; table->closedtail = ctemp; table->closedtail->next_entry = NULL; if (table->closedentries == NULL) table->closedentries = ctemp; } char *tcplog_flowrate_msg(struct tcptableent *entry, struct OPTIONS *opts) { char rateunit[10]; float rate = 0; static char message[60]; time_t interval; interval = time(NULL) - entry->conn_starttime; if (opts->actmode == KBITS) { strcpy(rateunit, "kbits/s"); if (interval > 0) rate = (float) (entry->bcount * 8 / 1000) / (float) interval; else rate = (float) (entry->bcount * 8 / 1000); } else { strcpy(rateunit, "kbytes/s"); if (interval > 0) rate = (float) (entry->bcount / 1024) / (float) interval; else rate = (float) (entry->bcount / 1024); } snprintf(message, 60, "avg flow rate %.2f %s", rate, rateunit); return message; } void write_timeout_log(int logging, FILE * logfile, struct tcptableent *tcpnode, struct OPTIONS *opts) { char msgstring[MSGSTRING_MAX]; if (logging) { snprintf(msgstring, MSGSTRING_MAX, "TCP; Connection %s:%s to %s:%s timed out, %lu packets, %lu bytes, %s; opposite direction %lu packets, %lu bytes, %s", tcpnode->s_fqdn, tcpnode->s_sname, tcpnode->d_fqdn, tcpnode->d_sname, tcpnode->pcount, tcpnode->bcount, tcplog_flowrate_msg(tcpnode, opts), tcpnode->oth_connection->pcount, tcpnode->oth_connection->bcount, tcplog_flowrate_msg(tcpnode->oth_connection, opts)); writelog(logging, logfile, msgstring); } } struct tcptableent *in_table(struct tcptable *table, unsigned long saddr, unsigned long daddr, unsigned int sport, unsigned int dport, char *ifname, int logging, FILE * logfile, int *nomem, struct OPTIONS *opts) { struct tcp_hashentry *hashptr; unsigned int hp; int hastimeouts = 0; time_t now; time_t timeout; if (opts != NULL) timeout = opts->timeout; else timeout = 0; if (table->head == NULL) { return 0; } /* * Determine hash table index for this set of addresses and ports */ hp = tcp_hash(saddr, sport, daddr, dport, ifname); hashptr = table->hash_table[hp]; while (hashptr != NULL) { if ((hashptr->tcpnode->saddr.s_addr == saddr) && (hashptr->tcpnode->daddr.s_addr == daddr) && (hashptr->tcpnode->sport == sport) && (hashptr->tcpnode->dport == dport) && (strcmp(hashptr->tcpnode->ifname, ifname) == 0)) break; now = time(NULL); /* * Add the timed out entries to the closed list in case we didn't * find any closed ones. */ if ((timeout > 0) && ((now - hashptr->tcpnode->lastupdate) / 60 > timeout) && (!(hashptr->tcpnode->inclosed))) { hashptr->tcpnode->timedout = 1; hashptr->tcpnode->oth_connection->timedout = 1; addtoclosedlist(table, hashptr->tcpnode, nomem); if (!(*nomem)) hastimeouts = 1; if (logging) write_timeout_log(logging, logfile, hashptr->tcpnode, opts); } hashptr = hashptr->next_entry; } if (hashptr != NULL) { /* needed to avoid SIGSEGV */ if ((((hashptr->tcpnode->finsent == 2) && (hashptr->tcpnode->oth_connection->finsent == 2))) || (((hashptr->tcpnode->stat & FLAG_RST) || (hashptr->tcpnode->oth_connection->stat & FLAG_RST)))) { return NULL; } else { return hashptr->tcpnode; } } else { return NULL; } } /* * Update the TCP status record should an applicable packet arrive. */ void updateentry(struct tcptable *table, struct tcptableent *tableentry, struct tcphdr *transpacket, char *packet, int linkproto, unsigned long packetlength, unsigned int bcount, unsigned int fragofs, int logging, int *revlook, int rvnfd, struct OPTIONS *opts, FILE * logfile, int *nomem) { char msgstring[MSGSTRING_MAX]; char newmacaddr[15]; if (tableentry->s_fstat != RESOLVED) { tableentry->s_fstat = revname(revlook, &(tableentry->saddr), tableentry->s_fqdn, rvnfd); strcpy(tableentry->oth_connection->d_fqdn, tableentry->s_fqdn); tableentry->oth_connection->d_fstat = tableentry->s_fstat; } if (tableentry->d_fstat != RESOLVED) { tableentry->d_fstat = revname(revlook, &(tableentry->daddr), tableentry->d_fqdn, rvnfd); strcpy(tableentry->oth_connection->s_fqdn, tableentry->d_fqdn); tableentry->oth_connection->s_fstat = tableentry->d_fstat; } tableentry->pcount++; tableentry->bcount += bcount; tableentry->psize = packetlength; tableentry->spanbr += bcount; if (opts->mac) { bzero(newmacaddr, 15); if ((linkproto == LINK_ETHERNET) || (linkproto == LINK_PLIP)) { convmacaddr(((struct ethhdr *) packet)->h_source, newmacaddr); } else if (linkproto == LINK_FDDI) { convmacaddr(((struct fddihdr *) packet)->saddr, newmacaddr); } else if (linkproto == LINK_TR) { convmacaddr(((struct trh_hdr *) packet)->saddr, newmacaddr); } if (tableentry->smacaddr[0] != '\0') { if (strcmp(tableentry->smacaddr, newmacaddr) != 0) { snprintf(msgstring, MSGSTRING_MAX, "TCP; %s; from %s:%s to %s:%s: new source MAC address %s (previously %s)", tableentry->ifname, tableentry->s_fqdn, tableentry->s_sname, tableentry->d_fqdn, tableentry->d_sname, newmacaddr, tableentry->smacaddr); writelog(logging, logfile, msgstring); strcpy(tableentry->smacaddr, newmacaddr); } } else strcpy(tableentry->smacaddr, newmacaddr); } /* * If this is not the first TCP fragment, skip interpretation of the * TCP header. */ if ((ntohs(fragofs) & 0x1fff) != 0) { tableentry->lastupdate = tableentry->oth_connection->lastupdate = time(NULL); return; } /* * At this point, we have a TCP header, and we proceed to process it. */ if (tableentry->pcount == 1) { if ((transpacket->syn) || (transpacket->rst)) tableentry->partial = 0; else tableentry->partial = 1; } tableentry->win = ntohs(transpacket->window); tableentry->stat = 0; if (transpacket->syn) tableentry->stat |= FLAG_SYN; if (transpacket->ack) { tableentry->stat |= FLAG_ACK; /* * The following sequences are used when the ACK is in response to * a FIN (see comments for FIN below). If the opposite direction * already has its indicator set to 1 (FIN sent, not ACKed), and * the incoming ACK has the same sequence number as the previously * stored FIN's ack number (i.e. the ACK in response to the opposite * flow's FIN), the opposite direction's state is set to 2 (FIN sent * and ACKed). */ if ((tableentry->oth_connection->finsent == 1) && (ntohl(transpacket->seq) == tableentry->oth_connection->finack)) { tableentry->oth_connection->finsent = 2; if (logging) { writetcplog(logging, logfile, tableentry, tableentry->psize, opts->mac, "FIN acknowleged"); } } } /* * The closing sequence is similar, but not identical to the TCP close * sequence described in the RFC. This sequence is primarily cosmetic. * * When a FIN is sent in a direction, a state indicator is set to 1, * to indicate a FIN sent, but not ACKed yet. For comparison later, * the acknowlegement number is also saved in the entry. See comments * in ACK above. */ if (transpacket->fin) { /* * First, we check if the opposite direction has no counts, in which * case we simply mark the entire connection available for reuse. * This is in case packets from a machine pass an interface, but * on the return, completely bypasses any interface on our machine. * * Q: Could such a situation really happen in practice? I managed to * do it but under *really* ridiculous circumstances. * * A: (as of version 2.5.0, June 2001): Yes this DOES happen in * practice. Unidirectional satellite feeds can send data straight * to a remote network using you as your upstream. */ if (tableentry->oth_connection->pcount == 0) addtoclosedlist(table, tableentry, nomem); else { /* * That aside, mark the direction as being done, and make it * ready for a complete close upon receipt of an ACK. We save * the acknowlegement number for identification of the proper * ACK packet when it arrives in the other direction. */ tableentry->finsent = 1; tableentry->finack = ntohl(transpacket->ack_seq); } if (logging) { sprintf(msgstring, "FIN sent; %lu packets, %lu bytes, %s", tableentry->pcount, tableentry->bcount, tcplog_flowrate_msg(tableentry, opts)); writetcplog(logging, logfile, tableentry, tableentry->psize, opts->mac, msgstring); } } if (transpacket->rst) { tableentry->stat |= FLAG_RST; if (!(tableentry->inclosed)) addtoclosedlist(table, tableentry, nomem); if (logging) { snprintf(msgstring, MSGSTRING_MAX, "Connection reset; %lu packets, %lu bytes, %s; opposite direction %lu packets, %lu bytes; %s", tableentry->pcount, tableentry->bcount, tcplog_flowrate_msg(tableentry, opts), tableentry->oth_connection->pcount, tableentry->oth_connection->bcount, tcplog_flowrate_msg(tableentry->oth_connection, opts)); writetcplog(logging, logfile, tableentry, tableentry->psize, opts->mac, msgstring); } } if (transpacket->psh) tableentry->stat |= FLAG_PSH; if (transpacket->urg) tableentry->stat |= FLAG_URG; tableentry->lastupdate = tableentry->oth_connection->lastupdate = time(NULL); /* * Shall we add this entry to the closed entry list? If both * directions have their state indicators set to 2, or one direction * is set to 2, and the other 1, that's it. */ if ((!tableentry->inclosed) && (((tableentry->finsent == 2) && ((tableentry->oth_connection->finsent == 1) || (tableentry->oth_connection->finsent == 2))) || ((tableentry->oth_connection->finsent == 2) && ((tableentry->finsent == 1) || (tableentry->finsent == 2))))) addtoclosedlist(table, tableentry, nomem); } /* * Clears out the resolved IP addresses from the window. This prevents * overlapping port numbers (in cases where the resolved DNS name is shorter * than its IP address), that may cause the illusion of large ports. Plus, * such output, while may be interpreted by people with a little know-how, * is just plain wrong. * * Returns immediately if the entry is not visible in the window. */ void clearaddr(struct tcptable *table, struct tcptableent *tableentry, unsigned int screen_idx) { unsigned int target_row; if ((tableentry->index < screen_idx) || (tableentry->index > screen_idx + (table->imaxy - 1))) return; target_row = (tableentry->index) - screen_idx; wmove(table->tcpscreen, target_row, 1); wprintw(table->tcpscreen, "%44c", ' '); } /* * Display a TCP connection line. Returns immediately if the entry is * not visible in the window. */ void printentry(struct tcptable *table, struct tcptableent *tableentry, unsigned int screen_idx, int mode) { char stat[7] = ""; unsigned int target_row; char sp_buf[MSGSTRING_MAX]; int normalattr; int highattr; /* * Set appropriate attributes for this entry */ if (table->barptr == tableentry) { normalattr = BARSTDATTR; highattr = BARHIGHATTR; } else { normalattr = STDATTR; highattr = HIGHATTR; } if ((tableentry->index < screen_idx) || (tableentry->index > screen_idx + (table->imaxy - 1))) return; target_row = (tableentry->index) - screen_idx; /* clear the data if it's a reused entry */ wattrset(table->tcpscreen, PTRATTR); wmove(table->tcpscreen, target_row, 2); if (tableentry->reused) { scrollok(table->tcpscreen, 0); sprintf(sp_buf, "%%%dc", COLS - 4); wprintw(table->tcpscreen, sp_buf, ' '); scrollok(table->tcpscreen, 1); tableentry->reused = 0; wmove(table->tcpscreen, target_row, 1); } /* print half of connection indicator bracket */ wmove(table->tcpscreen, target_row, 0); waddch(table->tcpscreen, tableentry->half_bracket); /* proceed with the actual entry */ wattrset(table->tcpscreen, normalattr); sprintf(sp_buf, "%%%dc", COLS - 5); mvwprintw(table->tcpscreen, target_row, 2, sp_buf, ' '); sprintf(sp_buf, "%%.%ds:%%.%ds", 32 * COLS / 80, 10); wmove(table->tcpscreen, target_row, 1); wprintw(table->tcpscreen, sp_buf, tableentry->s_fqdn, tableentry->s_sname); wattrset(table->tcpscreen, highattr); /* * Print packet and byte counts or window size and packet size, depending * on the value of mode. */ switch (mode) { case 0: wmove(table->tcpscreen, target_row, 47 * COLS / 80 - 2); if (tableentry->partial) wprintw(table->tcpscreen, ">"); else wprintw(table->tcpscreen, "="); wprintw(table->tcpscreen, "%8u ", tableentry->pcount); wmove(table->tcpscreen, target_row, 59 * COLS / 80 - 4); wprintw(table->tcpscreen, "%9u ", tableentry->bcount); break; case 1: wmove(table->tcpscreen, target_row, 50 * COLS / 80); if (tableentry->smacaddr[0] == '\0') wprintw(table->tcpscreen, " N/A "); else wprintw(table->tcpscreen, "%s", tableentry->smacaddr); break; case 2: wmove(table->tcpscreen, target_row, 45 * COLS / 80 + 3); wprintw(table->tcpscreen, "%5u ", tableentry->psize); wmove(table->tcpscreen, target_row, 56 * COLS / 80 - 1); wprintw(table->tcpscreen, "%9u ", tableentry->win); } wattrset(table->tcpscreen, normalattr); if (tableentry->finsent == 1) strcpy(stat, "DONE "); else if (tableentry->finsent == 2) strcpy(stat, "CLOSED"); else if (tableentry->stat & FLAG_RST) strcpy(stat, "RESET "); else { if (tableentry->stat & FLAG_SYN) strcat(stat, "S"); else strcat(stat, "-"); if (tableentry->stat & FLAG_PSH) strcat(stat, "P"); else strcat(stat, "-"); if (tableentry->stat & FLAG_ACK) strcat(stat, "A"); else strcat(stat, "-"); if (tableentry->stat & FLAG_URG) strcat(stat, "U"); else strcat(stat, "-"); strcat(stat, " "); } wmove(table->tcpscreen, target_row, 65 * COLS / 80); wprintw(table->tcpscreen, "%s", stat); wmove(table->tcpscreen, target_row, 72 * COLS / 80); wprintw(table->tcpscreen, "%s", tableentry->ifname); } /* * Redraw the TCP window */ void refreshtcpwin(struct tcptable *table, unsigned int idx, int mode) { struct tcptableent *ptmp; setlabels(table->borderwin, mode); wattrset(table->tcpscreen, STDATTR); tx_colorwin(table->tcpscreen); ptmp = table->firstvisible; while ((ptmp != NULL) && (ptmp->prev_entry != table->lastvisible)) { printentry(table, ptmp, idx, mode); ptmp = ptmp->next_entry; } wmove(table->borderwin, table->bmaxy - 1, 1); print_tcp_num_entries(table); update_panels(); doupdate(); } void destroy_closed_entries(struct tcptable *table) { struct closedlist *closedtemp; struct closedlist *closedtemp_next; if (table->closedentries != NULL) { closedtemp = table->closedentries; closedtemp_next = table->closedentries->next_entry; while (closedtemp != NULL) { free(closedtemp); closedtemp = closedtemp_next; if (closedtemp_next != NULL) closedtemp_next = closedtemp_next->next_entry; } table->closedentries = NULL; table->closedtail = NULL; } } /* * Kill the entire TCP table */ void destroytcptable(struct tcptable *table) { struct tcptableent *ctemp; struct tcptableent *c_next_entry; struct tcp_hashentry *hashtemp; struct tcp_hashentry *hashtemp_next; unsigned int i; /* * Destroy main TCP table */ if (table->head != NULL) { ctemp = table->head; c_next_entry = table->head->next_entry; while (ctemp != NULL) { free(ctemp); ctemp = c_next_entry; if (c_next_entry != NULL) c_next_entry = c_next_entry->next_entry; } } /* * Destroy list of closed entries */ destroy_closed_entries(table); /* * Destroy hash table */ for (i = 0; i <= ENTRIES_IN_HASH_TABLE - 1; i++) { if (table->hash_table[i] != NULL) { hashtemp = table->hash_table[i]; hashtemp_next = table->hash_table[i]->next_entry; while (hashtemp != NULL) { free(hashtemp); hashtemp = hashtemp_next; if (hashtemp_next != NULL) hashtemp_next = hashtemp_next->next_entry; } } } } /* * Kill an entry from the TCP table */ void destroy_tcp_entry(struct tcptable *table, struct tcptableent *ptmp) { if (ptmp->prev_entry != NULL) ptmp->prev_entry->next_entry = ptmp->next_entry; else table->head = ptmp->next_entry; if (ptmp->next_entry != NULL) ptmp->next_entry->prev_entry = ptmp->prev_entry; else table->tail = ptmp->prev_entry; free(ptmp); if (table->head == NULL) { table->firstvisible = NULL; table->lastvisible = NULL; } } /* * Kill all closed entries from the table, and clear the list of closed * entries. */ void flushclosedentries(struct tcptable *table, unsigned long *screen_idx, int logging, FILE * logfile, struct OPTIONS *opts) { struct tcptableent *ptmp = table->head; struct tcptableent *ctmp = NULL; unsigned long idx = 1; time_t now; time_t lastupdated = 0; while (ptmp != NULL) { now = time(NULL); lastupdated = (now - ptmp->lastupdate) / 60; if ((ptmp->inclosed) || (lastupdated > opts->timeout)) { ctmp = ptmp; /* * Mark and flush timed out TCP entries. */ if (lastupdated > opts->timeout) { if ((!(ptmp->timedout)) && (!(ptmp->inclosed))) { write_timeout_log(logging, logfile, ptmp, opts); ptmp->timedout = ptmp->oth_connection->timedout = 1; } } /* * Advance to next entry and destroy target entry. */ ptmp = ptmp->next_entry; /* * If the targeted entry is highlighted, and the next entry is * not NULL (we're still in the list) we move the bar pointer to * the next entry otherwise we move it to the previous entry. */ if (ptmp != NULL) { if (table->barptr == ctmp) { table->barptr = ptmp; } } else { if (table->barptr == ctmp) { table->barptr = table->barptr->prev_entry; } } /* * Do the dirty deed */ del_tcp_hash_node(table, ctmp); destroy_tcp_entry(table, ctmp); /* * Adjust screen index if the deleted entry was "above" * the screen. */ if (idx < *screen_idx) (*screen_idx)--; } else { /* * Set the first visible pointer once the index matches * the screen index. */ if (idx == *screen_idx) table->firstvisible = ptmp; /* * Keep setting the last visible pointer until the scan * index "leaves" the screen */ if (idx <= (*screen_idx) + (table->imaxy - 1)) table->lastvisible = ptmp; ptmp->index = idx; idx++; ptmp = ptmp->next_entry; } } table->lastpos = idx - 1; table->count = table->lastpos / 2; destroy_closed_entries(table); /* * Shift entries down if the deletion causes the last entry to * occupy anywhere other than the last line of the TCP display * window. */ if (table->head != NULL) { /* * Point screen index to the last table entry if the tail entry is * "above" the screen index. Set the firstvisible pointer to that * as well. */ if (table->tail->index < *screen_idx) { *screen_idx = table->tail->index; table->firstvisible = table->tail; } /* * Move the screen index and firstvisible entry up until the tail * hits the bottom of the window (tail is at screen index plus * screen length minus 1) or the firstvisible pointer hits the * head of the table. The highlight bar should "go along" with * the shifting. */ while ((table->tail->index < *screen_idx + table->imaxy - 1) && (table->firstvisible->prev_entry != NULL)) { table->firstvisible = table->firstvisible->prev_entry; (*screen_idx)--; } /* * Set the bar position index once everything's done. */ table->baridx = table->barptr->index - *screen_idx + 1; } } iptraf-3.0.0/src/deskman.h0100644000076400000000000000114310311472356014233 0ustar rikerroot/* deskman.h - header file for deskman.c Written by Gerard Paul Java Copyright (c) Gerard Paul Java 1997, 1998 */ void draw_desktop(void); void printnomem(); void printipcerr(); void printkeyhelp(char *keytext, char *desc, WINDOW * win, int highattr, int textattr); void stdkeyhelp(WINDOW * win); void sortkeyhelp(void); void tabkeyhelp(WINDOW * win); void scrollkeyhelp(); void stdexitkeyhelp(); void indicate(char *message); void printlargenum(unsigned long long i, WINDOW * win); void infobox(char *text, char *prompt); void standardcolors(int color); void show_sort_statwin(); iptraf-3.0.0/src/dirs.h0100644000076400000000000001101110311472356013545 0ustar rikerroot/* * dirs.h - directory and file definitions used by IPTraf * * You may change these directories to suit your needs, BUT: * * 1. Some directories contain files that IPTraf may erase, see LOCKDIR * 2. The temporary file creation methods are NOT SAFE FOR USE ON WORLD * WRITABLE DIRECTORIES. Do not define any of these directories to * be any world-writable directory, such as /tmp or /var/tmp. */ #include "getpath.h" /* * IPTraf working file and directory definitions */ /*** *** Directory definitions. The definitions in the Makefile now override *** these directives. ***/ /* * The IPTraf working directory */ #ifndef WORKDIR #define WORKDIR "/var/local/iptraf" #endif #ifndef LOGDIR #define LOGDIR "/var/log/iptraf" #endif #ifndef EXECDIR #define EXECDIR "/usr/local/bin" #endif /* * Lock directory. * * !!!!!!! WARNING !!!!!!!! * DO NOT LET THIS REFER TO AN EXISTING/SYSTEM DIRECTORY!!!! THE LOCK * OVERRIDE (iptraf -f) WILL ERASE ALL FILES HERE! */ #ifndef LOCKDIR #define LOCKDIR "/var/run/iptraf" #endif /*** *** Directory environment variables. Overrides built in definitions. *** You may suit this to your preferences. ***/ /* * Environment variable for IPTraf working directory. Overrides builtin. */ #define WORKDIR_ENV "IPTRAF_WORK_PATH" /* * Environment variable for LOGDIR */ #define LOGDIR_ENV "IPTRAF_LOG_PATH" /*** *** Filename definitions. They depend on the directory definitions *** above. ***/ /* * The IPTraf instance identification file. IPTraf is running if this * file is present, and is deleted afterwards. As of this version, this * file is used to restrict configuration to only the first instance. */ #define IPTIDFILE get_path(T_LOCKDIR, "iptraf.tag") /* * The IPTraf facility identification files. These are used to identify which * facilities are running, allowing only one instance any of them to run * on a network interface. */ #define IPMONIDFILE get_path(T_LOCKDIR, "iptraf-ipmon.tag") #define GSTATIDFILE get_path(T_LOCKDIR, "iptraf-genstat.tag") #define DSTATIDFILE get_path(T_LOCKDIR, "iptraf-detstat.tag") #define TCPUDPIDFILE get_path(T_LOCKDIR, "iptraf-tcpudp.tag") #define LANMONIDFILE get_path(T_LOCKDIR, "iptraf-lanmon.tag") #define IPHOSTSIDFILE get_path(T_LOCKDIR, "iptraf-iphosts.tag") #define FLTIDFILE get_path(T_LOCKDIR, "iptraf-filters.tag") #define TCPFLTIDFILE get_path(T_LOCKDIR, "iptraf-tcpfltchg.tag") #define UDPFLTIDFILE get_path(T_LOCKDIR, "iptraf-udpfltchg.tag") #define OTHFLTIDFILE get_path(T_LOCKDIR, "iptraf-othfltchg.tag") #define OTHIPFLTIDFILE get_path(T_LOCKDIR, "iptraf-othipfltchg.tag") #define PKTSIZEIDFILE get_path(T_LOCKDIR, "iptraf-packetsize.tag") #define PROCCOUNTFILE get_path(T_LOCKDIR, "iptraf-processcount.dat") #define ITRAFMONCOUNTFILE get_path(T_LOCKDIR, "iptraf-itrafmoncount.dat") #define LANMONCOUNTFILE get_path(T_LOCKDIR, "iptraf-lanmoncount.dat") #define PROMISCLISTFILE get_path(T_WORKDIR, "iptraf-promisclist.tmp") /* * The TCP filter list file */ #define TCPFLNAME get_path(T_WORKDIR, "tcpfilters.dat") /* * The UDP filter list file */ #define UDPFLNAME get_path(T_WORKDIR, "udpfilters.dat") /* * Data file for other IP protocol filters */ #define OTHIPFLNAME get_path(T_WORKDIR, "othipfilters.dat") /* * The filter data file for other protocols */ #define FLTSTATEFILE get_path(T_WORKDIR, "savedfilters.dat") /* * The IPTraf configuration data file */ #define CONFIGFILE get_path(T_WORKDIR, "iptraf.cfg") /* * The IPTraf log files */ #define IPMONLOG get_path(T_LOGDIR, "ip_traffic") #define GSTATLOG get_path(T_LOGDIR, "iface_stats_general.log") #define DSTATLOG get_path(T_LOGDIR, "iface_stats_detailed") #define TCPUDPLOG get_path(T_LOGDIR, "tcp_udp_services") #define LANLOG get_path(T_LOGDIR, "lan_statistics") #define PKTSIZELOG get_path(T_LOGDIR, "packet_size") #define DAEMONLOG get_path(T_LOGDIR, "daemon.log") /* * The additional TCP/UDP ports file */ #define PORTFILE get_path(T_WORKDIR, "ports.dat") /* * The Ethernet and FDDI host description files */ #define ETHFILE get_path(T_WORKDIR, "ethernet.desc") #define FDDIFILE get_path(T_WORKDIR, "fddi.desc") /* * The rvnamed program file */ #define RVNDFILE get_path(T_EXECDIR, "rvnamed") /* * The rvnamed log file */ #define RVNDLOGFILE get_path(T_LOGDIR, "rvnamed.log") /* * File to contain the current TCP filter data file name. UDP filter * data is saved with the other protocols. */ #define TCPFILTERSAVE get_path(T_WORKDIR, "tcpfilter.cur") #ifndef PATH_MAX #define PATH_MAX 4095 #endif iptraf-3.0.0/src/error.h0100644000076400000000000000005510311472356013743 0ustar rikerrootvoid write_error(char *msg, int daemonized); iptraf-3.0.0/src/ifstats.h0100644000076400000000000000440710311472356014274 0ustar rikerroot /*** ifstats.h - structure definitions for interface counts ***/ struct iflist { char ifname[8]; unsigned int encap; unsigned long long iptotal; unsigned long badtotal; unsigned long long noniptotal; unsigned long long total; unsigned int spanbr; unsigned long br; float rate; float peakrate; unsigned int index; struct iflist *prev_entry; struct iflist *next_entry; }; struct iftab { struct iflist *head; struct iflist *tail; struct iflist *firstvisible; struct iflist *lastvisible; WINDOW *borderwin; PANEL *borderpanel; WINDOW *statwin; PANEL *statpanel; }; struct iftotals { unsigned long long total; unsigned long long bytestotal; unsigned long long total_in; unsigned long long total_out; unsigned long long bytestotal_out; unsigned long long bytestotal_in; unsigned long long bcast; unsigned long long bcastbytes; unsigned long long iptotal; unsigned long long ipbtotal; unsigned long long iptotal_in; unsigned long long iptotal_out; unsigned long long ipbtotal_in; unsigned long long ipbtotal_out; unsigned long long noniptotal; unsigned long long nonipbtotal; unsigned long long noniptotal_in; unsigned long long noniptotal_out; unsigned long long nonipbtotal_in; unsigned long long nonipbtotal_out; unsigned long long tcptotal; unsigned long long tcpbtotal; unsigned long long tcptotal_in; unsigned long long tcptotal_out; unsigned long long tcpbtotal_in; unsigned long long tcpbtotal_out; unsigned long long udptotal; unsigned long long udpbtotal; unsigned long long udptotal_in; unsigned long long udptotal_out; unsigned long long udpbtotal_in; unsigned long long udpbtotal_out; unsigned long long icmptotal; unsigned long long icmpbtotal; unsigned long long icmptotal_in; unsigned long long icmptotal_out; unsigned long long icmpbtotal_in; unsigned long long icmpbtotal_out; unsigned long long othtotal; unsigned long long othbtotal; unsigned long long othtotal_in; unsigned long long othtotal_out; unsigned long long othbtotal_in; unsigned long long othbtotal_out; unsigned long badtotal; unsigned int interval; }; iptraf-3.0.0/src/ipcsum.h0100644000076400000000000000023610311472356014113 0ustar rikerroot/*** ipcsum.h - prototype declaration for the standard IP checksum calculation routine ***/ #include int in_cksum(u_short * addr, int len); iptraf-3.0.0/src/othptab.h0100644000076400000000000001020510311472356014251 0ustar rikerroot/*** othptab.h - header file for the non-TCP routines Written by Gerard Paul Java Copyright (c) Gerard Paul Java 1997 ***/ #include #include #include #include #include #include #include #include #include #include #include #include #include "servname.h" #include "addproto.h" #define NONIP -1 #define IS_IP 1 #define NOT_IP 0 #define NOHTIND 0 /* Bottom or Top (head or tail) indicator printed */ #define TIND 1 /* Tail indicator printed */ #define HIND 2 /* Head indicator printed */ #define VSCRL_OFFSET 60 /* Characters to vertically scroll */ struct othptabent { unsigned long int saddr; unsigned long int daddr; char smacaddr[15]; char dmacaddr[15]; unsigned short linkproto; char s_fqdn[100]; char d_fqdn[100]; int s_fstat; int d_fstat; unsigned int protocol; char iface[8]; unsigned int pkt_length; union { struct { char s_sname[15]; char d_sname[15]; } udp; struct { unsigned int type; unsigned int code; } icmp; struct { unsigned char type; unsigned long area; char routerid[16]; } ospf; struct { unsigned short opcode; char src_ip_address[4]; char dest_ip_address[4]; } arp; struct { unsigned short opcode; char src_mac_address[6]; char dest_mac_address[6]; } rarp; } un; unsigned int type; unsigned int code; unsigned int index; int is_ip; int fragment; struct othptabent *prev_entry; struct othptabent *next_entry; }; struct othptable { struct othptabent *head; struct othptabent *tail; struct othptabent *firstvisible; struct othptabent *lastvisible; unsigned int count; unsigned int lastpos; unsigned int strindex; /* starting index of the string to display */ int htstat; unsigned int obmaxy; /* number of lines in the border window */ unsigned int oimaxy; /* number of lines inside the border */ int mac; WINDOW *othpwin; PANEL *othppanel; WINDOW *borderwin; PANEL *borderpanel; }; /* Added by David Harbaugh for Non-IP protocol identification */ struct packetstruct { char *packet_name; /* Name of packet type */ unsigned int protocol; /* Number of packet type */ }; /* partially stolen from ospf.h from tcpdump */ #define OSPF_TYPE_UMD 0 #define OSPF_TYPE_HELLO 1 #define OSPF_TYPE_DB 2 #define OSPF_TYPE_LSR 3 #define OSPF_TYPE_LSU 4 #define OSPF_TYPE_LSA 5 #define OSPF_TYPE_MAX 6 struct ospfhdr { u_char ospf_version; u_char ospf_type; u_short ospf_len; struct in_addr ospf_routerid; struct in_addr ospf_areaid; u_short ospf_chksum; u_short ospf_authtype; }; void init_othp_table(struct othptable *table, int mac); void process_dest_unreach(struct tcptable *table, char *packet, char *ifname, int *nomem); struct othptabent *add_othp_entry(struct othptable *table, struct tcptable *tcptab, unsigned long saddr, unsigned long daddr, int is_ip, int protocol, unsigned short linkproto, char *packet, char *netpacket, unsigned int br, char *ifname, int *rev_lookup, int rvnamedon, unsigned int tm, int logging, FILE * logfile, int servnames, int fragment, int *nomem); char *packetlookup(unsigned int protocol); void printothpentry(struct othptable *table, struct othptabent *entry, unsigned int screen_idx, int logging, FILE * logfile); void refresh_othwindow(struct othptable *table); void destroyothptable(struct othptable *table); iptraf-3.0.0/src/tcptable.h0100644000076400000000000001146010311472356014412 0ustar rikerroot/*** tcptable.h -- table manipulation for the statistics display. Written by Gerard Paul Java Copyright (c) Gerard Paul Java 1997-2005 ***/ #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include "servname.h" #include "tcphdr.h" #include "links.h" #define max(a, b) (( a > b) ? a : b) #define FLAG_SYN 1 #define FLAG_RST 2 #define FLAG_PSH 4 #define FLAG_ACK 8 #define FLAG_URG 16 #define CLOSED 64 #define ENTRIES_IN_HASH_TABLE 1543 struct tcptableent { struct in_addr saddr; struct in_addr daddr; char s_fqdn[45]; /* fully-qualified domain names */ char d_fqdn[45]; int s_fstat; int d_fstat; unsigned int sport; unsigned int dport; char smacaddr[15]; char s_sname[11]; /* Service names, maxlen=10 */ char d_sname[11]; unsigned int protocol; unsigned long pcount; /* packet count */ unsigned long bcount; /* byte count */ unsigned int stat; /* TCP flags */ unsigned int win; unsigned int psize; unsigned long finack; int partial; int finsent; char ifname[8]; unsigned int index; int reused; int timedout; int inclosed; int half_bracket; unsigned long spanbr; time_t lastupdate; time_t starttime; time_t conn_starttime; struct tcp_hashentry *hash_node; struct tcptableent *oth_connection; /* the other half of the connection */ struct tcptableent *prev_entry; struct tcptableent *next_entry; }; struct closedlist { struct tcptableent *closedentry; struct tcptableent *pair; struct closedlist *next_entry; }; struct tcp_hashentry { unsigned int index; unsigned int hp; /* index position in bucket array */ struct tcptableent *tcpnode; struct tcp_hashentry *prev_entry; struct tcp_hashentry *next_entry; }; struct tcptable { struct tcp_hashentry *hash_table[ENTRIES_IN_HASH_TABLE]; struct tcp_hashentry *hash_tails[ENTRIES_IN_HASH_TABLE]; struct tcptableent *head; struct tcptableent *tail; struct closedlist *closedentries; struct closedlist *closedtail; struct tcptableent *firstvisible; struct tcptableent *lastvisible; struct tcptableent *barptr; unsigned int baridx; unsigned int lastpos; unsigned int count; unsigned int bmaxy; /* number of lines of the border window */ unsigned int imaxy; /* number of lines inside the border */ WINDOW *tcpscreen; PANEL *tcppanel; WINDOW *borderwin; PANEL *borderpanel; }; void init_tcp_table(struct tcptable *table); struct tcptableent *addentry(struct tcptable *table, unsigned long int saddr, unsigned long int daddr, unsigned int sport, unsigned int dport, int protocol, char *ifname, int *rev_lookup, int rvnamedon, int servnames, int *nomem); struct tcptableent *in_table(struct tcptable *table, unsigned long saddr, unsigned long daddr, unsigned int sport, unsigned int dport, char *ifname, int logging, FILE * logfile, int *nomem, struct OPTIONS *opts); void updateentry(struct tcptable *table, struct tcptableent *tableentry, struct tcphdr *transpacket, char *packet, int linkproto, unsigned long packetlength, unsigned int bcount, unsigned int fragofs, int logging, int *revlook, int rvnfd, struct OPTIONS *opts, FILE * logfile, int *nomem); void addtoclosedlist(struct tcptable *table, struct tcptableent *tableentry, int *nomem); void clearaddr(struct tcptable *table, struct tcptableent *tableentry, unsigned int screen_idx); void printentry(struct tcptable *table, struct tcptableent *tableentry, unsigned int screen_idx, int mode); void refreshtcpwin(struct tcptable *table, unsigned int idx, int mode); void destroytcptable(struct tcptable *table); void flushclosedentries(struct tcptable *table, unsigned long *screen_idx, int logging, FILE * logfile, struct OPTIONS *opts); void write_timeout_log(int logging, FILE * logfile, struct tcptableent *tcpnode, struct OPTIONS *opts); iptraf-3.0.0/src/Makefile0100644000076400000000000001414510311513665014105 0ustar rikerroot# # Makefile for IPTraf 3.0 # # # Architecture determination string borrowed from the kernel makefile. # ARCH := $(shell uname -m | sed -e s/i.86/i386/ -e s/sun4u/sparc64/ \ -e s/arm.*/arm/ -e s/sa110/arm/) PLATFORM = -DPLATFORM=\"$(shell uname -s)/$(ARCH)\" VERNUMBER := $(shell cat version) VERSION = -DVERSION=\"$(VERNUMBER)\" # # Binary distribution will be placed here. # Production use only # BINDIR = ../../iptraf-$(VERNUMBER).bin.$(ARCH) CC = gcc LIBS = -L../support -ltextbox -lpanel -lncurses # in this order! # comment this one out to omit debug code when done. DEBUG = #-g #-DDEBUG # comment this one out to prevent generation of profile code PROF = #-pg # options to be passed to the compiler. I don't believe they need to be # modified (except for -m486 on non-Intel x86 platforms). CFLAGS = -Wall #-O2 #-m486 DIRS = -DWORKDIR=\"$(WORKDIR)\" \ -DLOGDIR=\"$(LOGDIR)\" -DEXECDIR=\"$(TARGET)\" LDOPTS = #-static # you may want to change this to point to your ncurses include directory # if the ncurses include files are not in the default location. INCLUDEDIR = -I/usr/include/ncurses -I../support # You can uncomment this one to disable the backspace key in input fields. # This means you must use the Del key or Ctrl+H combination to erase the # character left of the cursor. You may need to use this directive if you # have an earlier version of ncurses. (Please note that earlier ncurses # versions have quirks that may result in undesirable screen behavior as # well.) BSSETTING =# -DDISABLEBS # Define this one to allow non-root users to use the program when setuid # root. Undefine to restrict use to root only. It is recommended that # you restrict execution to root only. This option does not install the # executable program with the setuid bit on, or with world-execute # permissions. If you want it, you'll have to do it yourself with chmod. # # I have no plans to modify this program to be used by other users. EXECPERM =# -DALLOWUSERS ################################################################### ############### IPTRAF DIRECTORY DEFINITIONS. YOU MAY CHANGE THESE ############### TO SUIT YOUR PREFERENCES. ################################################################### # installation target directory. The iptraf and rvnamed programs get # stored here. iptraf also exec's rvnamed from this directory. TARGET = /usr/local/bin # The IPTraf working directory; if you change this. Starting with this # version, this definition overrides dirs.h. WORKDIR = /var/local/iptraf # The IPTraf log file directory. IPTraf log files are placed here. # This definition overrides dirs.h LOGDIR = /var/log/iptraf # # IPTraf lock file directory. This is /var/run/iptraf/ and will not # be passed to the compiler. If you want to change this, you must edit # dirs.h. # # ******************** !!!!!! WARNING !!!!!! ******************** # DO NOT MAKE THIS POINT TO AN EXISTING/SYSTEM DIRECTORY!!!! THE # LOCK OVERRIDE (iptraf -f) WILL ERASE FILES HERE! #***************************************************************** LOCKDIR = /var/run/iptraf ##################################################################### ############### IPTRAF COMPILATION AND LINK RULES ##################################################################### # Object file names OBJS = iptraf.o itrafmon.o packet.o tcptable.o othptab.o ifstats.o deskman.o \ ipcsum.o hostmon.o fltedit.o tr.o cidr.o \ fltselect.o ipfilter.o fltmgr.o ipfrag.o serv.o servname.o instances.o \ timer.o revname.o pktsize.o landesc.o isdntab.o options.o promisc.o ifaces.o \ error.o log.o mode.o getpath.o bar.o parseproto.o BINS = iptraf rvnamed rawtime all: $(BINS) @echo @size $(BINS) iptraf: $(OBJS) textlib $(CC) $(LDOPTS) $(PROF) -o iptraf $(OBJS) $(LIBS) textlib: make -C ../support %.o: %.c *.h version $(CC) $(CFLAGS) $(DIRS) $(INCLUDEDIR) $(VERSION) $(PLATFORM) $(PROF) $(DEBUG) $(EXECPERM) $(BSSETTING) -c -o $*.o $< rvnamed: rvnamed.o getpath.o $(CC) $(LDOPTS) $(PROF) -o rvnamed rvnamed.o getpath.o rvnamed.o: rvnamed.c rvnamed.h $(CC) $(CFLAGS) $(PROF) $(DEBUG) -c -o rvnamed.o rvnamed.c rawtime: rawtime.c $(CC) $(CFLAGS) $(LDOPTS) $(PROF) $(DEBUG) -o rawtime rawtime.c # rule to clear out all object files and the executables (pow!) clean: rm -f *.o *~ core $(BINS) make -C ../support clean # I just included this rule to clear out the .o files, leaving the # executables, stripped and ready for packing. cleano: rm -f *.o *~ strip iptraf strip rvnamed # installation rule install: @./install.sh $(TARGET) $(WORKDIR) $(LOGDIR) $(LOCKDIR) # Upgrade rule # #upgrade: updatefilters # @./updatefilters # # I use this special rule to force linking of the panels and ncurses # libraries into the executable, since there seems to be a lot of # libncurses.so.3 installations around, and some don't have libncurses.so # at all. Till then, I'll force them in. Do not use this rule under # normal circumstances. # # This rule also creates a separate directory containing the documentation # and the compiled programs for release as a ready-to-run distribution. dist-bin: all $(CC) $(LDOPTS) $(PROF) -o iptraf $(OBJS) -L../support -ltextbox /usr/lib/libpanel.a /usr/lib/libncurses.a rm -rf $(BINDIR) mkdir $(BINDIR) /bin/cp -p ../CHANGES ../LICENSE ../FAQ ../INSTALL ../README* \ ../RELEASE-NOTES ../Setup $(BINDIR) /bin/cp -pR ../Documentation $(BINDIR) mkdir $(BINDIR)/src /bin/cp -p $(BINS) Makefile install.sh version $(BINDIR)/src strip $(BINDIR)/src/iptraf $(BINDIR)/src/rvnamed $(BINDIR)/src/rawtime #$(BINDIR)/src/updatefilters # # Just in case anyone needs to link a static binary # static: $(OBJS) $(CC) -static $(PROC) -o iptraf $(OBJS) ../support/libtextbox.a -lpanel -lncurses $(CC) -static -o rvnamed rvnamed.o getpath.o $(CC) -static -o rawtime rawtime.c # # Production rules. These rules are used to automate production of # the source and ready-to-run tarballs. These won't really be needed by # the general public. # tarball: clean (cd ../..;tar zcvf iptraf-$(VERNUMBER).tar.gz iptraf-$(VERNUMBER)) binball: dist-bin (cd ../..;tar zcvf iptraf-$(VERNUMBER).bin.$(ARCH).tar.gz iptraf-$(VERNUMBER).bin.$(ARCH)) alldist: tarball binball iptraf-3.0.0/src/options.h0100644000076400000000000000061110311472356014303 0ustar rikerroot struct OPTIONS { unsigned int color:1, logging:1, revlook:1, servnames:1, promisc:1, actmode:1, mac:1, dummy:9; unsigned int timeout; unsigned int logspan; unsigned int updrate; unsigned int closedint; }; #define KBITS 0 #define KBYTES 1 #define DEFAULT_UPDATE_DELAY 50000 /* usec screen delay if update rate 0 */ #define HOSTMON_UPDATE_DELAY 100000 iptraf-3.0.0/src/externs.h0100644000076400000000000000216110311472356014302 0ustar rikerroot /*** externs.h - external routines used by the the iptraf module and some others ***/ void ipmon(const struct OPTIONS *options, struct filterstate *ofilter, int facilitytime, char *ifptr); void selectiface(char *ifname, int withall, int *aborted); void ifstats(const struct OPTIONS *options, struct filterstate *ofilter, int facilitytime); void detstats(char *iface, const struct OPTIONS *options, int facilitytime, struct filterstate *ofilter); void packet_size_breakdown(struct OPTIONS *options, char *iface, int facilitytime, struct filterstate *ofilter); void servmon(char *iface, struct porttab *ports, const struct OPTIONS *options, int facilitytime, struct filterstate *ofilter); void ip_host_breakdown(struct OPTIONS *options, char *iface); void hostmon(const struct OPTIONS *options, int facilitytime, char *ifptr, struct filterstate *ofilter); void ethdescmgr(void); void setoptions(struct OPTIONS *options, struct porttab **ports); void loadoptions(struct OPTIONS *options); void saveoptions(struct OPTIONS *options); iptraf-3.0.0/src/attrs.h0100644000076400000000000000124210311472356013746 0ustar rikerroot/* Attribute variables */ extern int STDATTR; extern int HIGHATTR; extern int BOXATTR; extern int ACTIVEATTR; extern int BARSTDATTR; extern int BARHIGHATTR; extern int BARPTRATTR; extern int DLGTEXTATTR; extern int DLGHIGHATTR; extern int DLGBOXATTR; extern int DESCATTR; extern int STATUSBARATTR; extern int IPSTATATTR; extern int IPSTATLABELATTR; extern int DESKTEXTATTR; extern int PTRATTR; extern int FIELDATTR; extern int ERRBOXATTR; extern int ERRTXTATTR; extern int ERRRESPATTR; extern int OSPFATTR; extern int UDPATTR; extern int IGPATTR; extern int IGMPATTR; extern int IGRPATTR; extern int ARPATTR; extern int GREATTR; extern int UNKNIPATTR; extern int UNKNATTR; iptraf-3.0.0/src/promisc.c0100644000076400000000000001406710311472356014271 0ustar rikerroot/*** promisc.c - handles the promiscuous mode flag for the Ethernet/FDDI/ Token Ring interfaces Written by Gerard Paul Java Copyright (c) Gerard Paul Java 1997, 2002 This module contains functions that manage the promiscuous states of the interfaces. This software is open source; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 2 of the License, or (at your option) any later version. This program is distributed WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License in the included COPYING file for details. ***/ #include #include #include #include #include #include #include #include #include #include #include #include #include #include "ifstats.h" #include "ifaces.h" #include "error.h" #include "promisc.h" #include "dirs.h" #define PROMISC_MSG_MAX 80 extern int daemonized; extern int accept_unsupported_interfaces; void init_promisc_list(struct promisc_states **list) { FILE *fd; int ifd; char buf[8]; struct promisc_states *ptmp; struct promisc_states *tail = NULL; struct ifreq ifr; int istat; char err_msg[80]; ifd = socket(PF_INET, SOCK_DGRAM, 0); *list = NULL; fd = open_procnetdev(); do { get_next_iface(fd, buf); if (strcmp(buf, "") != 0) { ptmp = malloc(sizeof(struct promisc_states)); strcpy(ptmp->params.ifname, buf); if (*list == NULL) { *list = ptmp; } else tail->next_entry = ptmp; tail = ptmp; ptmp->next_entry = NULL; /* * Retrieve and save interface flags */ if ((strncmp(buf, "eth", 3) == 0) || (strncmp(buf, "fddi", 4) == 0) || (strncmp(buf, "tr", 2) == 0) || (strncmp(ptmp->params.ifname, "wvlan", 4) == 0) || (strncmp(ptmp->params.ifname, "lec", 3) == 0) || (accept_unsupported_interfaces)) { strcpy(ifr.ifr_name, buf); istat = ioctl(ifd, SIOCGIFFLAGS, &ifr); if (istat < 0) { sprintf(err_msg, "Unable to obtain interface parameters for %s", buf); write_error(err_msg, daemonized); ptmp->params.state_valid = 0; } else { ptmp->params.saved_state = ifr.ifr_flags; ptmp->params.state_valid = 1; } } } } while (strcmp(buf, "") != 0); } /* * Save interfaces and their states to a temporary file. Used only by the * first IPTraf instance. Needed in case there are subsequent, simultaneous * instances of IPTraf, which may still need promiscuous mode even after * the first instance exits. These subsequent instances will need to restore * the promiscuous state from this file. */ void save_promisc_list(struct promisc_states *list) { int fd; struct promisc_states *ptmp = list; fd = open(PROMISCLISTFILE, O_WRONLY | O_CREAT, S_IRUSR | S_IWUSR); if (fd < 0) { write_error("Unable to save interface flags", daemonized); return; } while (ptmp != NULL) { write(fd, &(ptmp->params), sizeof(struct promisc_params)); ptmp = ptmp->next_entry; } close(fd); } /* * Load promiscuous states into list */ void load_promisc_list(struct promisc_states **list) { int fd; struct promisc_states *ptmp = NULL; struct promisc_states *tail = NULL; int br; fd = open(PROMISCLISTFILE, O_RDONLY); if (fd < 0) { write_error("Unable to retrieve saved interface flags", daemonized); *list = NULL; return; } do { ptmp = malloc(sizeof(struct promisc_states)); br = read(fd, &(ptmp->params), sizeof(struct promisc_params)); if (br > 0) { if (tail != NULL) tail->next_entry = ptmp; else *list = ptmp; ptmp->next_entry = NULL; tail = ptmp; } else free(ptmp); } while (br > 0); close(fd); } /* * Set/restore interface promiscuous mode. */ void srpromisc(int mode, struct promisc_states *list) { int fd; struct ifreq ifr; struct promisc_states *ptmp; int istat; char fullmsg[PROMISC_MSG_MAX]; ptmp = list; fd = socket(PF_INET, SOCK_DGRAM, 0); if (fd < 0) { write_error("Unable to open socket for flag change", daemonized); return; } while (ptmp != NULL) { if (((strncmp(ptmp->params.ifname, "eth", 3) == 0) || (strncmp(ptmp->params.ifname, "fddi", 4) == 0) || (strncmp(ptmp->params.ifname, "tr", 2) == 0) || (strncmp(ptmp->params.ifname, "wvlan", 4) == 0) || (strncmp(ptmp->params.ifname, "lec", 3) == 0)) && (ptmp->params.state_valid)) { strcpy(ifr.ifr_name, ptmp->params.ifname); if (mode) ifr.ifr_flags = ptmp->params.saved_state | IFF_PROMISC; else ifr.ifr_flags = ptmp->params.saved_state; istat = ioctl(fd, SIOCSIFFLAGS, &ifr); if (istat < 0) { sprintf(fullmsg, "Promisc change failed for %s", ptmp->params.ifname); write_error(fullmsg, daemonized); } } ptmp = ptmp->next_entry; } close(fd); } void destroy_promisc_list(struct promisc_states **list) { struct promisc_states *ptmp = *list; struct promisc_states *ctmp; if (ptmp != NULL) ctmp = ptmp->next_entry; while (ptmp != NULL) { free(ptmp); ptmp = ctmp; if (ctmp != NULL) ctmp = ctmp->next_entry; } } iptraf-3.0.0/src/log.c0100644000076400000000000004717710311472356013406 0ustar rikerroot /*** log.c - the iptraf logging facility Written by Gerard Paul Java Copyright (c) Gerard Paul Java 1997, 1998 This software is open source; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 2 of the License, or (at your option) any later version. This program is distributed WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License in the included COPYING file for details. ***/ #include #include #include #include #include #include #include #include #include #include "attrs.h" #include "deskman.h" #include "dirs.h" #include "options.h" #include "tcptable.h" #include "othptab.h" #include "ifstats.h" #include "serv.h" #include "pktsize.h" #include "hostmon.h" #include "links.h" #include "mode.h" #define MSGSTRING_MAX 240 #define TARGET_LOGNAME_MAX 160 #define TIME_TARGET_MAX 30 int rotate_flag; char target_logname[TARGET_LOGNAME_MAX]; char current_logfile[TARGET_LOGNAME_MAX]; char graphing_logfile[TARGET_LOGNAME_MAX]; void openlogerr() { int resp; tx_errbox("Unable to open log file", ANYKEY_MSG, &resp); } /* * Generates a log file based on a template for a particular instance of * a facility. Used by the IP Traffic Monitor and LAN Station Monitor. */ char *gen_instance_logname(char *template, int instance_num) { static char filename[80]; snprintf(filename, 80, "%s-%d.log", template, instance_num); return filename; } void input_logfile(char *target, int *logging) { WINDOW *dlgwin; PANEL *dlgpanel; struct FIELDLIST fieldlist; int aborted; dlgwin = newwin(11, 60, (LINES - 11) / 2, (COLS - 60) / 2); dlgpanel = new_panel(dlgwin); wattrset(dlgwin, DLGBOXATTR); tx_colorwin(dlgwin); tx_box(dlgwin, ACS_VLINE, ACS_HLINE); mvwprintw(dlgwin, 0, 1, " Logging Enabled "); wattrset(dlgwin, DLGTEXTATTR); mvwprintw(dlgwin, 2, 2, "Enter the name of the file to which to write the log."); mvwprintw(dlgwin, 4, 2, "If you don't specify a path, the log file will"); mvwprintw(dlgwin, 5, 2, "be placed in %s.", LOGDIR); wmove(dlgwin, 9, 2); stdkeyhelp(dlgwin); wprintw(dlgwin, " (turns logging off)"); tx_initfields(&fieldlist, 1, 50, (LINES - 1) / 2 + 2, (COLS - 50) / 2 - 3, DLGTEXTATTR, FIELDATTR); tx_addfield(&fieldlist, 48, 0, 0, target); tx_fillfields(&fieldlist, &aborted); if (!aborted) { if (strchr(fieldlist.list->buf, '/') == NULL) snprintf(target, 48, "%s/%s", LOGDIR, fieldlist.list->buf); else strncpy(target, fieldlist.list->buf, 48); } *logging = !aborted; tx_destroyfields(&fieldlist); del_panel(dlgpanel); delwin(dlgwin); update_panels(); doupdate(); } void opentlog(FILE ** fd, char *logfilename) { *fd = fopen(logfilename, "a"); if (*fd == NULL) openlogerr(); rotate_flag = 0; strcpy(target_logname, ""); } void genatime(time_t now, char *atime) { bzero(atime, TIME_TARGET_MAX); strncpy(atime, ctime(&now), 26); atime[strlen(atime) - 1] = '\0'; } void writelog(int logging, FILE * fd, char *msg) { char atime[TIME_TARGET_MAX]; if (logging) { genatime(time((time_t *) NULL), atime); fprintf(fd, "%s; %s\n", atime, msg); } fflush(fd); } void write_daemon_err(char *msg) { char atime[TIME_TARGET_MAX]; FILE *fd; genatime(time((time_t *) NULL), atime); fd = fopen(DAEMONLOG, "a"); fprintf(fd, "%s iptraf[%u]: %s\n", atime, getpid(), msg); fclose(fd); } void writetcplog(int logging, FILE * fd, struct tcptableent *entry, unsigned int pktlen, int mac, char *message) { char msgbuf[MSGSTRING_MAX]; if (logging) { if (mac) { snprintf(msgbuf, MSGSTRING_MAX, "TCP; %s; %u bytes; from %s:%s to %s:%s (source MAC addr %s); %s", entry->ifname, pktlen, entry->s_fqdn, entry->s_sname, entry->d_fqdn, entry->d_sname, entry->smacaddr, message); } else { snprintf(msgbuf, MSGSTRING_MAX, "TCP; %s; %u bytes; from %s:%s to %s:%s; %s", entry->ifname, pktlen, entry->s_fqdn, entry->s_sname, entry->d_fqdn, entry->d_sname, message); } writelog(logging, fd, msgbuf); } } void write_tcp_unclosed(int logging, FILE * fd, struct tcptable *table) { char msgbuf[MSGSTRING_MAX]; struct tcptableent *entry = table->head; while (entry != NULL) { if ((entry->finsent == 0) && ((entry->stat & FLAG_RST) == 0) && (!(entry->inclosed))) { sprintf(msgbuf, "TCP; %s; active; from %s:%s to %s:%s; %lu packets, %lu bytes", entry->ifname, entry->s_fqdn, entry->s_sname, entry->d_fqdn, entry->d_sname, entry->pcount, entry->bcount); writelog(logging, fd, msgbuf); } entry = entry->next_entry; } } void writeothplog(int logging, FILE * fd, char *protname, char *description, char *additional, int is_ip, int withmac, struct othptabent *entry) { char msgbuffer[MSGSTRING_MAX]; char scratchpad[MSGSTRING_MAX]; if (logging) { bzero(msgbuffer, MSGSTRING_MAX); strcpy(msgbuffer, protname); strcat(msgbuffer, "; "); strcat(msgbuffer, entry->iface); sprintf(scratchpad, "; %u bytes;", entry->pkt_length); strcat(msgbuffer, scratchpad); if ((entry->smacaddr[0] != '\0') && (withmac)) { sprintf(scratchpad, " source MAC address %s;", entry->smacaddr); strcat(msgbuffer, scratchpad); } if (is_ip) { if (((entry->protocol == IPPROTO_UDP) && (!(entry->fragment))) || (entry->protocol == IPPROTO_TCP)) sprintf(scratchpad, " from %s:%s to %s:%s", entry->s_fqdn, entry->un.udp.s_sname, entry->d_fqdn, entry->un.udp.d_sname); else sprintf(scratchpad, " from %s to %s", entry->s_fqdn, entry->d_fqdn); } else sprintf(scratchpad, " from %s to %s ", entry->smacaddr, entry->dmacaddr); strcat(msgbuffer, scratchpad); strcpy(scratchpad, ""); if (strcmp(description, "") != 0) { sprintf(scratchpad, "; %s", description); strcat(msgbuffer, scratchpad); } strcpy(scratchpad, ""); if (strcmp(additional, "") != 0) { sprintf(scratchpad, " (%s)", additional); strcat(msgbuffer, scratchpad); } writelog(logging, fd, msgbuffer); } } void writegstatlog(struct iftab *table, int unit, unsigned long nsecs, FILE * fd) { struct iflist *ptmp = table->head; char atime[TIME_TARGET_MAX]; char unitstring[7]; genatime(time((time_t *) NULL), atime); fprintf(fd, "\n*** General interface statistics log generated %s\n\n", atime); while (ptmp != NULL) { fprintf(fd, "%s: %llu total, %llu IP, %llu non-IP, %lu IP checksum errors", ptmp->ifname, ptmp->total, ptmp->iptotal, ptmp->noniptotal, ptmp->badtotal); if (nsecs > 5) { dispmode(unit, unitstring); if (unit == KBITS) { fprintf(fd, ", average activity %.2f %s/s", (float) (ptmp->br * 8 / 1000) / (float) nsecs, unitstring); } else { fprintf(fd, ", average activity %.2f %s/s", (float) (ptmp->br / 1024) / (float) nsecs, unitstring); } fprintf(fd, ", peak activity %.2f %s/s", ptmp->peakrate, unitstring); fprintf(fd, ", last 5-second activity %.2f %s/s", ptmp->rate, unitstring); } fprintf(fd, "\n"); ptmp = ptmp->next_entry; } fprintf(fd, "\n%lu seconds running time\n", nsecs); fflush(fd); } void writedstatlog(char *ifname, int unit, float activity, float pps, float peakactivity, float peakpps, float peakactivity_in, float peakpps_in, float peakactivity_out, float peakpps_out, struct iftotals *ts, unsigned long nsecs, FILE * fd) { char atime[TIME_TARGET_MAX]; char unitstring[7]; dispmode(unit, unitstring); genatime(time((time_t *) NULL), atime); fprintf(fd, "\n*** Detailed statistics for interface %s, generated %s\n\n", ifname, atime); fprintf(fd, "Total: \t%llu packets, %llu bytes\n", ts->total, ts->bytestotal); fprintf(fd, "\t(incoming: %llu packets, %llu bytes; outgoing: %llu packets, %llu bytes)\n", ts->total_in, ts->bytestotal_in, ts->total_out, ts->bytestotal_out); fprintf(fd, "IP: \t%llu packets, %llu bytes\n", ts->iptotal, ts->ipbtotal); fprintf(fd, "\t(incoming: %llu packets, %llu bytes; outgoing: %llu packets, %llu bytes)\n", ts->iptotal_in, ts->ipbtotal_in, ts->iptotal_out, ts->ipbtotal_out); fprintf(fd, "TCP: %llu packets, %llu bytes\n", ts->tcptotal, ts->tcpbtotal); fprintf(fd, "\t(incoming: %llu packets, %llu bytes; outgoing: %llu packets, %llu bytes)\n", ts->tcptotal_in, ts->tcpbtotal_in, ts->tcptotal_out, ts->tcpbtotal_out); fprintf(fd, "UDP: %llu packets, %llu bytes\n", ts->udptotal, ts->udpbtotal); fprintf(fd, "\t(incoming: %llu packets, %llu bytes; outgoing: %llu packets, %llu bytes)\n", ts->udptotal_in, ts->udpbtotal_in, ts->udptotal_out, ts->udpbtotal_out); fprintf(fd, "ICMP: %llu packets, %llu bytes\n", ts->icmptotal, ts->icmpbtotal); fprintf(fd, "\t(incoming: %llu packets, %llu bytes; outgoing: %llu packets, %llu bytes)\n", ts->icmptotal_in, ts->icmpbtotal_in, ts->icmptotal_out, ts->icmpbtotal_out); fprintf(fd, "Other IP: %llu packets, %llu bytes\n", ts->othtotal, ts->othbtotal); fprintf(fd, "\t(incoming: %llu packets, %llu bytes; outgoing: %llu packets, %llu bytes)\n", ts->othtotal_in, ts->othbtotal_in, ts->othtotal_out, ts->othbtotal_out); fprintf(fd, "Non-IP: %llu packets, %llu bytes\n", ts->noniptotal, ts->nonipbtotal); fprintf(fd, "\t(incoming: %llu packets, %llu bytes; outgoing: %llu packets, %llu bytes)\n", ts->noniptotal_in, ts->nonipbtotal_in, ts->noniptotal_out, ts->nonipbtotal_out); fprintf(fd, "Broadcast: %llu packets, %llu bytes\n", ts->bcast, ts->bcastbytes); if (nsecs > 5) { fprintf(fd, "\nAverage rates:\n"); if (unit == KBITS) { fprintf(fd, " Total:\t%.2f kbits/s, %.2f packets/s\n", ((float) (ts->bytestotal * 8 / 1000) / (float) nsecs), ((float) (ts->total) / (float) nsecs)); fprintf(fd, " Incoming:\t%.2f kbits/s, %.2f packets/s\n", (float) (ts->bytestotal_in * 8 / 1000) / (float) (nsecs), (float) (ts->total_in) / (float) (nsecs)); fprintf(fd, " Outgoing:\t%.2f kbits/s, %.2f packets/s\n", (float) (ts->bytestotal_out * 8 / 1000) / (float) (nsecs), (float) (ts->total_out) / (float) (nsecs)); } else { fprintf(fd, "%.2f kbytes/s, %.2f packets/s\n", ((float) (ts->bytestotal / 1024) / (float) nsecs), ((float) (ts->total) / (float) nsecs)); fprintf(fd, "Incoming:\t%.2f kbytes/s, %.2f packets/s\n", (float) (ts->bytestotal_in / 1024) / (float) (nsecs), (float) (ts->total_in) / (float) (nsecs)); fprintf(fd, "Outgoing:\t%.2f kbytes/s, %.2f packets/s\n", (float) (ts->bytestotal_out / 1024) / (float) (nsecs), (float) (ts->total_out) / (float) (nsecs)); } fprintf(fd, "\nPeak total activity: %.2f %s/s, %.2f packets/s\n", peakactivity, unitstring, peakpps); fprintf(fd, "Peak incoming rate: %.2f %s/s, %.2f packets/s\n", peakactivity_in, unitstring, peakpps_in); fprintf(fd, "Peak outgoing rate: %.2f %s/s, %.2f packets/s\n\n", peakactivity_out, unitstring, peakpps_out); } fprintf(fd, "IP checksum errors: %lu\n\n", ts->badtotal); fprintf(fd, "Running time: %lu seconds\n", nsecs); fflush(fd); } void writeutslog(struct portlistent *list, unsigned long nsecs, int units, FILE * fd) { char atime[TIME_TARGET_MAX]; struct portlistent *ptmp = list; char unitstring[10]; float inrate, outrate, totalrate; time_t now = time(NULL); dispmode(units, unitstring); genatime(time((time_t *) NULL), atime); fprintf(fd, "\n*** TCP/UDP traffic log, generated %s\n\n", atime); while (ptmp != NULL) { if (now - ptmp->proto_starttime < 5) inrate = outrate = totalrate = -1.0; else { if (units == KBITS) { inrate = (float) (ptmp->ibcount * 8 / 1000) / (float) (now - ptmp-> proto_starttime); outrate = (float) (ptmp->obcount * 8 / 1000) / (float) (now - ptmp-> proto_starttime); totalrate = (float) (ptmp->bcount * 8 / 1000) / (float) (now - ptmp-> proto_starttime); } else { inrate = (float) (ptmp->obcount / 1024) / (float) (now - ptmp-> proto_starttime); outrate = (float) (ptmp->obcount / 1024) / (float) (now - ptmp-> proto_starttime); totalrate = (float) (ptmp->obcount / 1024) / (float) (now - ptmp-> proto_starttime); } } if (ptmp->protocol == IPPROTO_TCP) fprintf(fd, "TCP/%s: ", ptmp->servname); else fprintf(fd, "UDP/%s: ", ptmp->servname); fprintf(fd, "%llu packets, %llu bytes total", ptmp->count, ptmp->bcount); if (totalrate >= 0.0) fprintf(fd, ", %.2f %s/s", totalrate, unitstring); fprintf(fd, "; %llu packets, %llu bytes incoming", ptmp->icount, ptmp->ibcount); if (inrate >= 0.0) fprintf(fd, ", %.2f %s/s", inrate, unitstring); fprintf(fd, "; %llu packets, %llu bytes outgoing", ptmp->ocount, ptmp->obcount); if (outrate >= 0.0) fprintf(fd, ", %.2f %s/s", outrate, unitstring); fprintf(fd, "\n\n"); ptmp = ptmp->next_entry; } fprintf(fd, "\nRunning time: %lu seconds\n", nsecs); fflush(fd); } void writeethlog(struct ethtabent *list, int unit, unsigned long nsecs, FILE * fd) { char atime[TIME_TARGET_MAX]; struct ethtabent *ptmp = list; char unitstring[7]; dispmode(unit, unitstring); genatime(time((time_t *) NULL), atime); fprintf(fd, "\n*** LAN traffic log, generated %s\n\n", atime); while (ptmp != NULL) { if (ptmp->type == 0) { if (ptmp->un.desc.linktype == LINK_ETHERNET) fprintf(fd, "\nEthernet address: %s", ptmp->un.desc.ascaddr); else if (ptmp->un.desc.linktype == LINK_PLIP) fprintf(fd, "\nPLIP address: %s", ptmp->un.desc.ascaddr); else if (ptmp->un.desc.linktype == LINK_FDDI) fprintf(fd, "\nFDDI address: %s", ptmp->un.desc.ascaddr); if (ptmp->un.desc.withdesc) fprintf(fd, " (%s)", ptmp->un.desc.desc); fprintf(fd, "\n"); } else { fprintf(fd, "\tIncoming total %llu packets, %llu bytes; %llu IP packets\n", ptmp->un.figs.inpcount, ptmp->un.figs.inbcount, ptmp->un.figs.inippcount); fprintf(fd, "\tOutgoing total %llu packets, %llu bytes; %llu IP packets\n", ptmp->un.figs.outpcount, ptmp->un.figs.outbcount, ptmp->un.figs.outippcount); fprintf(fd, "\tAverage rates: "); if (unit == KBITS) fprintf(fd, "%.2f kbits/s incoming, %.2f kbits/s outgoing\n", (float) (ptmp->un.figs.inbcount * 8 / 1000) / (float) nsecs, (float) (ptmp->un.figs.outbcount * 8 / 1000) / (float) nsecs); else fprintf(fd, "%.2f kbytes/s incoming, %.2f kbytes/s outgoing\n", (float) (ptmp->un.figs.inbcount / 1024) / (float) nsecs, (float) (ptmp->un.figs.outbcount / 1024) / (float) nsecs); if (nsecs > 5) fprintf(fd, "\tLast 5-second rates: %.2f %s/s incoming, %.2f %s/s outgoing\n", ptmp->un.figs.inrate, unitstring, ptmp->un.figs.outrate, unitstring); } ptmp = ptmp->next_entry; } fprintf(fd, "\nRunning time: %lu seconds\n", nsecs); fflush(fd); } void write_size_log(struct ifstat_brackets *brackets, unsigned long nsecs, char *ifname, unsigned int mtu, FILE * logfile) { char atime[TIME_TARGET_MAX]; int i; genatime(time((time_t *) NULL), atime); fprintf(logfile, "*** Packet Size Distribution, generated %s\n\n", atime); fprintf(logfile, "Interface: %s MTU: %u\n\n", ifname, mtu); fprintf(logfile, "Packet Size (bytes)\tCount\n"); for (i = 0; i <= 19; i++) { fprintf(logfile, "%u to %u:\t\t%lu\n", brackets[i].floor, brackets[i].ceil, brackets[i].count); } fprintf(logfile, "\nRunning time: %lu seconds\n", nsecs); fflush(logfile); } void rotate_logfile(FILE ** fd, char *name) { fclose(*fd); *fd = fopen(name, "a"); rotate_flag = 0; } void announce_rotate_prepare(FILE * fd) { writelog(1, fd, "***** USR1 signal received, preparing to reopen log file *****"); } void announce_rotate_complete(FILE * fd) { writelog(1, fd, "***** Logfile reopened *****"); } void check_rotate_flag(FILE ** logfile, int logging) { if ((rotate_flag == 1) && (logging)) { announce_rotate_prepare(*logfile); rotate_logfile(logfile, target_logname); announce_rotate_complete(*logfile); rotate_flag = 0; } } iptraf-3.0.0/src/log.h0100644000076400000000000000103510311472356013372 0ustar rikerroot/*** log.h - the iptraf logging facility header file Written by Gerard Paul Java Copyright (c) Gerard Paul Java 1997 ***/ char *gen_instance_logname(char *template, int instance_id); void input_logfile(char *target, int *aborted); void opentlog(FILE ** fd, char *logfilename); void writelog(int logging, FILE * fd, char *msg); void write_daemon_err(char *msg); void rotate_logfile(FILE ** fd, char *name); void check_rotate_flag(FILE ** fd, int logging); void announce_rotate_prepare(FILE * fd); void announce_rotate_complete(FILE * fd); iptraf-3.0.0/src/hostmon.c0100644000076400000000000007071010311472356014301 0ustar rikerroot /*** hostmon.c - Host traffic monitor Discovers LAN hosts and displays packet statistics for them Written by Gerard Paul Java Copyright (c) Gerard Paul Java 1997, 1998 This software is open source; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 2 of the License, or (at your option) any later version. This program is distributed WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License in the included COPYING file for details. ***/ #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include "dirs.h" #include "deskman.h" #include "links.h" #include "fltdefs.h" #include "fltselect.h" #include "isdntab.h" /* needed by packet.h */ #include "packet.h" #include "ifaces.h" #include "hostmon.h" #include "attrs.h" #include "log.h" #include "timer.h" #include "landesc.h" #include "options.h" #include "instances.h" #include "mode.h" #include "logvars.h" #include "promisc.h" #include "error.h" #define SCROLLUP 0 #define SCROLLDOWN 1 extern int exitloop; extern int daemonized; /* * from log.c, applicable only to this module */ extern void writeethlog(struct ethtabent *list, int units, unsigned long nsecs, FILE * logfile); extern char *ltrim(char *buf); /* * SIGUSR1 logfile rotation handler */ void rotate_lanlog() { rotate_flag = 1; strcpy(target_logname, current_logfile); signal(SIGUSR1, rotate_lanlog); } void ethlook(struct desclist *list, char *address, char *target) { struct desclistent *ptmp = list->head; while (ptmp != NULL) { if (strcmp(address, ptmp->rec.address) == 0) { strcpy(target, ptmp->rec.desc); return; } ptmp = ptmp->next_entry; } } void initethtab(struct ethtab *table, int unit) { char unitstring[7]; table->head = table->tail = NULL; table->firstvisible = table->lastvisible = NULL; table->count = table->entcount = 0; table->borderwin = newwin(LINES - 2, COLS, 1, 0); table->borderpanel = new_panel(table->borderwin); table->tabwin = newwin(LINES - 4, COLS - 2, 2, 1); table->tabpanel = new_panel(table->tabwin); wattrset(table->borderwin, BOXATTR); tx_box(table->borderwin, ACS_VLINE, ACS_HLINE); wmove(table->borderwin, 0, 5 * COLS / 80); wprintw(table->borderwin, " PktsIn "); wmove(table->borderwin, 0, 16 * COLS / 80); wprintw(table->borderwin, " IP In "); wmove(table->borderwin, 0, 24 * COLS / 80); wprintw(table->borderwin, " BytesIn "); wmove(table->borderwin, 0, 34 * COLS / 80); wprintw(table->borderwin, " InRate "); wmove(table->borderwin, 0, 42 * COLS / 80); wprintw(table->borderwin, " PktsOut "); wmove(table->borderwin, 0, 53 * COLS / 80); wprintw(table->borderwin, " IP Out "); wmove(table->borderwin, 0, 61 * COLS / 80); wprintw(table->borderwin, " BytesOut "); wmove(table->borderwin, 0, 70 * COLS / 80); wprintw(table->borderwin, " OutRate "); wmove(table->borderwin, LINES - 3, 40); dispmode(unit, unitstring); wprintw(table->borderwin, " InRate and OutRate are in %s/sec ", unitstring); wattrset(table->tabwin, STDATTR); tx_colorwin(table->tabwin); tx_stdwinset(table->tabwin); wtimeout(table->tabwin, -1); update_panels(); doupdate(); } struct ethtabent *addethnode(struct ethtab *table, int *nomem) { struct ethtabent *ptemp; ptemp = malloc(sizeof(struct ethtabent)); if (ptemp == NULL) { printnomem(); *nomem = 1; return NULL; } if (table->head == NULL) { ptemp->prev_entry = NULL; table->head = ptemp; table->firstvisible = ptemp; } else { ptemp->prev_entry = table->tail; table->tail->next_entry = ptemp; } table->tail = ptemp; ptemp->next_entry = NULL; table->count++; ptemp->index = table->count; if (table->count <= LINES - 4) table->lastvisible = ptemp; return ptemp; } void convmacaddr(char *addr, char *result) { unsigned int i; u_int8_t *ptmp = addr; char hexbyte[3]; strcpy(result, ""); for (i = 0; i <= 5; i++) { sprintf(hexbyte, "%02x", *ptmp); strcat(result, hexbyte); ptmp++; } } struct ethtabent *addethentry(struct ethtab *table, unsigned int linktype, char *ifname, char *addr, int *nomem, struct desclist *list) { struct ethtabent *ptemp; ptemp = addethnode(table, nomem); if (ptemp == NULL) return NULL; ptemp->type = 0; memcpy(&(ptemp->un.desc.eth_addr), addr, ETH_ALEN); strcpy(ptemp->un.desc.desc, ""); convmacaddr(addr, ptemp->un.desc.ascaddr); ptemp->un.desc.linktype = linktype; ethlook(list, ptemp->un.desc.ascaddr, ptemp->un.desc.desc); strcpy(ptemp->un.desc.ifname, ifname); if (strcmp(ptemp->un.desc.desc, "") == 0) ptemp->un.desc.withdesc = 0; else ptemp->un.desc.withdesc = 1; ptemp->un.desc.printed = 0; ptemp = addethnode(table, nomem); if (ptemp == NULL) return NULL; ptemp->type = 1; ptemp->un.figs.inpcount = ptemp->un.figs.inpktact = 0; ptemp->un.figs.outpcount = ptemp->un.figs.outpktact = 0; ptemp->un.figs.inspanbr = ptemp->un.figs.outspanbr = 0; ptemp->un.figs.inippcount = ptemp->un.figs.outippcount = 0; ptemp->un.figs.inbcount = ptemp->un.figs.outbcount = 0; ptemp->un.figs.inrate = ptemp->un.figs.outrate = 0; ptemp->un.figs.past5 = 0; table->entcount++; wmove(table->borderwin, LINES - 3, 1); wprintw(table->borderwin, " %u entries ", table->entcount); return ptemp; } struct ethtabent *in_ethtable(struct ethtab *table, unsigned int linktype, char *addr) { struct ethtabent *ptemp = table->head; while (ptemp != NULL) { if ((ptemp->type == 0) && (memcmp(addr, ptemp->un.desc.eth_addr, ETH_ALEN) == 0) && (ptemp->un.desc.linktype == linktype)) return ptemp->next_entry; ptemp = ptemp->next_entry; } return NULL; } void updateethent(struct ethtabent *entry, int pktsize, int is_ip, int inout) { if (inout == 0) { entry->un.figs.inpcount++; entry->un.figs.inbcount += pktsize; entry->un.figs.inspanbr += pktsize; if (is_ip) entry->un.figs.inippcount++; } else { entry->un.figs.outpcount++; entry->un.figs.outbcount += pktsize; entry->un.figs.outspanbr += pktsize; if (is_ip) entry->un.figs.outippcount++; } } void printethent(struct ethtab *table, struct ethtabent *entry, unsigned int idx) { unsigned int target_row; if ((entry->index < idx) || (entry->index > idx + LINES - 5)) return; target_row = entry->index - idx; if (entry->type == 0) { wmove(table->tabwin, target_row, 1); wattrset(table->tabwin, STDATTR); if (entry->un.desc.linktype == LINK_ETHERNET) wprintw(table->tabwin, "Ethernet"); else if (entry->un.desc.linktype == LINK_PLIP) wprintw(table->tabwin, "PLIP"); else if (entry->un.desc.linktype == LINK_FDDI) wprintw(table->tabwin, "FDDI"); wprintw(table->tabwin, " HW addr: %s", entry->un.desc.ascaddr); if (entry->un.desc.withdesc) wprintw(table->tabwin, " (%s)", entry->un.desc.desc); wprintw(table->tabwin, " on %s ", entry->un.desc.ifname); entry->un.desc.printed = 1; } else { wattrset(table->tabwin, PTRATTR); wmove(table->tabwin, target_row, 1); waddch(table->tabwin, ACS_LLCORNER); wattrset(table->tabwin, HIGHATTR); /* Inbound traffic counts */ wmove(table->tabwin, target_row, 2 * COLS / 80); printlargenum(entry->un.figs.inpcount, table->tabwin); wmove(table->tabwin, target_row, 12 * COLS / 80); printlargenum(entry->un.figs.inippcount, table->tabwin); wmove(table->tabwin, target_row, 22 * COLS / 80); printlargenum(entry->un.figs.inbcount, table->tabwin); /* Outbound traffic counts */ wmove(table->tabwin, target_row, 40 * COLS / 80); printlargenum(entry->un.figs.outpcount, table->tabwin); wmove(table->tabwin, target_row, 50 * COLS / 80); printlargenum(entry->un.figs.outippcount, table->tabwin); wmove(table->tabwin, target_row, 60 * COLS / 80); printlargenum(entry->un.figs.outbcount, table->tabwin); } } void destroyethtab(struct ethtab *table) { struct ethtabent *ptemp = table->head; struct ethtabent *cnext = NULL; if (table->head != NULL) cnext = table->head->next_entry; while (ptemp != NULL) { free(ptemp); ptemp = cnext; if (cnext != NULL) cnext = cnext->next_entry; } } void hostmonhelp() { move(LINES - 1, 1); scrollkeyhelp(); sortkeyhelp(); stdexitkeyhelp(); } void printrates(struct ethtab *table, unsigned int target_row, struct ethtabent *ptmp) { if (ptmp->un.figs.past5) { wmove(table->tabwin, target_row, 32 * COLS / 80); wprintw(table->tabwin, "%8.1f", ptmp->un.figs.inrate); wmove(table->tabwin, target_row, 69 * COLS / 80); wprintw(table->tabwin, "%8.1f", ptmp->un.figs.outrate); } } void updateethrates(struct ethtab *table, int unit, time_t starttime, time_t now, unsigned int idx) { struct ethtabent *ptmp = table->head; unsigned int target_row = 0; if (table->lastvisible == NULL) return; while (ptmp != NULL) { if (ptmp->type == 1) { ptmp->un.figs.past5 = 1; if (unit == KBITS) { ptmp->un.figs.inrate = ((float) (ptmp->un.figs.inspanbr * 8 / 1000)) / ((float) (now - starttime)); ptmp->un.figs.outrate = ((float) (ptmp->un.figs.outspanbr * 8 / 1000)) / ((float) (now - starttime)); } else { ptmp->un.figs.inrate = ((float) (ptmp->un.figs.inspanbr / 1024)) / ((float) (now - starttime)); ptmp->un.figs.outrate = ((float) (ptmp->un.figs.outspanbr / 1024)) / ((float) (now - starttime)); } if ((ptmp->index >= idx) && (ptmp->index <= idx + LINES - 5)) { wattrset(table->tabwin, HIGHATTR); target_row = ptmp->index - idx; printrates(table, target_row, ptmp); } ptmp->un.figs.inspanbr = ptmp->un.figs.outspanbr = 0; } ptmp = ptmp->next_entry; } } void refresh_hostmon_screen(struct ethtab *table, int idx) { struct ethtabent *ptmp = table->firstvisible; wattrset(table->tabwin, STDATTR); tx_colorwin(table->tabwin); while ((ptmp != NULL) && (ptmp->prev_entry != table->lastvisible)) { printethent(table, ptmp, idx); ptmp = ptmp->next_entry; } update_panels(); doupdate(); } void scrollethwin(struct ethtab *table, int direction, int *idx) { char sp_buf[10]; sprintf(sp_buf, "%%%dc", COLS - 2); wattrset(table->tabwin, STDATTR); if (direction == SCROLLUP) { if (table->lastvisible != table->tail) { wscrl(table->tabwin, 1); table->lastvisible = table->lastvisible->next_entry; table->firstvisible = table->firstvisible->next_entry; (*idx)++; wmove(table->tabwin, LINES - 5, 0); scrollok(table->tabwin, 0); wprintw(table->tabwin, sp_buf, ' '); scrollok(table->tabwin, 1); printethent(table, table->lastvisible, *idx); if (table->lastvisible->type == 1) printrates(table, LINES - 5, table->lastvisible); } } else { if (table->firstvisible != table->head) { wscrl(table->tabwin, -1); table->lastvisible = table->lastvisible->prev_entry; table->firstvisible = table->firstvisible->prev_entry; (*idx)--; wmove(table->tabwin, 0, 0); wprintw(table->tabwin, sp_buf, ' '); printethent(table, table->firstvisible, *idx); if (table->firstvisible->type == 1) printrates(table, 0, table->firstvisible); } } } void pageethwin(struct ethtab *table, int direction, int *idx) { int i = 1; if (direction == SCROLLUP) { while ((i <= LINES - 7) && (table->lastvisible != table->tail)) { i++; table->firstvisible = table->firstvisible->next_entry; table->lastvisible = table->lastvisible->next_entry; (*idx)++; } } else { while ((i <= LINES - 7) && (table->firstvisible != table->head)) { i++; table->firstvisible = table->firstvisible->prev_entry; table->lastvisible = table->lastvisible->prev_entry; (*idx)--; } } refresh_hostmon_screen(table, *idx); } void show_hostsort_keywin(WINDOW ** win, PANEL ** panel) { *win = newwin(13, 35, (LINES - 10) / 2, COLS - 40); *panel = new_panel(*win); wattrset(*win, DLGBOXATTR); tx_colorwin(*win); tx_box(*win, ACS_VLINE, ACS_HLINE); wattrset(*win, DLGTEXTATTR); mvwprintw(*win, 2, 2, "Select sort criterion"); wmove(*win, 4, 2); tx_printkeyhelp("P", " - total packets in", *win, DLGHIGHATTR, DLGTEXTATTR); wmove(*win, 5, 2); tx_printkeyhelp("I", " - IP packets in", *win, DLGHIGHATTR, DLGTEXTATTR); wmove(*win, 6, 2); tx_printkeyhelp("B", " - total bytes in", *win, DLGHIGHATTR, DLGTEXTATTR); wmove(*win, 7, 2); tx_printkeyhelp("K", " - total packets out", *win, DLGHIGHATTR, DLGTEXTATTR); wmove(*win, 8, 2); tx_printkeyhelp("O", " - IP packets out", *win, DLGHIGHATTR, DLGTEXTATTR); wmove(*win, 9, 2); tx_printkeyhelp("Y", " - total bytes out", *win, DLGHIGHATTR, DLGTEXTATTR); wmove(*win, 10, 2); tx_printkeyhelp("Any other key", " - cancel sort", *win, DLGHIGHATTR, DLGTEXTATTR); update_panels(); doupdate(); } /* * Swap two host table entries. */ void swaphostents(struct ethtab *list, struct ethtabent *p1, struct ethtabent *p2) { register unsigned int tmp; struct ethtabent *p1prevsaved; struct ethtabent *p2nextsaved; if (p1 == p2) return; tmp = p1->index; p1->index = p2->index; p2->index = tmp; p1->next_entry->index = p1->index + 1; p2->next_entry->index = p2->index + 1; if (p1->prev_entry != NULL) p1->prev_entry->next_entry = p2; else list->head = p2; if (p2->next_entry->next_entry != NULL) p2->next_entry->next_entry->prev_entry = p1->next_entry; else list->tail = p1->next_entry; p2nextsaved = p2->next_entry->next_entry; p1prevsaved = p1->prev_entry; if (p1->next_entry->next_entry == p2) { p2->next_entry->next_entry = p1; p1->prev_entry = p2->next_entry; } else { p2->next_entry->next_entry = p1->next_entry->next_entry; p1->prev_entry = p2->prev_entry; p2->prev_entry->next_entry = p1; p1->next_entry->next_entry->prev_entry = p2->next_entry; } p2->prev_entry = p1prevsaved; p1->next_entry->next_entry = p2nextsaved; } unsigned long long ql_getkey(struct ethtabent *entry, int ch) { unsigned long long result = 0; switch (ch) { case 'P': result = entry->next_entry->un.figs.inpcount; break; case 'I': result = entry->next_entry->un.figs.inippcount; break; case 'B': result = entry->next_entry->un.figs.inbcount; break; case 'K': result = entry->next_entry->un.figs.outpcount; break; case 'O': result = entry->next_entry->un.figs.outippcount; break; case 'Y': result = entry->next_entry->un.figs.outbcount; break; } return result; } struct ethtabent *ql_partition(struct ethtab *table, struct ethtabent **low, struct ethtabent **high, int ch) { struct ethtabent *pivot = *low; struct ethtabent *left = *low; struct ethtabent *right = *high; struct ethtabent *ptmp; unsigned long long pivot_value; pivot_value = ql_getkey(pivot, ch); while (left->index < right->index) { while ((ql_getkey(left, ch) >= pivot_value) && (left->next_entry->next_entry != NULL)) left = left->next_entry->next_entry; while (ql_getkey(right, ch) < pivot_value) right = right->prev_entry->prev_entry; if (left->index < right->index) { swaphostents(table, left, right); if (*low == left) *low = right; if (*high == right) *high = left; ptmp = left; left = right; right = ptmp; } } swaphostents(table, pivot, right); if (*low == pivot) *low = right; if (*high == right) *high = pivot; return pivot; } /* * Quicksort routine for the LAN station monitor */ void quicksort_lan_entries(struct ethtab *table, struct ethtabent *low, struct ethtabent *high, int ch) { struct ethtabent *pivot; if ((high == NULL) || (low == NULL)) return; if (high->index > low->index) { pivot = ql_partition(table, &low, &high, ch); if (pivot->prev_entry != NULL) quicksort_lan_entries(table, low, pivot->prev_entry->prev_entry, ch); quicksort_lan_entries(table, pivot->next_entry->next_entry, high, ch); } } void sort_hosttab(struct ethtab *list, int *idx, int command) { struct ethtabent *ptemp1; unsigned int idxtmp; if (!list->head) return; command = toupper(command); if ((command != 'P') && (command != 'I') && (command != 'B') && (command != 'K') && (command != 'O') && (command != 'Y')) return; quicksort_lan_entries(list, list->head, list->tail->prev_entry, command); ptemp1 = list->firstvisible = list->head; *idx = 1; idxtmp = 0; tx_colorwin(list->tabwin); while ((ptemp1) && (idxtmp <= LINES - 4)) { printethent(list, ptemp1, *idx); idxtmp++; if (idxtmp <= LINES - 4) list->lastvisible = ptemp1; ptemp1 = ptemp1->next_entry; } } /* * The LAN station monitor */ void hostmon(const struct OPTIONS *options, int facilitytime, char *ifptr, struct filterstate *ofilter) { int logging = options->logging; int fd; struct ethtab table; struct ethtabent *entry; struct sockaddr_ll fromaddr; unsigned short linktype; int br; char buf[MAX_PACKET_SIZE]; char scratch_saddr[6]; char scratch_daddr[6]; unsigned int idx = 1; int is_ip; int ch; char ifname[10]; struct timeval tv; unsigned long starttime; unsigned long now = 0; unsigned long long unow = 0; unsigned long statbegin = 0, startlog = 0; unsigned long updtime = 0; unsigned long long updtime_usec = 0; struct desclist elist; /* Ethernet description list */ struct desclist flist; /* FDDI description list */ struct desclist *list = NULL; FILE *logfile = NULL; int pkt_result; char *ipacket; int nomem = 0; WINDOW *sortwin; PANEL *sortpanel; int keymode = 0; int instance_id; char msgstring[80]; struct promisc_states *promisc_list; if (!facility_active(LANMONIDFILE, ifptr)) mark_facility(LANMONIDFILE, "LAN monitor", ifptr); else { snprintf(msgstring, 80, "LAN station monitor already running on %s", gen_iface_msg(ifptr)); write_error(msgstring, daemonized); return; } if (ifptr != NULL) { if (!iface_supported(ifptr)) { err_iface_unsupported(); unmark_facility(LANMONIDFILE, ifptr); return; } if (!iface_up(ifptr)) { err_iface_down(); unmark_facility(LANMONIDFILE, ifptr); return; } } open_socket(&fd); if (fd < 0) { unmark_facility(LANMONIDFILE, ifptr); return; } if ((first_active_facility()) && (options->promisc)) { init_promisc_list(&promisc_list); save_promisc_list(promisc_list); srpromisc(1, promisc_list); destroy_promisc_list(&promisc_list); } adjust_instance_count(PROCCOUNTFILE, 1); instance_id = adjust_instance_count(LANMONCOUNTFILE, 1); strncpy(active_facility_countfile, LANMONCOUNTFILE, 64); hostmonhelp(); initethtab(&table, options->actmode); loaddesclist(&elist, LINK_ETHERNET, WITHETCETHERS); loaddesclist(&flist, LINK_FDDI, WITHETCETHERS); if (logging) { if (strcmp(current_logfile, "") == 0) { strncpy(current_logfile, gen_instance_logname(LANLOG, instance_id), 80); if (!daemonized) input_logfile(current_logfile, &logging); } } if (logging) { opentlog(&logfile, current_logfile); if (logfile == NULL) logging = 0; } if (logging) signal(SIGUSR1, rotate_lanlog); rotate_flag = 0; writelog(logging, logfile, "******** LAN traffic monitor started ********"); leaveok(table.tabwin, TRUE); exitloop = 0; gettimeofday(&tv, NULL); starttime = statbegin = startlog = tv.tv_sec; do { gettimeofday(&tv, NULL); now = tv.tv_sec; unow = tv.tv_sec * 1e+6 + tv.tv_usec; if ((now - starttime) >= 5) { printelapsedtime(statbegin, now, LINES - 3, 15, table.borderwin); updateethrates(&table, options->actmode, starttime, now, idx); starttime = now; } if (((now - startlog) >= options->logspan) && (logging)) { writeethlog(table.head, options->actmode, now - statbegin, logfile); startlog = now; } if (((options->updrate != 0) && (now - updtime >= options->updrate)) || ((options->updrate == 0) && (unow - updtime_usec >= HOSTMON_UPDATE_DELAY))) { update_panels(); doupdate(); updtime = now; updtime_usec = unow; } check_rotate_flag(&logfile, logging); if ((facilitytime != 0) && (((now - statbegin) / 60) >= facilitytime)) exitloop = 1; getpacket(fd, buf, &fromaddr, &ch, &br, ifname, table.tabwin); if (ch != ERR) { if (keymode == 0) { switch (ch) { case KEY_UP: scrollethwin(&table, SCROLLDOWN, &idx); break; case KEY_DOWN: scrollethwin(&table, SCROLLUP, &idx); break; case KEY_PPAGE: case '-': pageethwin(&table, SCROLLDOWN, &idx); break; case KEY_NPAGE: case ' ': pageethwin(&table, SCROLLUP, &idx); break; case 12: case 'l': case 'L': tx_refresh_screen(); break; case 's': case 'S': show_hostsort_keywin(&sortwin, &sortpanel); keymode = 1; break; case 'q': case 'Q': case 'x': case 'X': case 27: case 24: exitloop = 1; } } else if (keymode == 1) { del_panel(sortpanel); delwin(sortwin); sort_hosttab(&table, &idx, ch); keymode = 0; } } if (br > 0) { pkt_result = processpacket(buf, &ipacket, &br, NULL, NULL, NULL, &fromaddr, &linktype, ofilter, MATCH_OPPOSITE_USECONFIG, ifname, ifptr); if (pkt_result != PACKET_OK) continue; if ((linktype == LINK_ETHERNET) || (linktype == LINK_FDDI) || (linktype == LINK_PLIP) || (linktype == LINK_TR) || (linktype == LINK_VLAN)) { if (fromaddr.sll_protocol == htons(ETH_P_IP)) is_ip = 1; else is_ip = 0; /* * Check source address entry */ if ((linktype == LINK_ETHERNET) || (linktype == LINK_PLIP) || (linktype == LINK_VLAN)) { memcpy(scratch_saddr, ((struct ethhdr *) buf)->h_source, ETH_ALEN); memcpy(scratch_daddr, ((struct ethhdr *) buf)->h_dest, ETH_ALEN); list = &elist; } else if (linktype == LINK_FDDI) { memcpy(scratch_saddr, ((struct fddihdr *) buf)->saddr, FDDI_K_ALEN); memcpy(scratch_daddr, ((struct fddihdr *) buf)->daddr, FDDI_K_ALEN); list = &flist; } else if (linktype == LINK_TR) { memcpy(scratch_saddr, ((struct trh_hdr *) buf)->saddr, TR_ALEN); memcpy(scratch_daddr, ((struct trh_hdr *) buf)->daddr, TR_ALEN); list = &flist; } entry = in_ethtable(&table, linktype, scratch_saddr); if ((entry == NULL) && (!nomem)) entry = addethentry(&table, linktype, ifname, scratch_saddr, &nomem, list); if (entry != NULL) { updateethent(entry, br, is_ip, 1); if (!entry->prev_entry->un.desc.printed) printethent(&table, entry->prev_entry, idx); printethent(&table, entry, idx); } /* * Check destination address entry */ entry = in_ethtable(&table, linktype, scratch_daddr); if ((entry == NULL) && (!nomem)) entry = addethentry(&table, linktype, ifname, scratch_daddr, &nomem, list); if (entry != NULL) { updateethent(entry, br, is_ip, 0); if (!entry->prev_entry->un.desc.printed) printethent(&table, entry->prev_entry, idx); printethent(&table, entry, idx); } } } } while (!exitloop); close(fd); if ((options->promisc) && (is_last_instance())) { load_promisc_list(&promisc_list); srpromisc(0, promisc_list); destroy_promisc_list(&promisc_list); } adjust_instance_count(PROCCOUNTFILE, -1); adjust_instance_count(LANMONCOUNTFILE, -1); if (logging) { signal(SIGUSR1, SIG_DFL); writeethlog(table.head, options->actmode, time((time_t *) NULL) - statbegin, logfile); writelog(logging, logfile, "******** LAN traffic monitor stopped ********"); fclose(logfile); } del_panel(table.tabpanel); delwin(table.tabwin); del_panel(table.borderpanel); delwin(table.borderwin); update_panels(); doupdate(); destroyethtab(&table); destroydesclist(&elist); destroydesclist(&flist); unmark_facility(LANMONIDFILE, ifptr); strcpy(current_logfile, ""); } iptraf-3.0.0/src/ospf.h0100644000076400000000000000045110311472356013561 0ustar rikerroot /*** ospf.h - a small header declaration for OSPF packets Extracted from tcpdump ***/ struct ospfhdr { u_char ospf_version; u_char ospf_type; u_short ospf_len; struct in_addr ospf_routerid; struct in_addr ospf_areaid; u_short ospf_chksum; u_short ospf_authtype; } iptraf-3.0.0/src/serv.c0100644000076400000000000011424210311472356013570 0ustar rikerroot/*** serv.c - TCP/UDP port statistics module Written by Gerard Paul Java Copyright (c) Gerard Paul Java 1997, 1998 This software is open source; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 2 of the License, or (at your option) any later version. This program is distributed WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License in the included COPYING file for details. ***/ #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include "tcphdr.h" #include "dirs.h" #include "ipcsum.h" #include "deskman.h" #include "isdntab.h" #include "fltdefs.h" #include "fltselect.h" #include "packet.h" #include "ipfrag.h" #include "ifaces.h" #include "attrs.h" #include "serv.h" #include "servname.h" #include "log.h" #include "timer.h" #include "promisc.h" #include "options.h" #include "instances.h" #include "packet.h" #include "logvars.h" #include "error.h" #include "bar.h" #include "mode.h" #define SCROLLUP 0 #define SCROLLDOWN 1 #define LEFT 0 #define RIGHT 1 extern int exitloop; extern int daemonized; extern void writeutslog(struct portlistent *list, unsigned long nsecs, int unit, FILE * logfile); /* * SIGUSR1 logfile rotation signal handler */ void rotate_serv_log() { rotate_flag = 1; strcpy(target_logname, current_logfile); signal(SIGUSR1, rotate_serv_log); } void initportlist(struct portlist *list) { float screen_scale = ((float) COLS / 80 + 1) / 2; int scratchx; list->head = list->tail = list->barptr = NULL; list->firstvisible = list->lastvisible = NULL; list->count = 0; list->baridx = 0; list->borderwin = newwin(LINES - 3, COLS, 1, 0); list->borderpanel = new_panel(list->borderwin); wattrset(list->borderwin, BOXATTR); tx_box(list->borderwin, ACS_VLINE, ACS_HLINE); wmove(list->borderwin, 0, 1 * screen_scale); wprintw(list->borderwin, " Proto/Port "); wmove(list->borderwin, 0, 22 * screen_scale); wprintw(list->borderwin, " Pkts "); wmove(list->borderwin, 0, 31 * screen_scale); wprintw(list->borderwin, " Bytes "); wmove(list->borderwin, 0, 40 * screen_scale); wprintw(list->borderwin, " PktsTo "); wmove(list->borderwin, 0, 49 * screen_scale); wprintw(list->borderwin, " BytesTo "); wmove(list->borderwin, 0, 58 * screen_scale); wprintw(list->borderwin, " PktsFrom "); wmove(list->borderwin, 0, 67 * screen_scale); wprintw(list->borderwin, " BytesFrom "); list->win = newwin(LINES - 5, COLS - 2, 2, 1); list->panel = new_panel(list->win); getmaxyx(list->win, list->imaxy, scratchx); tx_stdwinset(list->win); wtimeout(list->win, -1); wattrset(list->win, STDATTR); tx_colorwin(list->win); update_panels(); doupdate(); } struct portlistent *addtoportlist(struct portlist *list, unsigned int protocol, unsigned int port, int *nomem, int servnames) { struct portlistent *ptemp; ptemp = malloc(sizeof(struct portlistent)); if (ptemp == NULL) { printnomem(); *nomem = 1; return NULL; } if (list->head == NULL) { ptemp->prev_entry = NULL; list->head = ptemp; list->firstvisible = ptemp; } if (list->tail != NULL) { list->tail->next_entry = ptemp; ptemp->prev_entry = list->tail; } list->tail = ptemp; ptemp->next_entry = NULL; ptemp->protocol = protocol; ptemp->port = port; /* This is used in checks later. */ /* * Obtain appropriate service name */ servlook(servnames, htons(port), protocol, ptemp->servname, 10); ptemp->count = ptemp->bcount = 0; ptemp->icount = ptemp->ibcount = 0; ptemp->ocount = ptemp->obcount = 0; list->count++; ptemp->idx = list->count; ptemp->proto_starttime = time(NULL); if (list->count <= LINES - 5) list->lastvisible = ptemp; wmove(list->borderwin, LINES - 4, 1); wprintw(list->borderwin, " %u entries ", list->count); return ptemp; } int portinlist(struct porttab *table, unsigned int port) { struct porttab *ptmp = table; while (ptmp != NULL) { if (((ptmp->port_max == 0) && (ptmp->port_min == port)) || ((port >= ptmp->port_min) && (port <= ptmp->port_max))) return 1; ptmp = ptmp->next_entry; } return 0; } int goodport(unsigned int port, struct porttab *table) { return ((port < 1024) || (portinlist(table, port))); } struct portlistent *inportlist(struct portlist *list, unsigned int protocol, unsigned int port) { struct portlistent *ptmp = list->head; while (ptmp != NULL) { if ((ptmp->port == port) && (ptmp->protocol == protocol)) return ptmp; ptmp = ptmp->next_entry; } return NULL; } void printportent(struct portlist *list, struct portlistent *entry, unsigned int idx) { unsigned int target_row; float screen_scale = ((float) COLS / 80 + 1) / 2; int tcplabelattr; int udplabelattr; int highattr; char sp_buf[10]; if ((entry->idx < idx) || (entry->idx > idx + (LINES - 6))) return; target_row = entry->idx - idx; if (entry == list->barptr) { tcplabelattr = BARSTDATTR; udplabelattr = BARPTRATTR; highattr = BARHIGHATTR; } else { tcplabelattr = STDATTR; udplabelattr = PTRATTR; highattr = HIGHATTR; } wattrset(list->win, tcplabelattr); sprintf(sp_buf, "%%%dc", COLS - 2); scrollok(list->win, 0); mvwprintw(list->win, target_row, 0, sp_buf, ' '); scrollok(list->win, 1); wmove(list->win, target_row, 1); if (entry->protocol == IPPROTO_TCP) { wattrset(list->win, tcplabelattr); wprintw(list->win, "TCP"); } else if (entry->protocol == IPPROTO_UDP) { wattrset(list->win, udplabelattr); wprintw(list->win, "UDP"); } wprintw(list->win, "/%s ", entry->servname); wattrset(list->win, highattr); wmove(list->win, target_row, 17 * screen_scale); printlargenum(entry->count, list->win); wmove(list->win, target_row, 27 * screen_scale); printlargenum(entry->bcount, list->win); wmove(list->win, target_row, 37 * screen_scale); printlargenum(entry->icount, list->win); wmove(list->win, target_row, 47 * screen_scale); printlargenum(entry->ibcount, list->win); wmove(list->win, target_row, 57 * screen_scale); printlargenum(entry->ocount, list->win); wmove(list->win, target_row, 67 * screen_scale); printlargenum(entry->obcount, list->win); } void destroyportlist(struct portlist *list) { struct portlistent *ptmp = list->head; struct portlistent *ctmp = NULL; if (list->head != NULL) ctmp = list->head->next_entry; while (ptmp != NULL) { free(ptmp); ptmp = ctmp; if (ctmp != NULL) ctmp = ctmp->next_entry; } } void updateportent(struct portlist *list, unsigned int protocol, unsigned int sport, unsigned int dport, int br, unsigned int idx, struct porttab *ports, int servnames) { struct portlistent *sport_listent = NULL; struct portlistent *dport_listent = NULL; int nomem = 0; if (goodport(sport, ports)) { sport_listent = inportlist(list, protocol, sport); if ((sport_listent == NULL) && (!nomem)) sport_listent = addtoportlist(list, protocol, sport, &nomem, servnames); if (sport_listent == NULL) return; sport_listent->count++; sport_listent->bcount += br; sport_listent->spans.spanbr += br; sport_listent->obcount += br; sport_listent->spans.spanbr_out += br; sport_listent->ocount++; } if (goodport(dport, ports)) { dport_listent = inportlist(list, protocol, dport); if ((dport_listent == NULL) && (!nomem)) dport_listent = addtoportlist(list, protocol, dport, &nomem, servnames); if (dport_listent == NULL) return; if (dport_listent != sport_listent) { dport_listent->count++; dport_listent->bcount += br; dport_listent->spans.spanbr += br; } dport_listent->ibcount += br; dport_listent->spans.spanbr_out += br; dport_listent->icount++; } if (sport_listent != NULL || dport_listent != NULL) { if (sport_listent != NULL) printportent(list, sport_listent, idx); if (dport_listent != NULL && dport_listent != sport_listent) printportent(list, dport_listent, idx); } } /* * Swap two port list entries. p1 must be previous to p2. */ void swapportents(struct portlist *list, struct portlistent *p1, struct portlistent *p2) { register unsigned int tmp; struct portlistent *p1prevsaved; struct portlistent *p2nextsaved; if (p1 == p2) return; tmp = p1->idx; p1->idx = p2->idx; p2->idx = tmp; if (p1->prev_entry != NULL) p1->prev_entry->next_entry = p2; else list->head = p2; if (p2->next_entry != NULL) p2->next_entry->prev_entry = p1; else list->tail = p1; p2nextsaved = p2->next_entry; p1prevsaved = p1->prev_entry; if (p1->next_entry == p2) { p2->next_entry = p1; p1->prev_entry = p2; } else { p2->next_entry = p1->next_entry; p1->prev_entry = p2->prev_entry; p2->prev_entry->next_entry = p1; p1->next_entry->prev_entry = p2; } p2->prev_entry = p1prevsaved; p1->next_entry = p2nextsaved; } /* * Retrieve the appropriate sort criterion based on keystroke. */ unsigned long long qp_getkey(struct portlistent *entry, int ch) { unsigned long long result = 0; switch (ch) { case 'R': result = entry->port; break; case 'B': result = entry->bcount; break; case 'O': result = entry->ibcount; break; case 'M': result = entry->obcount; break; case 'P': result = entry->count; break; case 'T': result = entry->icount; break; case 'F': result = entry->ocount; break; } return result; } /* * Refresh TCP/UDP service screen. */ void refresh_serv_screen(struct portlist *table, int idx) { struct portlistent *ptmp = table->firstvisible; wattrset(table->win, STDATTR); tx_colorwin(table->win); while ((ptmp != NULL) && (ptmp->prev_entry != table->lastvisible)) { printportent(table, ptmp, idx); ptmp = ptmp->next_entry; } update_panels(); doupdate(); } /* * Compare the sort criterion with the pivot value. Receives a parameter * specifying whether the criterion is left or right of the pivot value. * * If criterion is the port number: return true if criterion is less than or * equal to the pivot when the SIDE is left. If SIDE is right, return * true if the value is greater than the pivot. This results in an * ascending sort. * * If the criterion is a count: return true when the criterion is greater than * or equal to the pivot when the SIDE is left, otherwise, when SIDE is * right, return true if the value is less than the pivot. This results * in a descending sort. */ int qp_compare(struct portlistent *entry, unsigned long long pv, int ch, int side) { int result = 0; unsigned long long value; value = qp_getkey(entry, ch); if (ch == 'R') { if (side == LEFT) result = (value <= pv); else result = (value > pv); } else { if (side == LEFT) result = (value >= pv); else result = (value < pv); } return result; } /* * Partition port list such that a pivot is selected, and that all values * left of the pivot are less (or greater) than or equal to the pivot, * and that all values right of the pivot are greater (or less) than * the pivot. */ struct portlistent *qp_partition(struct portlist *table, struct portlistent **low, struct portlistent **high, int ch) { struct portlistent *pivot = *low; struct portlistent *left = *low; struct portlistent *right = *high; struct portlistent *ptmp; unsigned long long pivot_value; pivot_value = qp_getkey(pivot, ch); while (left->idx < right->idx) { while ((qp_compare(left, pivot_value, ch, LEFT)) && (left->next_entry != NULL)) left = left->next_entry; while (qp_compare(right, pivot_value, ch, RIGHT)) right = right->prev_entry; if (left->idx < right->idx) { swapportents(table, left, right); if (*low == left) *low = right; if (*high == right) *high = left; ptmp = left; left = right; right = ptmp; } } swapportents(table, pivot, right); if (*low == pivot) *low = right; if (*high == right) *high = pivot; return pivot; } /* * Quicksort for the port list. */ void quicksort_port_entries(struct portlist *table, struct portlistent *low, struct portlistent *high, int ch) { struct portlistent *pivot; if ((high == NULL) || (low == NULL)) return; if (high->idx > low->idx) { pivot = qp_partition(table, &low, &high, ch); quicksort_port_entries(table, low, pivot->prev_entry, ch); quicksort_port_entries(table, pivot->next_entry, high, ch); } } void sortportents(struct portlist *list, int *idx, int command) { struct portlistent *ptemp1; unsigned int idxtmp; if (!(list->head)) return; command = toupper(command); if ((command != 'R') && (command != 'B') && (command != 'O') && (command != 'M') && (command != 'P') && (command != 'T') && (command != 'F')) return; quicksort_port_entries(list, list->head, list->tail, command); ptemp1 = list->firstvisible = list->head; *idx = 1; idxtmp = 1; while ((ptemp1) && (idxtmp <= LINES - 5)) { /* printout */ printportent(list, ptemp1, *idx); if (idxtmp <= LINES - 5) list->lastvisible = ptemp1; ptemp1 = ptemp1->next_entry; idxtmp++; } } void scrollservwin(struct portlist *table, int direction, int *idx) { char sp_buf[10]; sprintf(sp_buf, "%%%dc", COLS - 2); wattrset(table->win, STDATTR); if (direction == SCROLLUP) { if (table->lastvisible != table->tail) { wscrl(table->win, 1); table->lastvisible = table->lastvisible->next_entry; table->firstvisible = table->firstvisible->next_entry; (*idx)++; wmove(table->win, LINES - 6, 0); scrollok(table->win, 0); wprintw(table->win, sp_buf, ' '); scrollok(table->win, 1); printportent(table, table->lastvisible, *idx); } } else { if (table->firstvisible != table->head) { wscrl(table->win, -1); table->lastvisible = table->lastvisible->prev_entry; table->firstvisible = table->firstvisible->prev_entry; (*idx)--; wmove(table->win, 0, 0); wprintw(table->win, sp_buf, ' '); printportent(table, table->firstvisible, *idx); } } } void pageservwin(struct portlist *table, int direction, int *idx) { int i = 1; if (direction == SCROLLUP) { while ((i <= LINES - 9) && (table->lastvisible != table->tail)) { i++; table->firstvisible = table->firstvisible->next_entry; table->lastvisible = table->lastvisible->next_entry; (*idx)++; } } else { while ((i <= LINES - 9) && (table->firstvisible != table->head)) { i++; table->firstvisible = table->firstvisible->prev_entry; table->lastvisible = table->lastvisible->prev_entry; (*idx)--; } } refresh_serv_screen(table, *idx); } void show_portsort_keywin(WINDOW ** win, PANEL ** panel) { *win = newwin(14, 35, (LINES - 10) / 2, COLS - 40); *panel = new_panel(*win); wattrset(*win, DLGBOXATTR); tx_colorwin(*win); tx_box(*win, ACS_VLINE, ACS_HLINE); wattrset(*win, DLGTEXTATTR); mvwprintw(*win, 2, 2, "Select sort criterion"); wmove(*win, 4, 2); tx_printkeyhelp("R", " - port number", *win, DLGHIGHATTR, DLGTEXTATTR); wmove(*win, 5, 2); tx_printkeyhelp("P", " - total packets", *win, DLGHIGHATTR, DLGTEXTATTR); wmove(*win, 6, 2); tx_printkeyhelp("B", " - total bytes", *win, DLGHIGHATTR, DLGTEXTATTR); wmove(*win, 7, 2); tx_printkeyhelp("T", " - packets to", *win, DLGHIGHATTR, DLGTEXTATTR); wmove(*win, 8, 2); tx_printkeyhelp("O", " - bytes to", *win, DLGHIGHATTR, DLGTEXTATTR); wmove(*win, 9, 2); tx_printkeyhelp("F", " - packets from", *win, DLGHIGHATTR, DLGTEXTATTR); wmove(*win, 10, 2); tx_printkeyhelp("M", " - bytes from", *win, DLGHIGHATTR, DLGTEXTATTR); wmove(*win, 11, 2); tx_printkeyhelp("Any other key", " - cancel sort", *win, DLGHIGHATTR, DLGTEXTATTR); update_panels(); doupdate(); } void update_serv_rates(struct portlist *list, WINDOW * win, int actmode, int *cleared) { char act_unit[10]; float inrate, outrate, totalrate; time_t now = time(NULL); dispmode(actmode, act_unit); if (actmode == KBITS) { inrate = (float) (list->barptr->spans.spanbr_in * 8 / 1000) / (float) (now - list->barptr->starttime); outrate = (float) (list->barptr->spans.spanbr_out * 8 / 1000) / (float) (now - list->barptr->starttime); totalrate = (float) (list->barptr->spans.spanbr * 8 / 1000) / (float) (now - list->barptr->starttime); } else { inrate = (float) (list->barptr->spans.spanbr_in / 1024) / (float) (now - list-> barptr-> starttime); outrate = (float) (list->barptr->spans.spanbr_out / 1024) / (float) (now - list->barptr->starttime); totalrate = (float) (list->barptr->spans.spanbr / 1024) / (float) (now - list-> barptr-> starttime); } wattrset(win, IPSTATLABELATTR); mvwprintw(win, 0, 1, "Protocol data rates (%s/s): in out total", act_unit); wattrset(win, IPSTATATTR); mvwprintw(win, 0, 31, "%10.2f", inrate); mvwprintw(win, 0, 46, "%10.2f", outrate); mvwprintw(win, 0, 61, "%10.2f", totalrate); bzero(&(list->barptr->spans), sizeof(struct serv_spans)); list->barptr->starttime = time(NULL); *cleared = 0; } /* * The TCP/UDP service monitor */ void servmon(char *ifname, struct porttab *ports, const struct OPTIONS *options, int facilitytime, struct filterstate *ofilter) { int logging = options->logging; int fd; int pkt_result; char buf[MAX_PACKET_SIZE]; char *ipacket; int keymode = 0; struct sockaddr_ll fromaddr; unsigned short linktype; int br; char iface[8]; unsigned int idx = 1; unsigned int sport = 0; unsigned int dport = 0; struct timeval tv; unsigned long starttime, startlog, timeint; unsigned long now; unsigned long long unow; unsigned long updtime = 0; unsigned long long updtime_usec = 0; unsigned int tot_br; int ch; struct portlist list; struct portlistent *serv_tmp; int statcleared = 0; FILE *logfile = NULL; struct promisc_states *promisc_list; WINDOW *sortwin; PANEL *sortpanel; WINDOW *statwin; PANEL *statpanel; char msgstring[80]; char sp_buf[10]; const int statx = 1; /* * Mark this facility */ if (!facility_active(TCPUDPIDFILE, ifname)) mark_facility(TCPUDPIDFILE, "TCP/UDP monitor", ifname); else { snprintf(msgstring, 80, "TCP/UDP monitor already running on %s", ifname); write_error(msgstring, daemonized); return; } open_socket(&fd); if (fd < 0) { unmark_facility(TCPUDPIDFILE, ifname); return; } if (!iface_supported(ifname)) { err_iface_unsupported(); unmark_facility(TCPUDPIDFILE, ifname); return; } if (!iface_up(ifname)) { err_iface_down(); unmark_facility(TCPUDPIDFILE, ifname); return; } if ((first_active_facility()) && (options->promisc)) { init_promisc_list(&promisc_list); save_promisc_list(promisc_list); srpromisc(1, promisc_list); destroy_promisc_list(&promisc_list); } adjust_instance_count(PROCCOUNTFILE, 1); active_facility_countfile[0] = '\0'; initportlist(&list); statwin = newwin(1, COLS, LINES - 2, 0); statpanel = new_panel(statwin); scrollok(statwin, 0); wattrset(statwin, IPSTATLABELATTR); sprintf(sp_buf, "%%%dc", COLS); mvwprintw(statwin, 0, 0, sp_buf, ' '); move(LINES - 1, 1); scrollkeyhelp(); sortkeyhelp(); stdexitkeyhelp(); if (options->servnames) setservent(1); if (logging) { if (strcmp(current_logfile, "") == 0) { snprintf(current_logfile, 80, "%s-%s.log", TCPUDPLOG, ifname); if (!daemonized) input_logfile(current_logfile, &logging); } } if (logging) { opentlog(&logfile, current_logfile); if (logfile == NULL) logging = 0; } if (logging) signal(SIGUSR1, rotate_serv_log); rotate_flag = 0; writelog(logging, logfile, "******** TCP/UDP service monitor started ********"); isdnfd = -1; exitloop = 0; gettimeofday(&tv, NULL); starttime = startlog = timeint = tv.tv_sec; wattrset(statwin, IPSTATATTR); mvwprintw(statwin, 0, 1, "No entries"); update_panels(); doupdate(); while (!exitloop) { gettimeofday(&tv, NULL); now = tv.tv_sec; unow = tv.tv_sec * 1e+6 + tv.tv_usec; if (now - timeint >= 5) { printelapsedtime(starttime, now, LINES - 4, 20, list.borderwin); timeint = now; } if (((now - startlog) >= options->logspan) && (logging)) { writeutslog(list.head, now - starttime, options->actmode, logfile); startlog = now; } if (list.barptr != NULL) { if ((now - list.barptr->starttime) >= 5) { update_serv_rates(&list, statwin, options->actmode, &statcleared); } } if (((options->updrate != 0) && (now - updtime >= options->updrate)) || ((options->updrate == 0) && (unow - updtime_usec >= DEFAULT_UPDATE_DELAY))) { update_panels(); doupdate(); updtime = now; updtime_usec = unow; } check_rotate_flag(&logfile, logging); if ((facilitytime != 0) && (((now - starttime) / 60) >= facilitytime)) exitloop = 1; getpacket(fd, buf, &fromaddr, &ch, &br, iface, list.win); if (ch != ERR) { if (keymode == 0) { switch (ch) { case KEY_UP: if (list.barptr != NULL) { if (list.barptr->prev_entry != NULL) { serv_tmp = list.barptr; set_barptr((char **) &(list.barptr), (char *) list.barptr->prev_entry, &(list.barptr->prev_entry-> starttime), (char *) &(list.barptr->prev_entry-> spans), sizeof(struct serv_spans), statwin, &statcleared, statx); printportent(&list, serv_tmp, idx); if (list.baridx == 1) { scrollservwin(&list, SCROLLDOWN, &idx); } else list.baridx--; printportent(&list, list.barptr, idx); } } break; case KEY_DOWN: if (list.barptr != NULL) { if (list.barptr->next_entry != NULL) { serv_tmp = list.barptr; set_barptr((char **) &(list.barptr), (char *) list.barptr->next_entry, &(list.barptr->next_entry-> starttime), (char *) &(list.barptr->next_entry-> spans), sizeof(struct serv_spans), statwin, &statcleared, statx); printportent(&list, serv_tmp, idx); if (list.baridx == list.imaxy) { scrollservwin(&list, SCROLLUP, &idx); } else list.baridx++; printportent(&list, list.barptr, idx); } } break; case KEY_PPAGE: case '-': if (list.barptr != NULL) { pageservwin(&list, SCROLLDOWN, &idx); set_barptr((char **) &(list.barptr), (char *) (list.lastvisible), &(list.lastvisible->starttime), (char *) &(list.lastvisible->spans), sizeof(struct serv_spans), statwin, &statcleared, statx); list.baridx = list.lastvisible->idx - idx + 1; refresh_serv_screen(&list, idx); } break; case KEY_NPAGE: case ' ': if (list.barptr != NULL) { pageservwin(&list, SCROLLUP, &idx); set_barptr((char **) &(list.barptr), (char *) (list.firstvisible), &(list.firstvisible->starttime), (char *) &(list.firstvisible->spans), sizeof(struct serv_spans), statwin, &statcleared, statx); list.baridx = 1; refresh_serv_screen(&list, idx); } break; case 12: case 'l': case 'L': tx_refresh_screen(); break; case 's': case 'S': show_portsort_keywin(&sortwin, &sortpanel); keymode = 1; break; case 'q': case 'Q': case 'x': case 'X': case 27: case 24: exitloop = 1; } } else if (keymode == 1) { del_panel(sortpanel); delwin(sortwin); sortportents(&list, &idx, ch); keymode = 0; if (list.barptr != NULL) { set_barptr((char **) &(list.barptr), (char *) list.firstvisible, &(list.firstvisible->starttime), (char *) &(list.firstvisible->spans), sizeof(struct serv_spans), statwin, &statcleared, statx); list.baridx = 1; } refresh_serv_screen(&list, idx); update_panels(); doupdate(); } } if (br > 0) { pkt_result = processpacket(buf, &ipacket, &br, &tot_br, &sport, &dport, &fromaddr, &linktype, ofilter, MATCH_OPPOSITE_USECONFIG, iface, ifname); if (pkt_result != PACKET_OK) continue; if ((((struct iphdr *) ipacket)->protocol == IPPROTO_TCP) || (((struct iphdr *) ipacket)->protocol == IPPROTO_UDP)) { updateportent(&list, ((struct iphdr *) ipacket)->protocol, ntohs(sport), ntohs(dport), ntohs(((struct iphdr *) ipacket)->tot_len), idx, ports, options->servnames); if ((list.barptr == NULL) && (list.head != NULL)) { set_barptr((char **) &(list.barptr), (char *) list.head, &(list.head->starttime), (char *) &(list.head->spans), sizeof(struct serv_spans), statwin, &statcleared, statx); list.baridx = 1; } } } } if (logging) { signal(SIGUSR1, SIG_DFL); writeutslog(list.head, time((time_t *) NULL) - starttime, options->actmode, logfile); writelog(logging, logfile, "******** TCP/UDP service monitor stopped ********"); fclose(logfile); } if (options->servnames) endservent(); if ((options->promisc) && (is_last_instance())) { load_promisc_list(&promisc_list); srpromisc(0, promisc_list); destroy_promisc_list(&promisc_list); } adjust_instance_count(PROCCOUNTFILE, -1); del_panel(list.panel); delwin(list.win); del_panel(list.borderpanel); delwin(list.borderwin); del_panel(statpanel); delwin(statwin); unmark_facility(TCPUDPIDFILE, ifname); update_panels(); doupdate(); destroyportlist(&list); pkt_cleanup(); strcpy(current_logfile, ""); } void portdlg(unsigned int *port_min, int *port_max, int *aborted, int mode) { WINDOW *bw; PANEL *bp; WINDOW *win; PANEL *panel; struct FIELDLIST list; bw = newwin(14, 50, (LINES - 14) / 2, (COLS - 50) / 2 - 10); bp = new_panel(bw); win = newwin(12, 48, (LINES - 14) / 2 + 1, (COLS - 50) / 2 - 9); panel = new_panel(win); wattrset(bw, DLGBOXATTR); tx_box(bw, ACS_VLINE, ACS_HLINE); wattrset(win, DLGTEXTATTR); tx_colorwin(win); tx_stdwinset(win); wtimeout(win, -1); mvwprintw(win, 1, 1, "Port numbers below 1024 are reserved for"); mvwprintw(win, 2, 1, "TCP/IP services, and are normally the only"); mvwprintw(win, 3, 1, "ones monitored by the TCP/UDP statistics"); mvwprintw(win, 4, 1, "module. If you wish to monitor a higher-"); mvwprintw(win, 5, 1, "numbered port or range of ports, enter it"); mvwprintw(win, 6, 1, "here. Fill just the first field for a"); mvwprintw(win, 7, 1, "single port, or both fields for a range."); wmove(win, 11, 1); tabkeyhelp(win); stdkeyhelp(win); tx_initfields(&list, 1, 20, (LINES - 14) / 2 + 10, (COLS - 50) / 2 - 8, DLGTEXTATTR, FIELDATTR); mvwprintw(list.fieldwin, 0, 6, "to"); tx_addfield(&list, 5, 0, 0, ""); tx_addfield(&list, 5, 0, 9, ""); tx_fillfields(&list, aborted); if (!(*aborted)) { *port_min = atoi(list.list->buf); *port_max = atoi(list.list->nextfield->buf); } del_panel(bp); delwin(bw); del_panel(panel); delwin(win); tx_destroyfields(&list); } void saveportlist(struct porttab *table) { struct porttab *ptmp = table; int fd; int bw; int resp; fd = open(PORTFILE, O_WRONLY | O_TRUNC | O_CREAT, S_IRUSR | S_IWUSR); if (fd < 0) { tx_errbox("Unable to open port list file", ANYKEY_MSG, &resp); return; } while (ptmp != NULL) { bw = write(fd, &(ptmp->port_min), sizeof(unsigned int)); bw = write(fd, &(ptmp->port_max), sizeof(unsigned int)); if (bw < 0) { tx_errbox("Unable to write port/range entry", ANYKEY_MSG, &resp); destroyporttab(table); close(fd); return; } ptmp = ptmp->next_entry; } close(fd); } int dup_portentry(struct porttab *table, unsigned int min, unsigned int max) { struct porttab *ptmp = table; while (ptmp != NULL) { if ((ptmp->port_min == min) && (ptmp->port_max == max)) return 1; ptmp = ptmp->next_entry; } return 0; } void addmoreports(struct porttab **table) { unsigned int port_min, port_max; int aborted; int resp; struct porttab *ptmp; portdlg(&port_min, &port_max, &aborted, 0); if (!aborted) { if (dup_portentry(*table, port_min, port_max)) tx_errbox("Duplicate port/range entry", ANYKEY_MSG, &resp); else { ptmp = malloc(sizeof(struct porttab)); ptmp->port_min = port_min; ptmp->port_max = port_max; ptmp->prev_entry = NULL; ptmp->next_entry = *table; if (*table != NULL) (*table)->prev_entry = ptmp; *table = ptmp; saveportlist(*table); } } update_panels(); doupdate(); } void loadaddports(struct porttab **table) { int fd; struct porttab *ptemp; struct porttab *tail = NULL; int br; int resp; *table = NULL; fd = open(PORTFILE, O_RDONLY); if (fd < 0) return; do { ptemp = malloc(sizeof(struct porttab)); br = read(fd, &(ptemp->port_min), sizeof(unsigned int)); br = read(fd, &(ptemp->port_max), sizeof(unsigned int)); if (br < 0) { tx_errbox("Error reading port list", ANYKEY_MSG, &resp); close(fd); destroyporttab(*table); return; } if (br > 0) { if (*table == NULL) { *table = ptemp; ptemp->prev_entry = NULL; } if (tail != NULL) { tail->next_entry = ptemp; ptemp->prev_entry = tail; } tail = ptemp; ptemp->next_entry = NULL; } else free(ptemp); } while (br > 0); close(fd); } void displayportentry(struct porttab *ptmp, WINDOW * win) { wprintw(win, "%u", ptmp->port_min); if (ptmp->port_max != 0) wprintw(win, " to %u", ptmp->port_max); } void displayports(struct porttab **table, WINDOW * win) { struct porttab *ptmp = *table; short i = 0; do { wmove(win, i, 2); displayportentry(ptmp, win); i++; ptmp = ptmp->next_entry; } while ((i < 18) && (ptmp != NULL)); update_panels(); doupdate(); } void operate_portselect(struct porttab **table, struct porttab **node, int *aborted) { int ch = 0; struct scroll_list list; char listtext[20]; tx_init_listbox(&list, 25, 22, (COLS - 25) / 2, (LINES - 22) / 2, STDATTR, BOXATTR, BARSTDATTR, HIGHATTR); tx_set_listbox_title(&list, "Select Port/Range", 1); *node = *table; while (*node != NULL) { snprintf(listtext, 20, "%d to %d", (*node)->port_min, (*node)->port_max); tx_add_list_entry(&list, (char *) *node, listtext); *node = (*node)->next_entry; } tx_show_listbox(&list); tx_operate_listbox(&list, &ch, aborted); if (!(*aborted)) *node = (struct porttab *) list.textptr->nodeptr; tx_close_listbox(&list); tx_destroy_list(&list); } void selectport(struct porttab **table, struct porttab **node, int *aborted) { int resp; if (*table == NULL) { tx_errbox("No custom ports", ANYKEY_MSG, &resp); return; } operate_portselect(table, node, aborted); } void delport(struct porttab **table, struct porttab *ptmp) { if (ptmp != NULL) { if (ptmp == *table) { *table = (*table)->next_entry; if (*table != NULL) (*table)->prev_entry = NULL; } else { ptmp->prev_entry->next_entry = ptmp->next_entry; if (ptmp->next_entry != NULL) ptmp->next_entry->prev_entry = ptmp->prev_entry; } free(ptmp); } } void removeaport(struct porttab **table) { unsigned int aborted; struct porttab *ptmp; selectport(table, &ptmp, &aborted); if (!aborted) { delport(table, ptmp); saveportlist(*table); } } void destroyporttab(struct porttab *table) { struct porttab *ptemp = table; struct porttab *ctemp = NULL; if (ptemp != NULL) ctemp = ptemp->next_entry; while (ptemp != NULL) { free(ptemp); ptemp = ctemp; if (ctemp != NULL) ctemp = ctemp->next_entry; } } iptraf-3.0.0/src/serv.h0100644000076400000000000000365110311472356013576 0ustar rikerroot/*** serv.h - TCP/UDP port statistics header file Written by Gerard Paul Java Copyright (c) Gerard Paul Java 1997 ***/ struct serv_spans { int spanbr_in; int spanbr_out; int spanbr; }; struct portlistent { unsigned int port; unsigned int protocol; char servname[11]; unsigned int idx; unsigned long long count; unsigned long long bcount; unsigned long long icount; unsigned long long ibcount; unsigned long long ocount; unsigned long long obcount; time_t starttime; time_t proto_starttime; struct serv_spans spans; struct portlistent *prev_entry; struct portlistent *next_entry; }; struct portlist { struct portlistent *head; struct portlistent *tail; struct portlistent *firstvisible; struct portlistent *lastvisible; struct portlistent *barptr; int imaxy; unsigned int baridx; unsigned int count; unsigned long bcount; WINDOW *win; PANEL *panel; WINDOW *borderwin; PANEL *borderpanel; }; struct porttab { unsigned int port_min; unsigned int port_max; struct porttab *prev_entry; struct porttab *next_entry; }; void initportlist(struct portlist *list); struct portlistent *addtoportlist(struct portlist *list, unsigned int protocol, unsigned int port, int *nomem, int servnames); struct portlistent *inportlist(struct portlist *list, unsigned int protocol, unsigned int port); int goodport(unsigned int port, struct porttab *table); int portinlist(struct porttab *table, unsigned int port); void printportent(struct portlist *list, struct portlistent *entry, unsigned int idx); void destroyportlist(struct portlist *list); void addmoreports(struct porttab **table); void loadaddports(struct porttab **table); void destroyporttab(struct porttab *table); void removeaport(struct porttab **table); iptraf-3.0.0/src/hostmon.h0100644000076400000000000000235610311472356014307 0ustar rikerroot/* * hostmon.h - definitions used by the Ethernet station monitor */ struct ethtabent { int type; union { struct { unsigned long long inpcount; unsigned long long inbcount; unsigned long long inippcount; unsigned long inspanbr; unsigned int inpktact; unsigned long long outpcount; unsigned long long outbcount; unsigned long long outippcount; unsigned long outspanbr; unsigned int outpktact; float inrate; float outrate; short past5; } figs; struct { char eth_addr[ETH_ALEN]; char ascaddr[15]; char desc[65]; char ifname[10]; int withdesc; int printed; unsigned int linktype; } desc; } un; unsigned int index; struct ethtabent *prev_entry; struct ethtabent *next_entry; }; struct ethtab { struct ethtabent *head; struct ethtabent *tail; struct ethtabent *firstvisible; struct ethtabent *lastvisible; unsigned long count; unsigned long entcount; WINDOW *borderwin; PANEL *borderpanel; WINDOW *tabwin; PANEL *tabpanel; }; iptraf-3.0.0/src/packet.c0100644000076400000000000003157210311472356014064 0ustar rikerroot/*** packet.c - routines to open the raw socket, read socket data and adjust the initial packet pointer Written by Gerard Paul Java Copyright (c) Gerard Paul Java 1997-2002 This software is open source; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 2 of the License, or (at your option) any later version. This program is distributed WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License in the included COPYING file for details. ***/ #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include "deskman.h" #include "error.h" #include "options.h" #include "links.h" #include "fltdefs.h" #include "fltselect.h" #include "isdntab.h" #include "ifaces.h" #include "packet.h" #include "ipcsum.h" #include "ipfrag.h" #include "tr.h" extern int daemonized; extern int accept_unsupported_interfaces; int isdnfd; struct isdntab isdntable; void open_socket(int *fd) { *fd = socket(PF_PACKET, SOCK_RAW, htons(ETH_P_ALL)); if (*fd < 0) { write_error("Unable to open raw socket", daemonized); return; } } unsigned short getlinktype(unsigned short family, char *ifname, int isdn_fd, struct isdntab *isdnlist) { unsigned short result = 0; struct isdntabent *isdnent; switch (family) { case ARPHRD_ETHER: if (strncmp(ifname, "eth", 3) == 0) result = LINK_ETHERNET; else if (strncmp(ifname, "plip", 4) == 0) result = LINK_PLIP; else if (strncmp(ifname, "fddi", 4) == 0) /* For some Ethernet- */ result = LINK_ETHERNET; /* emulated FDDI ifaces */ else if (strncmp(ifname, "dvb", 3) == 0) result = LINK_ETHERNET; else if (strncmp(ifname, "sbni", 4) == 0) result = LINK_ETHERNET; else if (strncmp(ifname, "ipsec", 5) == 0) result = LINK_ETHERNET; else if ((strncmp(ifname, "wvlan", 5) == 0) || (strncmp(ifname, "wlan", 4) == 0)) result = LINK_ETHERNET; else if ((strncmp(ifname, "sm2", 3) == 0) || (strncmp(ifname, "sm3", 3) == 0)) result = LINK_ETHERNET; else if (strncmp(ifname, "pent", 4) == 0) result = LINK_ETHERNET; else if (strncmp(ifname, "lec", 3) == 0) result = LINK_ETHERNET; else if (strncmp(ifname, "tun", 3) == 0) result = LINK_ETHERNET; else if (strncmp(ifname, "vlan", 3) == 0) result = LINK_VLAN; else if (strncmp(ifname, "brg", 3) == 0) result = LINK_ETHERNET; else if (strncmp(ifname, "tap", 3) == 0) result = LINK_ETHERNET; else if ((strncmp(ifname, "isdn", 4) == 0) && (isdn_fd != -1)) { isdnent = isdn_table_lookup(isdnlist, ifname, isdn_fd); switch (isdnent->encap) { case ISDN_NET_ENCAP_RAWIP: result = LINK_ISDN_RAWIP; break; case ISDN_NET_ENCAP_CISCOHDLC: result = LINK_ISDN_CISCOHDLC; break; default: result = LINK_INVALID; break; } } else if (accept_unsupported_interfaces) result = LINK_ETHERNET; break; case ARPHRD_LOOPBACK: result = LINK_LOOPBACK; break; case ARPHRD_SLIP: case ARPHRD_CSLIP: case ARPHRD_SLIP6: case ARPHRD_CSLIP6: result = LINK_SLIP; break; case ARPHRD_PPP: result = LINK_PPP; break; case ARPHRD_FDDI: result = LINK_FDDI; break; case ARPHRD_IEEE802: case ARPHRD_IEEE802_TR: result = LINK_TR; break; case ARPHRD_FRAD: result = LINK_FRAD; break; case ARPHRD_DLCI: result = LINK_DLCI; break; case ARPHRD_HDLC: result = LINK_CISCOHDLC; break; case ARPHRD_TUNNEL: result = LINK_IPIP; break; default: result = LINK_INVALID; break; } return result; } void adjustpacket(char *tpacket, unsigned short family, char **packet, char *aligned_buf, unsigned int *readlen) { unsigned int dataoffset; switch (family) { case LINK_ETHERNET: case LINK_LOOPBACK: case LINK_PLIP: *packet = tpacket + ETH_HLEN; *readlen -= ETH_HLEN; /* * Move IP data into an aligned buffer. 96 bytes should be sufficient * for IP and TCP headers with reasonable numbers of options and some * data. */ memmove(aligned_buf, *packet, min(SNAPSHOT_LEN, *readlen)); *packet = aligned_buf; break; case LINK_PPP: case LINK_SLIP: case LINK_ISDN_RAWIP: *packet = tpacket; break; case LINK_ISDN_CISCOHDLC: case LINK_FRAD: case LINK_DLCI: *packet = tpacket + 4; *readlen -= 4; break; case LINK_FDDI: *packet = tpacket + sizeof(struct fddihdr); *readlen -= sizeof(struct fddihdr); /* * Move IP data into an aligned buffer. 96 bytes should be sufficient * for IP and TCP headers with reasonable numbers of options and some * data. */ memmove(aligned_buf, *packet, min(SNAPSHOT_LEN, *readlen)); *packet = aligned_buf; break; case LINK_TR: /* * Token Ring patch supplied by Tomas Dvorak */ /* * Get the start of the IP packet from the Token Ring frame. */ dataoffset = get_tr_ip_offset(tpacket); *packet = tpacket + dataoffset; *readlen -= dataoffset; /* * Move IP datagram into an aligned buffer. */ memmove(aligned_buf, *packet, min(SNAPSHOT_LEN, *readlen)); *packet = aligned_buf; break; case LINK_IPIP: *packet = tpacket; break; case LINK_VLAN: *packet = tpacket + VLAN_ETH_HLEN; readlen -= VLAN_ETH_HLEN; /* * Move IP datagram into an aligned buffer. */ memmove(aligned_buf, *packet, min(SNAPSHOT_LEN, *readlen)); *packet = aligned_buf; default: *packet = (char *) NULL; /* return a NULL packet to signal */ break; /* an unrecognized link protocol */ } /* to the caller. Hopefully, this */ } /* switch statement will grow. */ /* * IPTraf input function; reads both keystrokes and network packets. */ void getpacket(int fd, char *buf, struct sockaddr_ll *fromaddr, int *ch, int *br, char *ifname, WINDOW * win) { int fromlen; fd_set set; struct timeval tv; int ss; int ir; struct ifreq ifr; FD_ZERO(&set); /* * Monitor stdin only if in interactive, not daemon mode. */ if (!daemonized) FD_SET(0, &set); /* * Monitor raw socket */ FD_SET(fd, &set); tv.tv_sec = 0; tv.tv_usec = DEFAULT_UPDATE_DELAY; do { ss = select(fd + 1, &set, 0, 0, &tv); } while ((ss < 0) && (errno == EINTR)); *br = 0; *ch = ERR; if (FD_ISSET(fd, &set)) { fromlen = sizeof(struct sockaddr_pkt); *br = recvfrom(fd, buf, MAX_PACKET_SIZE, 0, (struct sockaddr *) fromaddr, &fromlen); ifr.ifr_ifindex = fromaddr->sll_ifindex; ir = ioctl(fd, SIOCGIFNAME, &ifr); strcpy(ifname, ifr.ifr_name); } if (!daemonized) { if (FD_ISSET(0, &set)) *ch = wgetch(win); } else *ch = ERR; } int processpacket(char *tpacket, char **packet, unsigned int *br, unsigned int *total_br, unsigned int *sport, unsigned int *dport, struct sockaddr_ll *fromaddr, unsigned short *linktype, struct filterstate *filter, int match_opposite, char *ifname, char *ifptr) { static char aligned_buf[ALIGNED_BUF_LEN]; struct iphdr *ip; int hdr_check; register int ip_checksum; register int iphlen; unsigned int sport_tmp, dport_tmp; unsigned int f_sport, f_dport; int firstin; union { struct tcphdr *tcp; struct udphdr *udp; } in_ip; /* * Is interface supported? */ if (!iface_supported(ifname)) return INVALID_PACKET; /* * Does returned interface (ifname) match the specified interface name * (ifptr)? */ if (ifptr != NULL) { if (strcmp(ifptr, ifname) != 0) { return INVALID_PACKET; } } /* * Prepare ISDN reference descriptor and table. */ bzero(&isdntable, sizeof(struct isdntab)); isdn_iface_check(&isdnfd, ifname); /* * Get IPTraf link type based on returned information and move past * data link header. */ *linktype = getlinktype(fromaddr->sll_hatype, ifname, isdnfd, &isdntable); fromaddr->sll_protocol = ntohs(fromaddr->sll_protocol); adjustpacket(tpacket, *linktype, packet, aligned_buf, br); if (*packet == NULL) return INVALID_PACKET; /* * Apply non-IP packet filter */ if (fromaddr->sll_protocol != ETH_P_IP) { if ((fromaddr->sll_protocol == ETH_P_ARP) || (fromaddr->sll_protocol == ETH_P_RARP)) { if (!nonipfilter(filter, fromaddr->sll_protocol)) { return PACKET_FILTERED; } } else { if (!nonipfilter(filter, 0)) { return PACKET_FILTERED; } } return PACKET_OK; } /* * TODO: Insert IPv6 processing code here */ /* * At this point, we're now processing IP packets. Start by getting * IP header and length. */ ip = (struct iphdr *) (*packet); iphlen = ip->ihl * 4; /* * Compute and verify IP header checksum. */ ip_checksum = ip->check; ip->check = 0; hdr_check = in_cksum((u_short *) ip, iphlen); if (hdr_check != ip_checksum) return CHECKSUM_ERROR; if ((ip->protocol == IPPROTO_TCP || ip->protocol == IPPROTO_UDP) && (sport != NULL && dport != NULL)) { /* * Process TCP/UDP fragments */ if ((ntohs(ip->frag_off) & 0x3fff) != 0) { /* * total_br contains total byte count of all fragments * not yet retrieved. Will differ only if fragments * arrived before the first fragment, in which case * the total accumulated fragment sizes will be returned * once the first fragment arrives. */ if (total_br != NULL) *total_br = processfragment(ip, &sport_tmp, &dport_tmp, &firstin); if (!firstin) return MORE_FRAGMENTS; } else { if (ip->protocol == IPPROTO_TCP) { in_ip.tcp = (struct tcphdr *) ((char *) ip + iphlen); sport_tmp = in_ip.tcp->source; dport_tmp = in_ip.tcp->dest; } else if (ip->protocol == IPPROTO_UDP) { in_ip.udp = (struct udphdr *) ((char *) ip + iphlen); sport_tmp = in_ip.udp->source; dport_tmp = in_ip.udp->dest; } else { sport_tmp = 0; dport_tmp = 0; } if (total_br != NULL) *total_br = *br; } if (sport != NULL) *sport = sport_tmp; if (dport != NULL) *dport = dport_tmp; /* * Process IP filter */ f_sport = ntohs(sport_tmp); f_dport = ntohs(dport_tmp); if ((filter->filtercode != 0) && (!ipfilter (ip->saddr, ip->daddr, f_sport, f_dport, ip->protocol, match_opposite, &(filter->fl)))) return PACKET_FILTERED; } else { if ((filter->filtercode != 0) && (!ipfilter (ip->saddr, ip->daddr, 0, 0, ip->protocol, match_opposite, &(filter->fl)))) return PACKET_FILTERED; } return PACKET_OK; } void pkt_cleanup(void) { close(isdnfd); isdnfd = -1; destroyfraglist(); destroy_isdn_table(&isdntable); } iptraf-3.0.0/src/packet.h0100644000076400000000000000270210311472356014062 0ustar rikerroot/*** packet.h - external declarations for packet.c Written by Gerard Paul Java ***/ /* * Number of bytes from captured packet to move into an aligned buffer. * 96 bytes should be enough for the IP header, TCP/UDP/ICMP/whatever header * with reasonable numbers of options. */ #define SNAPSHOT_LEN 96 #define MAX_PACKET_SIZE 17664 #define ALIGNED_BUF_LEN 120 #define min(a, b) ((a > b) ? b : a) #define INVALID_PACKET 0 #define OK_PACKET 1 #define PACKET_OK 1 #define CHECKSUM_ERROR 2 #define PACKET_FILTERED 3 #define MORE_FRAGMENTS 4 #ifndef ARPHRD_IEEE802_TR #define ARPHRD_IEEE802_TR 800 #endif #ifndef VLAN_ETH_HLEN #define VLAN_ETH_HLEN 18 #endif extern int isdnfd; void open_socket(int *fd); unsigned short getlinktype(unsigned short family, char *ifname, int isdn_fd, struct isdntab *isdntable); void adjustpacket(char *tpacket, unsigned short family, char **packet, char *aligned_buf, unsigned int *readlen); void getpacket(int fd, char *buf, struct sockaddr_ll *fromaddr, int *ch, int *br, char *ifname, WINDOW * win); int processpacket(char *tpacket, char **packet, unsigned int *br, unsigned int *total_br, unsigned int *sport, unsigned int *dport, struct sockaddr_ll *fromaddr, unsigned short *linktype, struct filterstate *ofilter, int match_opposite, char *ifname, char *ifptr); void pkt_cleanup(void); iptraf-3.0.0/src/rvnamed.c0100644000076400000000000003443610311472356014253 0ustar rikerroot/*** rvnamed - reverse DNS lookup daemon for the IPTraf network statistics utility. Version 2.6.1 Parallel with IPTraf 2.6 Written by Gerard Paul Java Copyright (c) Gerard Paul Java 1998-2001 rvnamed is a daemon designed to do reverse DNS lookups, but return the IP address immediately while the lookup goes on in the background. A process requesting the lookup issues a request, and will immediately get a reply with the IP address. Meanwhile, rvnamed will fork and do the lookup. The requesting process simply needs to reissue the request until a full domain name is returned. This program is designed to be used by the IPTraf program to minimize blocking and allow smoother keyboard control and packet counting when reverse DNS lookups are enabled. rvnamed and IPTraf communicate with each other using the BSD UNIX domain socket protocol. This software is open-source; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 2 of the License, or (at your option) any later version. This program is distributed WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License in the included COPYING file for details. ***/ #include #include #include #include #include #include #include #include #include #include #include #include #include #include "rvnamed.h" #include "dirs.h" #define NUM_CACHE_ENTRIES 2048 #define TIME_TARGET_MAX 30 struct hosts { unsigned long addr; char fqdn[45]; int ready; }; static int fork_count = 0; static int max_fork_count = 0; /* * This is the classic zombie-preventer */ void childreap() { signal(SIGCHLD, childreap); while (waitpid(-1, NULL, WNOHANG) > 0) fork_count--; } void auto_terminate() { exit(2); } /* * Process reverse DNS request from the client */ void process_rvn_packet(struct rvn *rvnpacket) { int ccfd; extern int h_errno; struct sockaddr_un ccsa; struct hostent *he; ccfd = socket(PF_UNIX, SOCK_DGRAM, 0); he = gethostbyaddr((char *) &(rvnpacket->saddr), sizeof(struct in_addr), AF_INET); if (he == NULL) strcpy(rvnpacket->fqdn, inet_ntoa(rvnpacket->saddr)); else { bzero(rvnpacket->fqdn, 45); strncpy(rvnpacket->fqdn, he->h_name, 44); } ccsa.sun_family = AF_UNIX; strcpy(ccsa.sun_path, CHILDSOCKNAME); sendto(ccfd, rvnpacket, sizeof(struct rvn), 0, (struct sockaddr *) &ccsa, sizeof(ccsa.sun_family) + strlen(ccsa.sun_path)); close(ccfd); } /* * Check if name is already resolved and in the cache. */ int name_resolved(struct rvn *rvnpacket, struct hosts *hostlist, unsigned int lastfree) { unsigned int i = 0; while (i != lastfree) { if ((rvnpacket->saddr.s_addr == hostlist[i].addr) && (hostlist[i].ready == RESOLVED)) return i; i++; } return -1; } /* * Return the resolution status (NOTRESOLVED, RESOLVING, RESOLVED) of * the given IP address */ int addrstat(struct rvn *rvnpacket, struct hosts *hostlist, unsigned int lastfree) { unsigned int i = 0; while (i != lastfree) { if (rvnpacket->saddr.s_addr == hostlist[i].addr) break; i++; } if (i != lastfree) return hostlist[i].ready; return NOTRESOLVED; } void writervnlog(FILE * fd, char *msg) { time_t now; char atime[TIME_TARGET_MAX] = ""; now = time((time_t *) NULL); strcpy(atime, ctime(&now)); atime[strlen(atime) - 1] = '\0'; fprintf(fd, "%s: %s\n", atime, msg); } int main(void) { int cfd; int ifd; struct hosts hostlist[NUM_CACHE_ENTRIES]; char logmsg[160]; unsigned int hostindex = 0; unsigned int lastfree = 0; unsigned int hi = 0; int readyidx = 0; int fr = 0; int maxlogged = 0; struct rvn rvnpacket; int br; int ss = 0; fd_set sockset; struct sockaddr_un csa, isa; /* child and iptraf comm sockets */ struct sockaddr_un fromaddr; int fromlen; FILE *logfile; extern int errno; pid_t pid; /* Daemonization Sequence */ #ifndef DEBUG switch (fork()) { case -1: exit(1); case 0: break; default: exit(0); } setsid(); chdir("/"); #endif signal(SIGCHLD, childreap); logfile = fopen(RVNDLOGFILE, "a"); if (logfile == NULL) logfile = fopen("/dev/null", "a"); writervnlog(logfile, "******** rvnamed started ********"); writervnlog(logfile, "Clearing socket names"); /* * Get rid of any residue socket names in case of a previous * abormal termination of rvnamed. */ unlink(CHILDSOCKNAME); unlink(IPTSOCKNAME); writervnlog(logfile, "Opening sockets"); csa.sun_family = AF_UNIX; strcpy(csa.sun_path, CHILDSOCKNAME); isa.sun_family = AF_UNIX; strcpy(isa.sun_path, IPTSOCKNAME); cfd = socket(PF_UNIX, SOCK_DGRAM, 0); if (cfd < 0) { writervnlog(logfile, "Unable to open child communication socket, aborting"); exit(1); } if (bind (cfd, (struct sockaddr *) &csa, sizeof(csa.sun_family) + strlen(csa.sun_path)) < 0) { writervnlog(logfile, "Error binding child communication socket, aborting"); exit(1); } ifd = socket(PF_UNIX, SOCK_DGRAM, 0); if (ifd < 0) { writervnlog(logfile, "Unable to open client communication socket, aborting"); exit(1); } if (bind(ifd, (struct sockaddr *) &isa, sizeof(isa.sun_family) + strlen(isa.sun_path)) < 0) { writervnlog(logfile, "Error binding client communication socket, aborting"); exit(1); } while (1) { FD_ZERO(&sockset); FD_SET(cfd, &sockset); FD_SET(ifd, &sockset); do { ss = select(ifd + 1, &sockset, NULL, NULL, (struct timeval *) NULL); } while ((ss < 0) && (errno != ENOMEM)); if (errno == ENOMEM) { writervnlog(logfile, "Fatal error: no memory for descriptor monitoring"); close(ifd); close(cfd); fclose(logfile); exit(1); } /* * Code to process packets coming from the forked child. */ if (FD_ISSET(cfd, &sockset)) { fromlen = sizeof(fromaddr.sun_family) + strlen(fromaddr.sun_path); br = recvfrom(cfd, &rvnpacket, sizeof(struct rvn), 0, (struct sockaddr *) &fromaddr, &fromlen); if (br > 0) { hi = 0; while (hi <= lastfree) { if (hostlist[hi].addr == rvnpacket.saddr.s_addr) break; hi++; } if (hi == lastfree) { /* Address not in cache */ bzero(&(hostlist[hi]), sizeof(struct hosts)); hi = hostindex; hostindex++; if (hostindex == NUM_CACHE_ENTRIES) hostindex = 0; hostlist[hi].addr = rvnpacket.saddr.s_addr; } strncpy(hostlist[hi].fqdn, rvnpacket.fqdn, 44); hostlist[hi].ready = RESOLVED; } } /* * This code section processes packets received from the IPTraf * program. */ if (FD_ISSET(ifd, &sockset)) { fromlen = sizeof(struct sockaddr_un); br = recvfrom(ifd, &rvnpacket, sizeof(struct rvn), 0, (struct sockaddr *) &fromaddr, &fromlen); if (br > 0) { switch (rvnpacket.type) { case RVN_HELLO: sendto(ifd, &rvnpacket, sizeof(struct rvn), 0, (struct sockaddr *) &fromaddr, sizeof(fromaddr.sun_family) + strlen(fromaddr.sun_path)); break; case RVN_QUIT: #ifndef DEBUG writervnlog(logfile, "Received quit instruction"); writervnlog(logfile, "Closing sockets"); close(ifd); close(cfd); writervnlog(logfile, "Clearing socket names"); unlink(IPTSOCKNAME); unlink(CHILDSOCKNAME); sprintf(logmsg, "rvnamed terminating: max processes spawned: %d", max_fork_count); writervnlog(logfile, logmsg); writervnlog(logfile, "******** rvnamed terminated ********"); fclose(logfile); exit(0); #endif case RVN_REQUEST: readyidx = name_resolved(&rvnpacket, hostlist, lastfree); if (readyidx >= 0) { rvnpacket.type = RVN_REPLY; bzero(rvnpacket.fqdn, 45); strncpy(rvnpacket.fqdn, hostlist[readyidx].fqdn, 44); rvnpacket.ready = RESOLVED; br = sendto(ifd, &rvnpacket, sizeof(struct rvn), 0, (struct sockaddr *) &fromaddr, sizeof(fromaddr.sun_family) + strlen(fromaddr.sun_path)); } else { /* * Add this IP address to the cache if this is a * new one. */ if (addrstat(&rvnpacket, hostlist, lastfree) == NOTRESOLVED) { fflush(logfile); /* flush all data prior */ /* to fork() */ if (fork_count <= MAX_RVNAMED_CHILDREN) { /* * If we can still fork(), we add the data * to the cache array, but we don't update * the indexes until after the fork() * succeeds. If the fork() fails, we'll * just reuse this slot for the next query. * * This is so that if the fork() fails due * to a temporary condition, rvnamed won't * think it's RESOLVING while there isn't * any actual child doing the resolution * before the entry expires. * * However, we'll still tell IPTraf that the * address is RESOLVING. * */ hostlist[hostindex].addr = rvnpacket.saddr.s_addr; hostlist[hostindex].ready = RESOLVING; maxlogged = 0; fr = fork(); } else { fr = -1; if (!maxlogged) writervnlog(logfile, "Maximum child process limit reached"); maxlogged = 1; } switch (fr) { case 0: /* spawned child */ fclose(logfile); /* no logging in child */ close(ifd); /* no comm with client */ pid = getpid(); /* * Set auto-terminate timeout */ signal(SIGALRM, auto_terminate); alarm(300); process_rvn_packet(&rvnpacket); exit(0); case -1: if (!maxlogged) writervnlog(logfile, "Error on fork, returning IP address"); break; default: /* parent */ if (fork_count > max_fork_count) max_fork_count = fork_count; /* * Increase cache indexes only if fork() * succeeded, otherwise the previously * allocated slots will be used for the * next query. */ hostindex++; if (hostindex == NUM_CACHE_ENTRIES) hostindex = 0; if (lastfree < NUM_CACHE_ENTRIES) lastfree++; fork_count++; break; } } rvnpacket.type = RVN_REPLY; bzero(rvnpacket.fqdn, 45); strcpy(rvnpacket.fqdn, inet_ntoa(rvnpacket.saddr)); rvnpacket.ready = RESOLVING; br = sendto(ifd, &rvnpacket, sizeof(struct rvn), 0, (struct sockaddr *) &fromaddr, sizeof(fromaddr.sun_family) + strlen(fromaddr.sun_path)); } } } } /* end block for packets from IPTraf */ } } iptraf-3.0.0/src/rvnamed.h0100644000076400000000000000073110311472356014247 0ustar rikerroot#include #include #define CHILDSOCKNAME "/dev/rvndcldcomsk" #define PARENTSOCKNAME "/dev/rvndpntcomsk" #define IPTSOCKNAME "/dev/rvndiptcomsk" #define SOCKET_PREFIX "isock" #define NOTRESOLVED 0 #define RESOLVING 1 #define RESOLVED 2 #define RVN_HELLO 0 #define RVN_REQUEST 1 #define RVN_REPLY 2 #define RVN_QUIT 3 #define MAX_RVNAMED_CHILDREN 200 struct rvn { int type; int ready; struct in_addr saddr; char fqdn[45]; }; iptraf-3.0.0/src/timer.c0100644000076400000000000000171710311472356013733 0ustar rikerroot /*** timer.c - module to display the elapsed time since a facility was started Written by Gerard Paul Java Copyright (c) Gerard Paul Java 1997 This software is open source; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 2 of the License, or (at your option) any later version. This program is distributed WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License in the included COPYING file for details. ***/ #include #include void printelapsedtime(time_t start, time_t now, int y, int x, WINDOW * win) { time_t elapsed; unsigned int hours; unsigned int mins; elapsed = now - start; hours = elapsed / 3600; mins = (elapsed % 3600) / 60; wmove(win, y, x); wprintw(win, " Elapsed time: %3u:%02u ", hours, mins); } iptraf-3.0.0/src/timer.h0100644000076400000000000000014310311472356013730 0ustar rikerrootvoid printelapsedtime(time_t start, time_t now, int y, int x, WINDOW * win); iptraf-3.0.0/src/tcphdr.h0100644000076400000000000000113410311472356014075 0ustar rikerroot /* * Reconstruction of the TCP header structure, slightly modified. With * provisions for little- and big-endian architectures. */ #include #include struct tcphdr { u_int16_t source; u_int16_t dest; u_int32_t seq; u_int32_t ack_seq; #if __BYTE_ORDER == __LITTLE_ENDIAN u_int16_t res1:4, doff:4, fin:1, syn:1, rst:1, psh:1, ack:1, urg:1, res2:2; #elif __BYTE_ORDER == __BIG_ENDIAN u_int16_t doff:4, res1:4, res2:2, urg:1, ack:1, psh:1, rst:1, syn:1, fin:1; #endif u_int16_t window; u_int16_t check; u_int16_t urg_ptr; }; iptraf-3.0.0/src/addproto.h0100644000076400000000000000055410311472356014432 0ustar rikerroot#define __addproto_h__ #ifndef IPPROTO_IGP #define IPPROTO_IGP 9 #endif #ifndef IPPROTO_IGRP #define IPPROTO_IGRP 88 #endif #ifndef IPPROTO_OSPFIGP #define IPPROTO_OSPFIGP 89 #endif #ifndef IPPROTO_GRE #define IPPROTO_GRE 47 #endif #ifndef IPPROTO_IPSEC_AH #define IPPROTO_IPSEC_AH 51 #endif #ifndef IPPROTO_IPSEC_ESP #define IPPROTO_IPSEC_ESP 50 #endif iptraf-3.0.0/src/landesc.h0100644000076400000000000000261610311472356014230 0ustar rikerroot/*** ethdesc.c - Ethernet host description management module Copyright (c) Gerard Paul Java 1998 This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 2 of the License, or (at your option) any later version. This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details. ***/ #include "descrec.h" #define WITHETCETHERS 1 #define WITHOUTETCETHERS 0 void etherr(void); void loaddesclist(struct desclist *list, unsigned int linktype, int withethers); void savedesclist(struct desclist *list, unsigned int linktype); void displayethdescs(struct desclist *list, WINDOW * win); void destroydesclist(struct desclist *list); void operate_descselect(struct desclist *list, struct desclistent **node, WINDOW * win, int *aborted); void selectdesc(struct desclist *list, struct desclistent **node, int *aborted); void descdlg(struct descrec *rec, char *initaddr, char *initdesc, int *aborted); void addethdesc(struct desclist *list); void editethdesc(struct desclist *list); void delethdesc(struct desclist *list); void ethdescmgr(unsigned int linktype); iptraf-3.0.0/src/servname.c0100644000076400000000000000232110311472356014423 0ustar rikerroot/*** servname.c - lookup module for TCP and UDP service names based on port numbers Copyright (c) Gerard Paul Java 1998 This software is open source; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 2 of the License, or (at your option) any later version. This program is distributed WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License in the included COPYING file for details. ***/ #include #include #include #include void servlook(int servnames, unsigned int port, unsigned int protocol, char *target, int maxlen) { static struct servent *sve; bzero(target, maxlen + 1); if (servnames) { if (protocol == IPPROTO_TCP) sve = getservbyport(port, "tcp"); else sve = getservbyport(port, "udp"); if (sve != NULL) { strncpy(target, sve->s_name, maxlen); } else { sprintf(target, "%u", ntohs(port)); } } else { sprintf(target, "%u", ntohs(port)); } } iptraf-3.0.0/src/servname.h0100644000076400000000000000027610311472356014437 0ustar rikerroot/*** servname.h - function prototype for service lookup ***/ void servlook(int servnames, unsigned int port, unsigned int protocol, char *target, int maxlen); iptraf-3.0.0/src/ipfrag.c0100644000076400000000000001651710311472356014067 0ustar rikerroot/*** ipfrag.c - module that handles fragmented IP packets. This module is necessary to maintain accurate counts in case fragmented IP packets are received. TCP and UDP headers are not copied in fragments. This module is based on RFC 815, but does not really reassemble packets. The routines here merely accumulate packet sizes and pass them off to the IP traffic monitor routine. Copyright (c) Gerard Paul Java, 1998, 2002 This software is open source; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 2 of the License, or (at your option) any later version. This program is distributed WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License in the included COPYING file for details. ***/ #include #include #include #include #include #include #include #include "tcphdr.h" #include "ipfrag.h" static struct fragent *fraglist = NULL; static struct fragent *fragtail = NULL; struct fragent *addnewdgram(struct iphdr *packet) { struct fragent *ptmp; ptmp = malloc(sizeof(struct fragent)); if (fraglist == NULL) { fraglist = ptmp; ptmp->prev_entry = NULL; } if (fragtail != NULL) { fragtail->next_entry = ptmp; ptmp->prev_entry = fragtail; } bzero(ptmp, sizeof(struct fragent)); ptmp->fragdesclist = malloc(sizeof(struct fragdescent)); ptmp->fragdesclist->min = 0; ptmp->fragdesclist->max = 65535; ptmp->fragdesclist->next_entry = NULL; ptmp->fragdesclist->prev_entry = NULL; ptmp->fragdesctail = ptmp->fragdesclist; fragtail = ptmp; ptmp->next_entry = NULL; ptmp->s_addr = packet->saddr; ptmp->d_addr = packet->daddr; ptmp->protocol = packet->protocol; ptmp->id = packet->id; return ptmp; } struct fragdescent *addnewhole(struct fragent *frag) { struct fragdescent *ptmp; ptmp = malloc(sizeof(struct fragdescent)); if (frag->fragdesclist == NULL) { frag->fragdesclist = ptmp; ptmp->prev_entry = NULL; } if (frag->fragdesctail != NULL) { frag->fragdesctail->next_entry = ptmp; ptmp->prev_entry = frag->fragdesctail; } ptmp->next_entry = NULL; frag->fragdesctail = ptmp; return ptmp; } struct fragent *searchfrags(unsigned long saddr, unsigned long daddr, unsigned int protocol, unsigned int id) { struct fragent *ftmp = fraglist; while (ftmp != NULL) { if ((saddr == ftmp->s_addr) && (daddr == ftmp->d_addr) && (protocol == ftmp->protocol) && (id == ftmp->id)) return ftmp; ftmp = ftmp->next_entry; } return NULL; } void deldgram(struct fragent *ftmp) { if (ftmp->prev_entry != NULL) ftmp->prev_entry->next_entry = ftmp->next_entry; else fraglist = ftmp->next_entry; if (ftmp->next_entry != NULL) ftmp->next_entry->prev_entry = ftmp->prev_entry; else fragtail = ftmp->prev_entry; free(ftmp); } /* * Destroy hole descriptor list */ void destroyholes(struct fragent *ftmp) { struct fragdescent *dtmp = ftmp->fragdesclist; struct fragdescent *ntmp = NULL; if (ftmp->fragdesclist != NULL) { ntmp = dtmp->next_entry; while (dtmp != NULL) { free(dtmp); dtmp = ntmp; if (ntmp != NULL) ntmp = ntmp->next_entry; } } } void destroyfraglist(void) { struct fragent *ptmp = fraglist; struct fragent *ctmp = NULL; if (fraglist != NULL) { ctmp = ptmp->next_entry; while (ptmp != NULL) { destroyholes(ptmp); free(ptmp); ptmp = ctmp; if (ctmp != NULL) ctmp = ctmp->next_entry; } } fraglist = NULL; fragtail = NULL; } /* * Process IP fragment. Returns number of bytes to report to the traffic * monitor or 0 for an error condition. */ unsigned int processfragment(struct iphdr *packet, unsigned int *sport, unsigned int *dport, int *firstin) { struct fragent *ftmp; struct fragdescent *dtmp; struct fragdescent *ntmp; char *tpacket; unsigned int offset; unsigned int lastbyte; unsigned int retval; /* Determine appropriate hole descriptor list */ ftmp = searchfrags(packet->saddr, packet->daddr, packet->protocol, packet->id); if (ftmp == NULL) /* No such datagram for this frag yet */ ftmp = addnewdgram(packet); if (ftmp == NULL) return 0; /* * At this point, ftmp should contain the address of the appropriate * descriptor list. */ dtmp = ftmp->fragdesclist; /* Point to hole descriptors */ offset = (ntohs(packet->frag_off) & 0x1fff) * 8; lastbyte = (offset + (ntohs(packet->tot_len) - (packet->ihl) * 4)) - 1; if ((ntohs(packet->frag_off) & 0x1fff) == 0) { /* first fragment? */ ftmp->firstin = 1; tpacket = ((char *) (packet)) + (packet->ihl * 4); if (packet->protocol == IPPROTO_TCP) { ftmp->s_port = ((struct tcphdr *) tpacket)->source; ftmp->d_port = ((struct tcphdr *) tpacket)->dest; } else if (packet->protocol == IPPROTO_UDP) { ftmp->s_port = ((struct udphdr *) tpacket)->source; ftmp->d_port = ((struct udphdr *) tpacket)->dest; } } while (dtmp != NULL) { if ((offset <= dtmp->max) && (lastbyte >= dtmp->min)) break; dtmp = dtmp->next_entry; } if (dtmp != NULL) { /* Duplicate/overlap or something out of the loopback interface */ /* * Delete current entry from hole descriptor list */ if (dtmp->prev_entry != NULL) dtmp->prev_entry->next_entry = dtmp->next_entry; else ftmp->fragdesclist = dtmp->next_entry; if (dtmp->next_entry != NULL) dtmp->next_entry->prev_entry = dtmp->prev_entry; else ftmp->fragdesctail = dtmp->prev_entry; /* * Memory for the hole descriptor will not be released yet. */ if (offset > dtmp->min) { /* * If offset in fragment is greater than offset in the descriptor, * create a new hole descriptor. */ ntmp = addnewhole(ftmp); ntmp->min = dtmp->min; ntmp->max = offset - 1; } if ((lastbyte < dtmp->max) && (ntohs(packet->frag_off) & 0x2000)) { /* * If last byte in fragment is less than the last byte of the * hole descriptor, and more fragments, create a new hole * descriptor. */ ntmp = addnewhole(ftmp); ntmp->min = lastbyte + 1; ntmp->max = dtmp->max; } free(dtmp); } *firstin = ftmp->firstin; ftmp->bcount += ntohs(packet->tot_len); if (ftmp->firstin) { *sport = ftmp->s_port; *dport = ftmp->d_port; retval = ftmp->bcount; ftmp->bcount = 0; if (ftmp->fragdesclist == NULL) deldgram(ftmp); return retval; } else return 0; } iptraf-3.0.0/src/ipfrag.h0100644000076400000000000000221010311472356014055 0ustar rikerroot/*** ipfrag.h - IP fragmentation hander definitions ***/ struct fragdescent { unsigned int min; unsigned int max; struct fragdescent *prev_entry; struct fragdescent *next_entry; }; struct fragent { unsigned long s_addr; unsigned int s_port; unsigned long d_addr; unsigned int d_port; unsigned int id; unsigned int protocol; int firstin; time_t starttime; struct fragdescent *fragdesclist; struct fragdescent *fragdesctail; unsigned int bcount; struct fragent *prev_entry; struct fragent *next_entry; }; struct fragfreelistent { struct fragent *top; struct fragfreelist *next_entry; }; struct fragent *addnewdgram(struct iphdr *packet); struct fragdescent *addnewhole(struct fragent *frag); struct fragent *searchfrags(unsigned long saddr, unsigned long daddr, unsigned int protocol, unsigned int id); void deldgram(struct fragent *ftmp); void destroyholes(struct fragent *ftmp); void destroyfraglist(void); unsigned int processfragment(struct iphdr *packet, unsigned int *sport, unsigned int *dport, int *firstin); iptraf-3.0.0/src/ifaces.h0100644000076400000000000000056410311472356014051 0ustar rikerroot/*** ifaces.h - prototype declaration for interface support determination routine. ***/ FILE *open_procnetdev(void); void get_next_iface(FILE * fd, char *ifname); int iface_supported(char *iface); int iface_up(char *iface); void err_iface_unsupported(void); void err_iface_down(void); void isdn_iface_check(int *fd, char *ifname); char *gen_iface_msg(char *ifptr); iptraf-3.0.0/src/ifaces.c0100644000076400000000000000636610311472356014052 0ustar rikerroot/*** ifaces.c - routine that determines whether a given interface is supported by IPTraf Copyright (c) Gerard Paul Java 1998, 2003 This software is open source; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 2 of the License, or (at your option) any later version. This program is distributed WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License in the included COPYING file for details. ***/ #include #include #include #include #include #include #include #include #include #include #include #include "links.h" #include "error.h" extern int accept_unsupported_interfaces; #define NUM_SUPPORTED_IFACES 26 extern int daemonized; char ifaces[][6] = { "lo", "eth", "sl", "ppp", "ippp", "plip", "fddi", "isdn", "dvb", "pvc", "hdlc", "ipsec", "sbni", "tr", "wvlan", "wlan", "sm2", "sm3", "pent", "lec", "brg", "tun", "tap", "cipcb", "tunl", "vlan" }; char *ltrim(char *buf) { char *tmp = buf; while ((*tmp == ' ') || (*tmp == '\t')) tmp++; strcpy(buf, tmp); return buf; } /* * Open /proc/net/dev and move file pointer past the two table header lines * at the top of the file. */ FILE *open_procnetdev(void) { FILE *fd; char buf[161]; fd = fopen("/proc/net/dev", "r"); /* * Read and discard the table header lines in the file */ if (fd != NULL) { fgets(buf, 160, fd); fgets(buf, 160, fd); } return fd; } /* * Get the next interface from /proc/net/dev. */ void get_next_iface(FILE * fd, char *ifname) { char buf[161]; if (!feof(fd)) { strcpy(buf, ""); fgets(buf, 160, fd); if (strcmp(buf, "") != 0) strcpy(ifname, ltrim(strtok(buf, ":"))); else strcpy(ifname, ""); } else strcpy(ifname, ""); } /* * Determine if supplied interface is supported. */ int iface_supported(char *iface) { int i; if (accept_unsupported_interfaces) return 1; for (i = 0; i <= NUM_SUPPORTED_IFACES - 1; i++) { if (strncmp(ifaces[i], iface, strlen(ifaces[i])) == 0) return 1; } return 0; } int iface_up(char *iface) { int fd; int ir; struct ifreq ifr; fd = socket(PF_INET, SOCK_DGRAM, IPPROTO_UDP); strcpy(ifr.ifr_name, iface); ir = ioctl(fd, SIOCGIFFLAGS, &ifr); close(fd); if ((ir != 0) || (!(ifr.ifr_flags & IFF_UP))) return 0; return 1; } void err_iface_unsupported(void) { write_error("Specified interface not supported", daemonized); } void err_iface_down(void) { write_error("Specified interface not active", daemonized); } void isdn_iface_check(int *fd, char *ifname) { if (*fd == -1) { if (strncmp(ifname, "isdn", 4) == 0) *fd = open("/dev/isdnctrl", O_RDWR); } } char *gen_iface_msg(char *ifptr) { static char if_msg[20]; if (ifptr == NULL) strcpy(if_msg, "all interfaces"); else strncpy(if_msg, ifptr, 20); return if_msg; } iptraf-3.0.0/src/fltmgr.c0100644000076400000000000002345010311477567014115 0ustar rikerroot/*** fltmgr.c - filter list management routines Copyright (c) Gerard Paul Java 1998 This software is open source; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 2 of the License, or (at your option) any later version. This program is distributed WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License in the included COPYING file for details. ***/ #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include "attrs.h" #include "deskman.h" #include "dirs.h" #include "fltdefs.h" #include "fltmgr.h" #include "instances.h" #include "error.h" extern int daemonized; void makestdfiltermenu(struct MENU *menu) { tx_initmenu(menu, 9, 31, (LINES - 8) / 2, (COLS - 31) / 2 + 15, BOXATTR, STDATTR, HIGHATTR, BARSTDATTR, BARHIGHATTR, DESCATTR); tx_additem(menu, " ^D^efine new filter...", "Defines a new set of IP filter parameters"); tx_additem(menu, " ^A^pply filter...", "Applies a defined filter"); tx_additem(menu, " Detac^h^ filter", "Removes the currently applied filter"); tx_additem(menu, " ^E^dit filter...", "Modifies existing filter data"); tx_additem(menu, " Dele^t^e filter...", "Removes an IP filter from the filter list"); tx_additem(menu, NULL, NULL); tx_additem(menu, " E^x^it menu", "Returns to the main menu"); } /* * Generate a string representation of a number to be used as a name. */ void genname(unsigned long n, char *m) { sprintf(m, "%lu", n); } int mark_filter_change(void) { int resp; if (!facility_active(OTHIPFLTIDFILE, "")) mark_facility(OTHIPFLTIDFILE, "IP filter change", ""); else { tx_errbox ("IP protocol data file in use; try again later", ANYKEY_MSG, &resp); return 0; } return 1; } void clear_flt_tag(void) { unmark_facility(OTHIPFLTIDFILE, ""); } void listfileerr(int code) { if (code == 1) write_error("Error loading filter list file", daemonized); else write_error("Error writing filter list file", daemonized); } unsigned long int nametoaddr(char *ascname, int *err) { unsigned long int result; struct hostent *he; char imsg[45]; struct in_addr inp; int resolv_err = 0; resolv_err = inet_aton(ascname, &inp); if (resolv_err == 0) { snprintf(imsg, 44, "Resolving %s", ascname); indicate(imsg); he = gethostbyname(ascname); if (he != NULL) bcopy((he->h_addr_list)[0], &result, he->h_length); else { snprintf(imsg, 45, "Unable to resolve %s", ascname); write_error(imsg, daemonized); *err = 1; return (-1); } } else result = inp.s_addr; return (result); *err = 0; } int loadfilterlist(struct ffnode **fltfile) { int pfd = 0; int result = 0; struct ffnode *ffiles = NULL; struct ffnode *ptemp; struct ffnode *tail = NULL; struct ffnode *insert_point = NULL; /* new node is inserted *above* this */ int br; pfd = open(OTHIPFLNAME, O_RDONLY); if (pfd < 0) { *fltfile = NULL; return 1; } do { ptemp = malloc(sizeof(struct ffnode)); br = read(pfd, &(ptemp->ffe), sizeof(struct filterfileent)); if (br > 0) { if (ffiles == NULL) { /* * Create single-node list should initial list pointer be empty */ ffiles = ptemp; ffiles->prev_entry = ffiles->next_entry = NULL; tail = ffiles; } else { /* * Find appropriate point for insertion into sorted list. */ insert_point = ffiles; while (insert_point != NULL) { if (strcasecmp(insert_point->ffe.desc, ptemp->ffe.desc) < 0) insert_point = insert_point->next_entry; else break; } /* * Insert new node depending on whether insert_point = top of list; * middle of list; end of list. */ if (insert_point == NULL) { /* Case 1: end of list; if insert_point is NULL, we get it out of the way first */ tail->next_entry = ptemp; ptemp->prev_entry = tail; tail = ptemp; ptemp->next_entry = NULL; } else if (insert_point->prev_entry == NULL) { /* Case 2: top of list */ insert_point->prev_entry = ptemp; ffiles = ptemp; ffiles->prev_entry = NULL; ffiles->next_entry = insert_point; insert_point->prev_entry = ffiles; } else { /* Case 3: middle of list */ ptemp->prev_entry = insert_point->prev_entry; ptemp->next_entry = insert_point; insert_point->prev_entry->next_entry = ptemp; insert_point->prev_entry = ptemp; } } } else { free(ptemp); if (br < 0) result = 1; } } while (br > 0); close(pfd); *fltfile = ffiles; if (ffiles == NULL) result = 1; return result; } void destroyfilterlist(struct ffnode *fltlist) { struct ffnode *fftemp; if (fltlist != NULL) { fftemp = fltlist->next_entry; do { free(fltlist); fltlist = fftemp; if (fftemp != NULL) fftemp = fftemp->next_entry; } while (fltlist != NULL); } } void save_filterlist(struct ffnode *fltlist) { struct ffnode *fltfile; struct ffnode *ffntemp; int fd; int bw; fd = open(OTHIPFLNAME, O_WRONLY | O_CREAT | O_TRUNC, S_IRUSR | S_IWUSR); if (fd < 0) { listfileerr(2); clear_flt_tag(); return; } fltfile = fltlist; while (fltfile != NULL) { bw = write(fd, &(fltfile->ffe), sizeof(struct filterfileent)); if (bw < 0) { listfileerr(2); clear_flt_tag(); return; } ffntemp = fltfile; fltfile = fltfile->next_entry; free(ffntemp); } close(fd); } void operate_select(struct ffnode *ffiles, struct ffnode **item, int *aborted) { struct ffnode *pptr; int ch; struct scroll_list list; tx_listkeyhelp(STDATTR, HIGHATTR); update_panels(); doupdate(); pptr = ffiles; tx_init_listbox(&list, 60, 10, (COLS - 60) / 2 - 2, (LINES - 10) / 2 - 2, STDATTR, BOXATTR, BARSTDATTR, HIGHATTR); tx_set_listbox_title(&list, "Select Filter", 1); while (pptr != NULL) { tx_add_list_entry(&list, (char *) pptr, pptr->ffe.desc); pptr = pptr->next_entry; } tx_show_listbox(&list); tx_operate_listbox(&list, &ch, aborted); if (!(*aborted)) *item = (struct ffnode *) list.textptr->nodeptr; tx_close_listbox(&list); tx_destroy_list(&list); } void pickafilter(struct ffnode *ffiles, struct ffnode **fltfile, int *aborted) { operate_select(ffiles, fltfile, aborted); update_panels(); doupdate(); } char *pickfilterbyname(struct ffnode *ffiles, char *filtername) { struct ffnode *ftmp = ffiles; static char filterfile[160]; while (ftmp != NULL) { if (strcmp(ftmp->ffe.desc, filtername) == 0) { strncmp(filterfile, ftmp->ffe.filename, 40); return filterfile; } ftmp = ftmp->next_entry; } return NULL; } void selectfilter(struct filterfileent *ffe, int *aborted) { struct ffnode *fltfile; struct ffnode *ffiles; if (loadfilterlist(&ffiles)) { listfileerr(1); *aborted = 1; destroyfilterlist(ffiles); return; } pickafilter(ffiles, &fltfile, aborted); if (!(*aborted)) *ffe = fltfile->ffe; destroyfilterlist(ffiles); } void get_filter_description(char *description, int *aborted, char *pre_edit) { struct FIELDLIST descfield; int dlgwintop; WINDOW *dlgwin; PANEL *dlgpanel; int resp = 0; dlgwintop = (LINES - 9) / 2; dlgwin = newwin(7, 42, dlgwintop, (COLS - 42) / 2 - 10); dlgpanel = new_panel(dlgwin); wattrset(dlgwin, DLGBOXATTR); tx_colorwin(dlgwin); tx_box(dlgwin, ACS_VLINE, ACS_HLINE); wattrset(dlgwin, DLGTEXTATTR); wmove(dlgwin, 2, 2); wprintw(dlgwin, "Enter a description for this filter"); wmove(dlgwin, 5, 2); stdkeyhelp(dlgwin); update_panels(); doupdate(); tx_initfields(&descfield, 1, 35, dlgwintop + 3, (COLS - 42) / 2 - 8, DLGTEXTATTR, FIELDATTR); tx_addfield(&descfield, 33, 0, 0, pre_edit); do { tx_fillfields(&descfield, aborted); if ((descfield.list->buf[0] == '\0') && (!(*aborted))) tx_errbox("Enter an appropriate description for this filter", ANYKEY_MSG, &resp); } while ((descfield.list->buf[0] == '\0') && (!(*aborted))); if (!(*aborted)) strcpy(description, descfield.list->buf); tx_destroyfields(&descfield); del_panel(dlgpanel); delwin(dlgwin); update_panels(); doupdate(); } iptraf-3.0.0/src/fltmgr.h0100644000076400000000000000203510311472356014105 0ustar rikerroot/*** fltmgr.h - filter list management routine prototypes Copyright (c) Gerard Paul Java 1998, 2002 ***/ struct filterfileent { char desc[35]; char filename[40]; }; struct ffnode { struct filterfileent ffe; struct ffnode *next_entry; struct ffnode *prev_entry; }; #ifndef IGNORE_FILTER_PROTOTYPES void makestdfiltermenu(struct MENU *menu); void makemainfiltermenu(struct MENU *menu); int loadfilterlist(struct ffnode **fltfile); void save_filterlist(struct ffnode *fltlist); void pickafilter(struct ffnode *files, struct ffnode **fltfile, int *aborted); char *pickfilterbyname(struct ffnode *fltlist, char *filename); void selectfilter(struct filterfileent *ffe, int *aborted); void destroyfilterlist(struct ffnode *fltlist); void get_filter_description(char *description, int *aborted, char *pre_edit); void genname(unsigned long n, char *m); unsigned long int nametoaddr(char *ascname, int *err); void listfileerr(int code); int mark_filter_change(); void clear_flt_tag(); #endif iptraf-3.0.0/src/revname.h0100644000076400000000000000040010311472356014241 0ustar rikerroot/*** revname.h - public declarations related to reverse name resolution ***/ int rvnamedactive(); int killrvnamed(); void open_rvn_socket(int *fd); void close_rvn_socket(int fd); int revname(int *lookup, struct in_addr *saddr, char *target, int rvnfd); iptraf-3.0.0/src/landesc.c0100644000076400000000000003047010311472356014222 0ustar rikerroot /*** landesc.c - LAN host description management module Currently includes support for Ethernet, PLIP, and FDDI Copyright (c) Gerard Paul Java 1998 This software is open source; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 2 of the License, or (at your option) any later version. This program is distributed WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License in the included COPYING file for details. ***/ #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include "deskman.h" #include "attrs.h" #include "dirs.h" #include "landesc.h" #include "links.h" void etherr(void) { int resp; tx_errbox("Unable to open host description file", ANYKEY_MSG, &resp); } void add_desclist_node(struct desclist *list, struct desclistent *ptmp) { if (list->head == NULL) { list->head = ptmp; ptmp->prev_entry = NULL; } else { list->tail->next_entry = ptmp; ptmp->prev_entry = list->tail; } ptmp->next_entry = NULL; list->tail = ptmp; } /* * Loads descriptions from the IPTraf LAN host description files. * Now also loads /etc/ethers as well. * * In case of a duplicate in the IPTraf definition files and /etc/ethers, * the IPTraf definition files take precedence. */ void loaddesclist(struct desclist *list, unsigned int linktype, int withethers) { struct desclistent *ptmp = NULL; FILE *fd = NULL; char descline[140]; char *desctoken; char etherline[140]; int i, j; /* counters used when parsing /etc/ethers */ bzero(list, sizeof(struct desclist)); if (linktype == LINK_ETHERNET) fd = fopen(ETHFILE, "r"); else if (linktype == LINK_FDDI) fd = fopen(FDDIFILE, "r"); if (fd == NULL) { return; } while (!feof(fd)) { ptmp = malloc(sizeof(struct desclistent)); if (ptmp == NULL) { printnomem(); return; } bzero(ptmp, sizeof(struct desclistent)); bzero(descline, 140); fgets(descline, 140, fd); if (strcmp(descline, "") == 0) { free(ptmp); continue; } strncpy(ptmp->rec.address, strtok(descline, ":"), 12); desctoken = strtok(NULL, "\n"); if (desctoken != NULL) strncpy(ptmp->rec.desc, desctoken, 64); else strcpy(ptmp->rec.desc, ""); add_desclist_node(list, ptmp); } fclose(fd); /* * Loads MAC addresses defined in /etc/ethers. Contributed by * Debian maintainter Frederic Peters . Thanks * Frederic! * * Contributor's note: * loading other ethenet mac addresses from /etc/ethers (used by tcpdump) * * Author's note: * Moved significantly repeating code to a function. */ if (!withethers) return; if (linktype != LINK_ETHERNET) return; fd = fopen("/etc/ethers", "r"); if (fd == NULL) return; while (!feof(fd)) { ptmp = malloc(sizeof(struct desclistent)); if (ptmp == NULL) { printnomem(); return; } bzero(ptmp, sizeof(struct desclistent)); bzero(descline, 140); bzero(etherline, 140); fgets(etherline, 140, fd); /* * Convert /etc/ethers line to a descline */ if (etherline[0] == '#' || etherline[0] == '\n' || etherline[0] == 0) { free(ptmp); continue; } if (strchr(etherline, '\n')) strchr(etherline, '\n')[0] = 0; j = 0; for (i = 0; i < 20 && !isspace(etherline[i]); i++) { if (etherline[i] == ':') continue; descline[j++] = tolower(etherline[i]); } descline[j] = ':'; /* * Skip over whitespace between MAC address and IP addr/host name */ while (isspace(etherline[i++])); strncat(descline, etherline + i - 1, 130); if (strcmp(descline, "") == 0) { free(ptmp); continue; } strncpy(ptmp->rec.address, strtok(descline, ":"), 12); desctoken = strtok(NULL, "\n"); if (desctoken != NULL) strncpy(ptmp->rec.desc, desctoken, 64); else strcpy(ptmp->rec.desc, ""); add_desclist_node(list, ptmp); } fclose(fd); } void savedesclist(struct desclist *list, unsigned int linktype) { FILE *fd = NULL; struct desclistent *ptmp = list->head; if (linktype == LINK_ETHERNET) fd = fopen(ETHFILE, "w"); else if (linktype == LINK_FDDI) fd = fopen(FDDIFILE, "w"); if (fd < 0) { etherr(); return; } while (ptmp != NULL) { fprintf(fd, "%s:%s\n", ptmp->rec.address, ptmp->rec.desc); ptmp = ptmp->next_entry; } fclose(fd); } void displayethdescs(struct desclist *list, WINDOW * win) { struct desclistent *ptmp = list->head; short i = 0; do { wmove(win, i, 2); wprintw(win, "%s %s", ptmp->rec.address, ptmp->rec.desc); i++; ptmp = ptmp->next_entry; } while ((i < 18) && (ptmp != NULL)); update_panels(); doupdate(); } void destroydesclist(struct desclist *list) { struct desclistent *ptmp = list->head; struct desclistent *ctmp = NULL; if (list->head != NULL) ctmp = ptmp->next_entry; while (ptmp != NULL) { free(ptmp); ptmp = ctmp; if (ctmp != NULL) ctmp = ctmp->next_entry; } } void operate_descselect(struct desclist *list, struct desclistent **node, WINDOW * win, int *aborted) { int ch = 0; int i = 0; char sp_buf[10]; int exitloop = 0; *node = list->head; sprintf(sp_buf, "%%%dc", COLS - 2); do { wattrset(win, PTRATTR); wmove(win, i, 1); waddch(win, ACS_RARROW); ch = wgetch(win); wmove(win, i, 1); waddch(win, ' '); wattrset(win, STDATTR); switch (ch) { case KEY_DOWN: if ((*node)->next_entry != NULL) { *node = (*node)->next_entry; if (i < 17) i++; else { wscrl(win, 1); scrollok(win, 0); wmove(win, 17, 0); wprintw(win, sp_buf, ' '); scrollok(win, 1); wmove(win, 17, 2); wprintw(win, "%s %s", (*node)->rec.address, (*node)->rec.desc); } } break; case KEY_UP: if ((*node)->prev_entry != NULL) { *node = (*node)->prev_entry; if (i > 0) i--; else { wscrl(win, -1); wmove(win, 0, 0); wprintw(win, sp_buf, ' '); wmove(win, 0, 2); wprintw(win, "%s %s", (*node)->rec.address, (*node)->rec.desc); } } break; case 13: exitloop = 1; *aborted = 0; break; case 27: case 24: case 'x': case 'X': case 'q': case 'Q': exitloop = 1; *aborted = 1; break; } } while (!exitloop); } void selectdesc(struct desclist *list, struct desclistent **node, int *aborted) { int resp; struct scroll_list slist; char descline[80]; if (list->head == NULL) { tx_errbox("No descriptions", ANYKEY_MSG, &resp); return; } *node = list->head; tx_init_listbox(&slist, COLS, 20, 0, (LINES - 20) / 2, STDATTR, BOXATTR, BARSTDATTR, HIGHATTR); tx_set_listbox_title(&slist, "Address", 1); tx_set_listbox_title(&slist, "Description", 19); while (*node != NULL) { snprintf(descline, 80, "%-18s%s", (*node)->rec.address, (*node)->rec.desc); tx_add_list_entry(&slist, (char *) (*node), descline); (*node) = (*node)->next_entry; } tx_show_listbox(&slist); tx_operate_listbox(&slist, &resp, aborted); if (!(*aborted)) *node = (struct desclistent *) slist.textptr->nodeptr; tx_close_listbox(&slist); tx_destroy_list(&slist); update_panels(); doupdate(); } void descdlg(struct descrec *rec, char *initaddr, char *initdesc, int *aborted) { WINDOW *win; PANEL *panel; struct FIELDLIST fieldlist; win = newwin(8, 70, 8, (COLS - 70) / 2); panel = new_panel(win); wattrset(win, DLGBOXATTR); tx_colorwin(win); tx_box(win, ACS_VLINE, ACS_HLINE); wmove(win, 6, 2 * COLS / 80); tabkeyhelp(win); wmove(win, 6, 20 * COLS / 80); stdkeyhelp(win); wattrset(win, DLGTEXTATTR); wmove(win, 2, 2 * COLS / 80); wprintw(win, "MAC Address:"); wmove(win, 4, 2 * COLS / 80); wprintw(win, "Description:"); tx_initfields(&fieldlist, 3, 52, 10, (COLS - 52) / 2 + 6 * COLS / 80, DLGTEXTATTR, FIELDATTR); tx_addfield(&fieldlist, 12, 0, 0, initaddr); tx_addfield(&fieldlist, 50, 2, 0, initdesc); tx_fillfields(&fieldlist, aborted); if (!(*aborted)) { strcpy(rec->address, fieldlist.list->buf); strcpy(rec->desc, fieldlist.list->nextfield->buf); } tx_destroyfields(&fieldlist); del_panel(panel); delwin(win); } void addethdesc(struct desclist *list) { struct descrec rec; int aborted; struct desclistent *ptmp; descdlg(&rec, "", "", &aborted); if (!aborted) { ptmp = malloc(sizeof(struct desclistent)); if (list->head == NULL) { list->head = ptmp; ptmp->prev_entry = NULL; } else { ptmp->prev_entry = list->tail; list->tail->next_entry = ptmp; } list->tail = ptmp; ptmp->next_entry = NULL; memcpy(&(ptmp->rec), &rec, sizeof(struct descrec)); } update_panels(); doupdate(); } void editethdesc(struct desclist *list) { struct desclistent *ptmp; int aborted; selectdesc(list, &ptmp, &aborted); if (!aborted) descdlg(&(ptmp->rec), ptmp->rec.address, ptmp->rec.desc, &aborted); } void delethdesc(struct desclist *list) { struct desclistent *ptmp; int aborted; selectdesc(list, &ptmp, &aborted); if (!aborted) { if (ptmp->prev_entry != NULL) ptmp->prev_entry->next_entry = ptmp->next_entry; else list->head = ptmp->next_entry; if (ptmp->next_entry != NULL) ptmp->next_entry->prev_entry = ptmp->prev_entry; else list->tail = ptmp->prev_entry; free(ptmp); } } void ethdescmgr(unsigned int linktype) { struct MENU menu; int row = 1; int aborted; struct desclist list; loaddesclist(&list, linktype, WITHOUTETCETHERS); tx_initmenu(&menu, 7, 31, (LINES - 6) / 2, (COLS - 31) / 2, BOXATTR, STDATTR, HIGHATTR, BARSTDATTR, BARHIGHATTR, DESCATTR); tx_additem(&menu, " ^A^dd description...", "Adds a description for a MAC address"); tx_additem(&menu, " ^E^dit description...", "Modifies an existing MAC address description"); tx_additem(&menu, " ^D^elete description...", "Deletes an existing MAC address description"); tx_additem(&menu, NULL, NULL); tx_additem(&menu, " E^x^it menu", "Returns to the main menu"); do { tx_showmenu(&menu); tx_operatemenu(&menu, &row, &aborted); switch (row) { case 1: addethdesc(&list); break; case 2: editethdesc(&list); break; case 3: delethdesc(&list); break; } } while (row != 5); tx_destroymenu(&menu); update_panels(); doupdate(); savedesclist(&list, linktype); } iptraf-3.0.0/src/instances.c0100644000076400000000000000672610311472356014607 0ustar rikerroot/*** instances.c - handler routines for multiple IPTraf instances Copyright (c) Gerard Paul Java 1998 This software is open source; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 2 of the License, or (at your option) any later version. This program is distributed WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License in the included COPYING file for details. ***/ #include #include #include #include #include #include #include "error.h" #include "dirs.h" #include "instances.h" extern int daemonized; void gen_lockfile_name(char *tagfile, char *iface, char *result) { if (iface == NULL) snprintf(result, 64, "%s.all", tagfile); else snprintf(result, 64, "%s.%s", tagfile, iface); } void mark_facility(char *tagfile, char *facility, char *iface) { int fd; char errstring[80]; char lockfile[64]; gen_lockfile_name(tagfile, iface, lockfile); fd = open(lockfile, O_CREAT | O_WRONLY | O_TRUNC, S_IRUSR | S_IWUSR); if (fd < 0) { snprintf(errstring, 80, "Warning: unable to lock %s on %s", facility, iface); write_error(errstring, daemonized); } close(fd); strncpy(active_facility_lockfile, lockfile, 64); } void unmark_facility(char *tagfile, char *iface) { char lockfile[64]; gen_lockfile_name(tagfile, iface, lockfile); unlink(lockfile); strcpy(active_facility_lockfile, ""); } int facility_active(char *tagfile, char *iface) { int fd; char lockfile[64]; gen_lockfile_name(tagfile, iface, lockfile); fd = open(lockfile, O_RDONLY); if (fd < 0) return 0; else { close(fd); return 1; } } /* * Increments or decrements the process count */ int adjust_instance_count(char *countfile, int inc) { int fd; int proccount = 0; int brw; fd = open(countfile, O_RDWR | O_CREAT, S_IRUSR | S_IWUSR); brw = read(fd, &proccount, sizeof(int)); if ((brw == 0) || (brw == -1)) proccount = 0; proccount += inc; if (proccount < 0) proccount = 0; lseek(fd, 0, SEEK_SET); brw = write(fd, &proccount, sizeof(int)); close(fd); return proccount; } int get_instance_count(char *countfile) { int fd; int proccount = 0; int br; fd = open(countfile, O_RDONLY); br = read(fd, &proccount, sizeof(int)); if ((br == 0) || (br == -1)) proccount = 0; close(fd); return proccount; } /* * Returns TRUE if this is the last instance, and is therefore responsible * for restoring the promicuous states saved by the first instance. * * Man, this is getting more complex by the minute :) */ int is_last_instance(void) { int fd; int proccount = 0; int br; fd = open(PROCCOUNTFILE, O_RDONLY); br = read(fd, &proccount, sizeof(int)); close(fd); return ((proccount == 1) || (br < 0) || fd < 0); } /* * Returns TRUE if no facilities are currently running in other instances of * IPTraf. Call this before the first invocation of adjust_process_count(1) */ int first_active_facility(void) { int fd; int proccount = 0; int br; fd = open(PROCCOUNTFILE, O_RDONLY); br = read(fd, &proccount, sizeof(int)); close(fd); return ((proccount == 0) || (br < 0) || (fd < 0)); } iptraf-3.0.0/src/instances.h0100644000076400000000000000100410311472356014574 0ustar rikerroot/*** instances.h - header file for instances.c ***/ #ifndef MAIN_MODULE extern int is_first_instance; extern char active_facility_lockfile[64]; extern char active_facility_countfile[64]; #endif void mark_facility(char *tagfile, char *facility, char *ifptr); void unmark_facility(char *tagfile, char *ifptr); int facility_active(char *tagfile, char *ifptr); int adjust_instance_count(char *countfile, int inc); int get_instance_count(char *countfile); int is_last_instance(void); int first_active_facility(void); iptraf-3.0.0/src/getpath.c0100644000076400000000000000206510311472356014244 0ustar rikerroot /* * getpath.c - directory search routines for configuration and support * files. * * Contributed by Stefan Luethje * * IPTraf 1.4.0 Copyright (c) Gerard Paul Java 1997, 1998 */ #include #include #include #include #include #include "dirs.h" char *get_path(int dirtype, char *file) { static char path[PATH_MAX]; char *ptr = NULL; char *dir, *env = NULL; switch (dirtype) { case T_WORKDIR: dir = WORKDIR; env = WORKDIR_ENV; break; case T_LOGDIR: dir = LOGDIR; env = LOGDIR_ENV; break; case T_EXECDIR: dir = EXECDIR; break; case T_LOCKDIR: dir = LOCKDIR; break; default: return file; } if ((dirtype != T_EXECDIR) && (dirtype != T_LOCKDIR) && (ptr = getenv(env)) != NULL) dir = ptr; if (dir == NULL || *dir == '\0') return file; snprintf(path, PATH_MAX - 1, "%s/%s", dir, file); return path; } iptraf-3.0.0/src/links.h0100644000076400000000000000054610311472356013737 0ustar rikerroot#define LINK_ETHERNET 1 #define LINK_PPP 2 #define LINK_SLIP 3 #define LINK_PLIP 4 #define LINK_LOOPBACK 5 #define LINK_ISDN_RAWIP 6 #define LINK_ISDN_CISCOHDLC 7 #define LINK_CISCOHDLC 7 #define LINK_FDDI 8 #define LINK_FRAD 9 #define LINK_DLCI 10 #define LINK_TR 11 #define LINK_IPIP 12 #define LINK_VLAN 13 #define LINK_INVALID 0 iptraf-3.0.0/src/getpath.h0100644000076400000000000000017110311472356014245 0ustar rikerroot#define T_WORKDIR 1 #define T_LOGDIR 2 #define T_EXECDIR 3 #define T_LOCKDIR 4 char *get_path(int dirtype, char *file); iptraf-3.0.0/src/isdntab.h0100644000076400000000000000065010311472356014237 0ustar rikerrootstruct isdntabent { char ifname[10]; unsigned int encap; struct isdntabent *next_entry; }; struct isdntab { struct isdntabent *head; struct isdntabent *tail; }; void add_isdn_entry(struct isdntab *list, char *ifname, int isdn_fd); struct isdntabent *isdn_table_lookup(struct isdntab *list, char *ifname, int isdn_fd); void destroy_isdn_table(struct isdntab *list); iptraf-3.0.0/src/isdntab.c0100644000076400000000000000377510311472356014245 0ustar rikerroot/*** isdntab.c - a set of simple routines that collect detected ISDN interfaces and record their link encapsulation. Copyright (c) Gerard Paul Java, 1998 This software is open source; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 2 of the License, or (at your option) any later version. This program is distributed WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License in the included COPYING file for details. ***/ #include #include #include #include #include "isdntab.h" void add_isdn_entry(struct isdntab *list, char *ifname, int isdn_fd) { struct isdntabent *new_entry; isdn_net_ioctl_cfg isdn_cfg; new_entry = malloc(sizeof(struct isdntabent)); strcpy(new_entry->ifname, ifname); new_entry->next_entry = NULL; if (list->head == NULL) list->head = new_entry; if (list->tail != NULL) list->tail->next_entry = new_entry; list->tail = new_entry; strcpy(isdn_cfg.name, ifname); ioctl(isdn_fd, IIOCNETGCF, &isdn_cfg); new_entry->encap = isdn_cfg.p_encap; } struct isdntabent *isdn_table_lookup(struct isdntab *list, char *ifname, int isdn_fd) { struct isdntabent *ptmp = list->head; while (ptmp != NULL) { if (strcmp(ptmp->ifname, ifname) == 0) break; ptmp = ptmp->next_entry; } if (ptmp == NULL) { add_isdn_entry(list, ifname, isdn_fd); ptmp = list->tail; } return ptmp; } void destroy_isdn_table(struct isdntab *list) { struct isdntabent *ptmp = list->head; struct isdntabent *ctemp = NULL; if (ptmp != NULL) ctemp = ptmp->next_entry; while (ptmp != NULL) { free(ptmp); ptmp = ctemp; if (ctemp != NULL) ctemp = ctemp->next_entry; } } iptraf-3.0.0/src/logvars.h0100644000076400000000000000017610311472356014273 0ustar rikerrootextern int rotate_flag; extern char target_logname[160]; extern char current_logfile[160]; extern char graphing_logfile[160]; iptraf-3.0.0/src/descrec.h0100644000076400000000000000046610311472356014230 0ustar rikerroot/* * LAN description record definitions */ struct descrec { char address[13]; char desc[65]; }; struct desclistent { struct descrec rec; struct desclistent *prev_entry; struct desclistent *next_entry; }; struct desclist { struct desclistent *head; struct desclistent *tail; }; iptraf-3.0.0/src/mode.c0100644000076400000000000000044710311472356013536 0ustar rikerroot/* * mode.c - a simple function that returns "kbits" or "kbytes" based on a * numeric argument. */ #include #include "options.h" void dispmode(int mode, char *result) { if (mode == KBITS) strcpy(result, "kbits"); else strcpy(result, "kbytes"); } iptraf-3.0.0/src/mode.h0100644000076400000000000000011610311472356013534 0ustar rikerroot/* * dispmode function prototype */ void dispmode(int mode, char *result); iptraf-3.0.0/src/pktsize.h0100644000076400000000000000014410311472356014302 0ustar rikerrootstruct ifstat_brackets { unsigned int floor; unsigned int ceil; unsigned long count; }; iptraf-3.0.0/src/pktsize.c0100644000076400000000000002353710311472356014310 0ustar rikerroot/*** pktsize.c - the packet size breakdown facility Written by Gerard Paul Java Copyright (c) Gerard Paul Java 1997-1999 This software is open-source; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 2 of the License, or (at your option) any later version. This program is distributed WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License in the included COPYING file for details. ***/ #include #include #include #include #include #include #include #include #include #include #include #include #include #include "attrs.h" #include "dirs.h" #include "fltdefs.h" #include "fltselect.h" #include "isdntab.h" #include "ifaces.h" #include "packet.h" #include "deskman.h" #include "error.h" #include "pktsize.h" #include "options.h" #include "timer.h" #include "instances.h" #include "log.h" #include "logvars.h" #include "promisc.h" extern int exitloop; extern int daemonized; extern void write_size_log(struct ifstat_brackets *brackets, unsigned long interval, char *ifname, unsigned int mtu, FILE * logfile); void rotate_size_log() { rotate_flag = 1; strcpy(target_logname, current_logfile); signal(SIGUSR1, rotate_size_log); } int initialize_brackets(char *ifname, struct ifstat_brackets *brackets, unsigned int *interval, unsigned int *mtu, WINDOW * win) { struct ifreq ifr; int fd; int istat; int i; strcpy(ifr.ifr_name, ifname); fd = socket(PF_PACKET, SOCK_RAW, htons(ETH_P_ALL)); if (fd < 0) { write_error("Unable to open socket for MTU determination", daemonized); return 1; } istat = ioctl(fd, SIOCGIFMTU, &ifr); close(fd); if (istat < 0) { write_error("Unable to obtain interface MTU", daemonized); return 1; } *interval = ifr.ifr_mtu / 20; /* There are 20 packet size brackets */ for (i = 0; i <= 19; i++) { brackets[i].floor = *interval * i + 1; brackets[i].ceil = *interval * (i + 1); brackets[i].count = 0; } brackets[19].ceil = ifr.ifr_mtu; for (i = 0; i <= 9; i++) { wattrset(win, STDATTR); wmove(win, i + 5, 2); wprintw(win, "%4u to %4u:", brackets[i].floor, brackets[i].ceil); wmove(win, i + 5, 23); wattrset(win, HIGHATTR); wprintw(win, "%8lu", 0); } for (i = 10; i <= 19; i++) { wattrset(win, STDATTR); wmove(win, (i - 10) + 5, 36); if (i != 19) wprintw(win, "%4u to %4u:", brackets[i].floor, brackets[i].ceil); else wprintw(win, "%4u to %4u+:", brackets[i].floor, brackets[i].ceil); wmove(win, (i - 10) + 5, 57); wattrset(win, HIGHATTR); wprintw(win, "%8lu", 0); } wattrset(win, STDATTR); mvwprintw(win, 17, 1, "Interface MTU is %d bytes, not counting the data-link header", ifr.ifr_mtu); mvwprintw(win, 18, 1, "Maximum packet size is the MTU plus the data-link header length"); mvwprintw(win, 19, 1, "Packet size computations include data-link headers, if any"); *mtu = ifr.ifr_mtu; return 0; } void update_size_distrib(unsigned int length, struct ifstat_brackets *brackets, unsigned int interval, WINDOW * win) { unsigned int i; i = (length - 1) / interval; /* minus 1 to keep interval boundary lengths within the proper brackets */ if (i > 19) /* This is for extras for MTU's not */ i = 19; /* divisible by 20 */ brackets[i].count++; if (i < 10) wmove(win, i + 5, 23); else wmove(win, (i - 10) + 5, 57); wprintw(win, "%8lu", brackets[i].count); } void packet_size_breakdown(struct OPTIONS *options, char *ifname, int facilitytime, struct filterstate *ofilter) { WINDOW *win; PANEL *panel; WINDOW *borderwin; PANEL *borderpanel; struct ifstat_brackets brackets[20]; unsigned int interval; int ch; int fd; char buf[MAX_PACKET_SIZE]; int br; char *ipacket; char iface[10]; unsigned int mtu; struct sockaddr_ll fromaddr; unsigned short linktype; int pkt_result; struct timeval tv; unsigned long starttime, startlog, timeint; unsigned long now; unsigned long long unow; unsigned long updtime = 0; unsigned long long updtime_usec = 0; int logging = options->logging; FILE *logfile = NULL; struct promisc_states *promisc_list; char msgstring[80]; if (!facility_active(PKTSIZEIDFILE, ifname)) mark_facility(PKTSIZEIDFILE, "Packet size breakdown", ifname); else { snprintf(msgstring, 80, "Packet sizes already being monitored on %s", ifname); write_error(msgstring, daemonized); return; } if (!iface_supported(ifname)) { err_iface_unsupported(); unmark_facility(PKTSIZEIDFILE, ifname); return; } if (!iface_up(ifname)) { err_iface_down(); unmark_facility(PKTSIZEIDFILE, ifname); return; } borderwin = newwin(LINES - 2, COLS, 1, 0); borderpanel = new_panel(borderwin); wattrset(borderwin, BOXATTR); tx_box(borderwin, ACS_VLINE, ACS_HLINE); mvwprintw(borderwin, 0, 1, " Packet Distribution by Size "); win = newwin(LINES - 4, COLS - 2, 2, 1); panel = new_panel(win); tx_stdwinset(win); wtimeout(win, -1); wattrset(win, STDATTR); tx_colorwin(win); move(LINES - 1, 1); stdexitkeyhelp(); initialize_brackets(ifname, brackets, &interval, &mtu, win); mvwprintw(win, 1, 1, "Packet size brackets for interface %s", ifname); wattrset(win, BOXATTR); mvwprintw(win, 4, 1, "Packet Size (bytes)"); mvwprintw(win, 4, 26, "Count"); mvwprintw(win, 4, 36, "Packet Size (bytes)"); mvwprintw(win, 4, 60, "Count"); wattrset(win, HIGHATTR); if (logging) { if (strcmp(current_logfile, "") == 0) { snprintf(current_logfile, 80, "%s-%s.log", PKTSIZELOG, ifname); if (!daemonized) input_logfile(current_logfile, &logging); } } if (logging) { opentlog(&logfile, current_logfile); if (logfile == NULL) logging = 0; } if (logging) signal(SIGUSR1, rotate_size_log); writelog(logging, logfile, "******** Packet size distribution facility started ********"); exitloop = 0; gettimeofday(&tv, NULL); starttime = startlog = timeint = tv.tv_sec; open_socket(&fd); if (fd < 0) { unmark_facility(PKTSIZEIDFILE, ifname); return; } if ((first_active_facility()) && (options->promisc)) { init_promisc_list(&promisc_list); save_promisc_list(promisc_list); srpromisc(1, promisc_list); destroy_promisc_list(&promisc_list); } adjust_instance_count(PROCCOUNTFILE, 1); active_facility_countfile[0] = '\0'; do { gettimeofday(&tv, NULL); now = tv.tv_sec; unow = tv.tv_sec * 1e+6 + tv.tv_usec; if (((options->updrate != 0) && (now - updtime >= options->updrate)) || ((options->updrate == 0) && (unow - updtime_usec >= DEFAULT_UPDATE_DELAY))) { update_panels(); doupdate(); updtime = now; updtime_usec = unow; } if (now - timeint >= 5) { printelapsedtime(starttime, now, LINES - 3, 1, borderwin); timeint = now; } if ((now - startlog >= options->logspan) && (logging)) { write_size_log(brackets, now - starttime, ifname, mtu, logfile); startlog = now; } check_rotate_flag(&logfile, logging); if ((facilitytime != 0) && (((now - starttime) / 60) >= facilitytime)) exitloop = 1; getpacket(fd, buf, &fromaddr, &ch, &br, iface, win); if (ch != ERR) { switch (ch) { case 12: case 'l': case 'L': tx_refresh_screen(); break; case 'x': case 'X': case 'q': case 'Q': case 27: case 24: exitloop = 1; } } if (br > 0) { pkt_result = processpacket(buf, &ipacket, &br, NULL, NULL, NULL, &fromaddr, &linktype, ofilter, MATCH_OPPOSITE_USECONFIG, iface, ifname); if (pkt_result != PACKET_OK) continue; update_size_distrib(br, brackets, interval, win); } } while (!exitloop); if (logging) { signal(SIGUSR1, SIG_DFL); write_size_log(brackets, now - starttime, ifname, mtu, logfile); writelog(logging, logfile, "******** Packet size distribution facility stopped ********"); fclose(logfile); } close(fd); if ((options->promisc) && (is_last_instance())) { load_promisc_list(&promisc_list); srpromisc(0, promisc_list); destroy_promisc_list(&promisc_list); } adjust_instance_count(PROCCOUNTFILE, -1); del_panel(panel); delwin(win); del_panel(borderpanel); delwin(borderwin); unmark_facility(PKTSIZEIDFILE, ifname); strcpy(current_logfile, ""); } iptraf-3.0.0/src/arphdr.h0100644000076400000000000000144010311472356014071 0ustar rikerroot/* * arp header format, stolen from the Linux include files. */ struct arp_hdr { unsigned short ar_hrd; /* format of hardware address */ unsigned short ar_pro; /* format of protocol address */ unsigned char ar_hln; /* length of hardware address */ unsigned char ar_pln; /* length of protocol address */ unsigned short ar_op; /* ARP opcode (command) */ /* * Ethernet looks like this : This bit is variable sized however... */ unsigned char ar_sha[ETH_ALEN]; /* sender hardware address */ unsigned char ar_sip[4]; /* sender IP address */ unsigned char ar_tha[ETH_ALEN]; /* target hardware address */ unsigned char ar_tip[4]; /* target IP address */ }; iptraf-3.0.0/src/fltedit.c0100644000076400000000000004223210311472356014243 0ustar rikerroot/*** fltedit.c - the filter editing Facility Copyright (c) Gerard Paul Java 1999, 2002 This software is open-source; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 2 of the License, or (at your option) any later version. This program is distributed WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License in the included COPYING file for details. ***/ #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include "fltdefs.h" #include "fltmgr.h" #include "ipfilter.h" #include "dirs.h" #include "getpath.h" #include "attrs.h" #include "deskman.h" #include "error.h" #include "cidr.h" extern int daemonized; void init_filter_table(struct filterlist *fl) { fl->head = fl->tail = NULL; } /* * Loads the filter from the filter file */ int loadfilter(char *filename, struct filterlist *fl, int resolve) { struct filterent *fe; int pfd; unsigned int idx = 0; int br; int resolv_err = 0; char err_msg[80]; init_filter_table(fl); pfd = open(filename, O_RDONLY); if (pfd < 0) { memset(err_msg, 0, 80); snprintf(err_msg, 80, "Error opening IP filter data file"); write_error(err_msg, daemonized); fl->head = NULL; return 1; } do { fe = malloc(sizeof(struct filterent)); br = read(pfd, &(fe->hp), sizeof(struct hostparams)); if (br > 0) { fe->index = idx; if (resolve) { fe->saddr = nametoaddr(fe->hp.s_fqdn, &resolv_err); fe->daddr = nametoaddr(fe->hp.d_fqdn, &resolv_err); if (resolv_err) { free(fe); continue; } fe->smask = inet_addr(fe->hp.s_mask); fe->dmask = inet_addr(fe->hp.d_mask); } if (fl->head == NULL) { fl->head = fe; fe->prev_entry = NULL; } else { fl->tail->next_entry = fe; fe->prev_entry = fl->tail; } fe->next_entry = NULL; fl->tail = fe; idx++; } else { free(fe); } } while (br > 0); if (br == 0) close(pfd); return 0; } void savefilter(char *filename, struct filterlist *fl) { struct filterent *fe = fl->head; int pfd; int bw; int resp; pfd = open(filename, O_CREAT | O_TRUNC | O_WRONLY, S_IRUSR | S_IWUSR); while (fe != NULL) { bw = write(pfd, &(fe->hp), sizeof(struct hostparams)); if (bw < 0) { tx_errbox("Unable to save filter changes", ANYKEY_MSG, &resp); clear_flt_tag(); return; } fe = fe->next_entry; } close(pfd); } void print_hostparam_line(struct filterent *fe, int idx, WINDOW * win, int attr) { struct in_addr binmask; wattrset(win, attr); scrollok(win, 0); mvwprintw(win, idx, 0, "%78c", ' '); mvwaddnstr(win, idx, 1, fe->hp.s_fqdn, 20); if (inet_aton(fe->hp.s_mask, &binmask) == 0) inet_aton("255.255.255.255", &binmask); wprintw(win, "/%u", cidr_get_maskbits(binmask.s_addr)); if (fe->hp.sport2 == 0) wprintw(win, ":%u", fe->hp.sport1); else wprintw(win, ":%u-%u", fe->hp.sport1, fe->hp.sport2); wmove(win, idx, 34); if (fe->hp.match_opposite != 'Y') wprintw(win, "-->"); else wprintw(win, "<->"); mvwaddnstr(win, idx, 38, fe->hp.d_fqdn, 15); if (inet_aton(fe->hp.d_mask, &binmask) == 0) inet_aton("255.255.255.255", &binmask); wprintw(win, "/%u", cidr_get_maskbits(binmask.s_addr)); if (fe->hp.dport2 == 0) wprintw(win, ":%u", fe->hp.dport1); else wprintw(win, ":%u-%u", fe->hp.dport1, fe->hp.dport2); mvwprintw(win, idx, 76, "%c", toupper(fe->hp.reverse)); wmove(win, idx, 0); } void update_hp_screen(struct filterlist *fl, struct filterent *firstvisible, WINDOW * win) { struct filterent *ftmp = firstvisible; int i; wattrset(win, STDATTR); if (firstvisible == NULL) { mvwprintw(win, 0, 0, "%78c", ' '); wmove(win, 0, 0); return; } scrollok(win, 0); for (i = 0; i <= 12; i++) { if (ftmp != NULL) { print_hostparam_line(ftmp, i, win, STDATTR); ftmp = ftmp->next_entry; } else { mvwprintw(win, i, 0, "%78c", ' '); wmove(win, i, 0); } } scrollok(win, 1); } int new_hp_entry(struct filterent **ftemp) { int resp; *ftemp = malloc(sizeof(struct filterent)); if (*ftemp == NULL) { tx_errbox("No memory for new filter entry", ANYKEY_MSG, &resp); return 0; } memset(*ftemp, 0, sizeof(struct filterent)); return 1; } void modify_host_parameters(struct filterlist *fl) { WINDOW *bwin; PANEL *bpanel; WINDOW *win; PANEL *panel; struct filterent *fe; struct filterent *ftemp; struct filterent *firstvisible = NULL; unsigned int idx = 0; int endloop_local = 0; int ch; int gh_aborted = 0; char s_portstr1[8]; char d_portstr1[8]; char s_portstr2[8]; char d_portstr2[8]; char inexstr[2]; char matchop[2]; bwin = newwin(15, 80, (LINES - 15) / 2, (COLS - 80) / 2); bpanel = new_panel(bwin); win = newwin(13, 78, (LINES - 13) / 2, (COLS - 78) / 2); panel = new_panel(win); wattrset(bwin, BOXATTR); tx_box(bwin, ACS_VLINE, ACS_HLINE); mvwprintw(bwin, 0, 2, " Source "); mvwprintw(bwin, 0, 38, " Destination "); mvwprintw(bwin, 0, 74, " I/E "); mvwprintw(bwin, 14, 1, " Filter Data "); tx_stdwinset(win); scrollok(win, 0); wattrset(win, STDATTR); tx_colorwin(win); move(LINES - 1, 1); tx_printkeyhelp("Up/Down", "-move ptr ", stdscr, HIGHATTR, STATUSBARATTR); tx_printkeyhelp("I", "-insert ", stdscr, HIGHATTR, STATUSBARATTR); tx_printkeyhelp("A", "-add to list ", stdscr, HIGHATTR, STATUSBARATTR); tx_printkeyhelp("D", "-delete ", stdscr, HIGHATTR, STATUSBARATTR); tx_printkeyhelp("Enter", "-edit ", stdscr, HIGHATTR, STATUSBARATTR); tx_printkeyhelp("X/Ctrl+X", "-exit", stdscr, HIGHATTR, STATUSBARATTR); update_panels(); doupdate(); firstvisible = fl->head; update_hp_screen(fl, firstvisible, win); idx = 0; fe = firstvisible; update_panels(); doupdate(); do { if (fe != NULL) { print_hostparam_line(fe, idx, win, BARSTDATTR); } ch = wgetch(win); if (fe != NULL) print_hostparam_line(fe, idx, win, STDATTR); switch (ch) { case KEY_UP: if (fl->head != NULL) { if (fe->prev_entry != NULL) { if (idx > 0) idx--; else { scrollok(win, 1); wscrl(win, -1); firstvisible = firstvisible->prev_entry; } fe = fe->prev_entry; } } break; case KEY_DOWN: if (fl->head != NULL) { if (fe->next_entry != NULL) { if (idx < 12) idx++; else { scrollok(win, 1); wscrl(win, 1); firstvisible = firstvisible->next_entry; } fe = fe->next_entry; } } break; case 'i': case 'I': case KEY_IC: if (!new_hp_entry(&ftemp)) break; gethostparams(&(ftemp->hp), "", "", "", "", "", "", "", "", "I", "N", &gh_aborted); if (gh_aborted) { free(ftemp); continue; } if (fl->head == NULL) { ftemp->next_entry = ftemp->prev_entry = NULL; fl->head = fl->tail = ftemp; firstvisible = fl->head; idx = 0; } else { ftemp->next_entry = fe; ftemp->prev_entry = fe->prev_entry; /* * Point firstvisible at new entry if we inserted at the * top of the list. */ if (ftemp->prev_entry == NULL) { fl->head = ftemp; firstvisible = ftemp; } else fe->prev_entry->next_entry = ftemp; fe->prev_entry = ftemp; } if (ftemp->next_entry == NULL) fl->tail = ftemp; fe = ftemp; update_hp_screen(fl, firstvisible, win); break; case 'a': case 'A': case 1: if (!new_hp_entry(&ftemp)) break; gethostparams(&(ftemp->hp), "", "", "", "", "", "", "", "", "I", "N", &gh_aborted); if (gh_aborted) { free(ftemp); continue; } /* * Add new node to the end of the list (or to the head if the * list is empty. */ if (fl->tail != NULL) { fl->tail->next_entry = ftemp; ftemp->prev_entry = fl->tail; } else { fl->head = ftemp; fl->tail = ftemp; ftemp->prev_entry = ftemp->next_entry = NULL; firstvisible = fl->head; fe = ftemp; idx = 0; } ftemp->next_entry = NULL; fl->tail = ftemp; update_hp_screen(fl, firstvisible, win); break; case 'd': case 'D': case KEY_DC: if (fl->head != NULL) { /* * Move firstvisible down if it's pointing to the target * entry. */ if (firstvisible == fe) firstvisible = fe->next_entry; /* * Detach target node from list. */ if (fe->next_entry != NULL) fe->next_entry->prev_entry = fe->prev_entry; else fl->tail = fe->prev_entry; if (fe->prev_entry != NULL) fe->prev_entry->next_entry = fe->next_entry; else fl->head = fe->next_entry; /* * Move pointer up if we're deleting the last entry. * The list tail pointer has since been moved to the * previous entry. */ if (fe->prev_entry == fl->tail) { ftemp = fe->prev_entry; /* * Move screen pointer up. Really adjust the index if * the pointer is anywhere below the top of the screen. */ if (idx > 0) idx--; else { /* * Otherwise scroll the list down, and adjust the * firstvisible pointer to point to the entry * previous to the target. */ if (ftemp != NULL) { firstvisible = ftemp; } } } else /* * If we reach this point, we're deleting from before * the tail of the list. In that case, we point the * screen pointer at the entry following the target. */ ftemp = fe->next_entry; free(fe); fe = ftemp; update_hp_screen(fl, firstvisible, win); } break; case 13: if (fe != NULL) { sprintf(s_portstr1, "%u", fe->hp.sport1); sprintf(s_portstr2, "%u", fe->hp.sport2); sprintf(d_portstr1, "%u", fe->hp.dport1); sprintf(d_portstr2, "%u", fe->hp.dport2); inexstr[0] = toupper(fe->hp.reverse); inexstr[1] = '\0'; matchop[0] = toupper(fe->hp.match_opposite); matchop[1] = '\0'; gethostparams(&(fe->hp), fe->hp.s_fqdn, fe->hp.s_mask, s_portstr1, s_portstr2, fe->hp.d_fqdn, fe->hp.d_mask, d_portstr1, d_portstr2, inexstr, matchop, &gh_aborted); update_hp_screen(fl, firstvisible, win); } break; case 'x': case 'X': case 'q': case 'Q': case 27: case 24: endloop_local = 1; break; case 'l': case 'L': tx_refresh_screen(); break; } update_panels(); doupdate(); } while (!endloop_local); del_panel(panel); delwin(win); del_panel(bpanel); delwin(bwin); update_panels(); doupdate(); } /* * Remove a currently applied filter from memory */ void destroyfilter(struct filterlist *fl) { struct filterent *fe; struct filterent *cfe; if (fl->head != NULL) { fe = fl->head; cfe = fl->head->next_entry; do { free(fe); fe = cfe; if (cfe != NULL) cfe = cfe->next_entry; } while (fe != NULL); fl->head = fl->tail = NULL; } } void definefilter(int *aborted) { struct filterfileent ffile; char fntemp[14]; struct filterlist fl; int pfd; int bw; int resp; /* * Lock facility */ if (!mark_filter_change()) return; get_filter_description(ffile.desc, aborted, ""); if (*aborted) { clear_flt_tag(); return; } genname(time((time_t *) NULL), fntemp); pfd = open(get_path(T_WORKDIR, fntemp), O_CREAT | O_WRONLY | O_TRUNC, S_IRUSR | S_IWUSR); if (pfd < 0) { tx_errbox("Cannot create filter data file", ANYKEY_MSG, &resp); *aborted = 1; clear_flt_tag(); return; } close(pfd); pfd = open(OTHIPFLNAME, O_CREAT | O_WRONLY | O_APPEND, S_IRUSR | S_IWUSR); if (pfd < 0) { listfileerr(1); clear_flt_tag(); return; } strcpy(ffile.filename, fntemp); bw = write(pfd, &ffile, sizeof(struct filterfileent)); if (bw < 0) listfileerr(2); close(pfd); init_filter_table(&fl); modify_host_parameters(&fl); savefilter(get_path(T_WORKDIR, fntemp), &fl); destroyfilter(&fl); clear_flt_tag(); } /* * Edit an existing filter */ void editfilter(int *aborted) { char filename[FLT_FILENAME_MAX]; struct filterlist fl; struct ffnode *flist; struct ffnode *ffile; struct filterfileent *ffe; if (!mark_filter_change()) return; if (loadfilterlist(&flist) == 1) { listfileerr(1); destroyfilterlist(flist); clear_flt_tag(); return; } pickafilter(flist, &ffile, aborted); clear_flt_tag(); if ((*aborted)) { destroyfilterlist(flist); clear_flt_tag(); return; } ffe = &(ffile->ffe); get_filter_description(ffe->desc, aborted, ffe->desc); if (*aborted) { destroyfilterlist(flist); clear_flt_tag(); return; } strncpy(filename, get_path(T_WORKDIR, ffe->filename), FLT_FILENAME_MAX - 1); if (loadfilter(filename, &fl, FLT_DONTRESOLVE)) return; modify_host_parameters(&fl); save_filterlist(flist); /* This also destroys it */ savefilter(filename, &fl); destroyfilter(&fl); } /* * Delete a filter record from the disk */ void delfilter(int *aborted) { struct ffnode *fltfile; struct ffnode *fltlist; if (!mark_filter_change()) return; if (loadfilterlist(&fltlist) == 1) { *aborted = 1; listfileerr(1); destroyfilterlist(fltlist); clear_flt_tag(); return; } pickafilter(fltlist, &fltfile, aborted); if (*aborted) { clear_flt_tag(); return; } unlink(get_path(T_WORKDIR, fltfile->ffe.filename)); if (fltfile->prev_entry == NULL) { fltlist = fltlist->next_entry; if (fltlist != NULL) fltlist->prev_entry = NULL; } else { fltfile->prev_entry->next_entry = fltfile->next_entry; if (fltfile->next_entry != NULL) fltfile->next_entry->prev_entry = fltfile->prev_entry; } free(fltfile); save_filterlist(fltlist); clear_flt_tag(); *aborted = 0; } iptraf-3.0.0/src/fltedit.h0100644000076400000000000000040510311472356014244 0ustar rikerrootvoid definefilter(int *aborted); int loadfilter(char *filename, struct filterlist *fl, int resolve); void savefilter(char *filename, struct filterlist *fl); void destroyfilter(struct filterlist *fl); void editfilter(int *aborted); void delfilter(int *aborted); iptraf-3.0.0/src/promisc.h0100644000076400000000000000150210311472356014264 0ustar rikerroot/* * promisc.h - definitions for promiscuous state save/recovery * * Thanks to Holger Friese * for the base patch. * Applied it, but then additional issues came up and I ended up doing more * than slight modifications. struct iflist is becoming way too large for * comfort and for something as little as this. */ struct promisc_params { char ifname[8]; int saved_state; int state_valid; }; struct promisc_states { struct promisc_params params; struct promisc_states *next_entry; }; void init_promisc_list(struct promisc_states **list); void save_promisc_list(struct promisc_states *list); void load_promisc_list(struct promisc_states **list); void srpromisc(int mode, struct promisc_states *promisc_list); void destroy_promisc_list(struct promisc_states **list); iptraf-3.0.0/src/install.sh0100744000076400000000000000556607602471146014465 0ustar rikerroot#!/bin/sh # # src/install.sh # This script is part of the IPTraf installation system. Do not attempt # to run this directly from the command prompt. # # Version 3.0.0 Copyright (c) Gerard Paul Java 2002 # if [ "$1" = "" ]; then echo "This script is part of the IPTraf installation system, and" echo "should not be run by itself." exit 1 fi INSTALL=/usr/bin/install TARGET=$1 WORKDIR=$2 LOGDIR=$3 LOCKDIR=$4 echo echo "*** Installing executable programs and preparing work directories" echo echo ">>> Installing iptraf in $TARGET" $INSTALL -m 0700 -o root -g root -s iptraf $TARGET echo ">>> Installing rvnamed in $TARGET" $INSTALL -m 0700 -o root -g root -s rvnamed $TARGET if [ ! -d $WORKDIR ]; then echo ">>> Creating IPTraf work directory $WORKDIR" else echo ">>> IPTraf work directory $WORKDIR already exists" rm -f $WORKDIR/othfilter.dat fi $INSTALL -m 0700 -o root -g root -d $WORKDIR if [ ! -d $LOGDIR ]; then echo ">>> Creating IPTraf log directory $LOGDIR" else echo ">>> IPTraf log directory $LOGDIR already exists" fi $INSTALL -m 0700 -o root -g root -d $LOGDIR if [ ! -d $LOCKDIR ]; then echo ">>> Creating IPTraf lockfile directory $LOCKDIR" else echo ">>> IPTraf lockfile directory $LOCKDIR already exists" fi $INSTALL -m 0700 -o root -g root -d $LOCKDIR echo echo echo "*** iptraf, and rvnamed executables are in $TARGET" echo "*** Log files are placed in $LOGDIR" ################# Filter clearing for 3.0 ########################## if [ ! -f $WORKDIR/version ]; then echo ">>> Clearing old filter list" if [ -f $WORKDIR/tcpfilters.dat ]; then mv -f $WORKDIR/tcpfilters.dat $WORKDIR/tcpfilters.dat~ fi if [ -f $WORKDIR/udpfilters.dat ]; then mv -f $WORKDIR/udpfilters.dat $WORKDIR/udpfilters.dat~ fi if [ -f $WORKDIR/othipfilters.dat ]; then mv -f $WORKDIR/othipfilters.dat $WORKDIR/othipfilters.dat~ fi rm -f $WORKDIR/savedfilters.dat fi #################################################################### cat version > $WORKDIR/version echo echo echo "======================================================================" echo echo "Please read the RELEASE-NOTES file for important new information about" echo "this version. You can view this file now (will require the 'less'" echo "program in /usr/bin. Press Q to quit when done)." echo echo -n "Would you like to view the RELEASE-NOTES file now (Y/N)? "; read YESNO if [ "$YESNO" = "y" -o "$YESNO" = "Y" ]; then less ../RELEASE-NOTES fi clear echo echo "=====================================================================" echo echo "Thank you for installing IPTraf. You can now start IPTraf by issuing" echo "the command" echo echo " $TARGET/iptraf" echo echo "at your shell prompt. You can also add $TARGET to your PATH environment" echo "variable to avoid having to type the pathname when invoking the program." echo exit 0 iptraf-3.0.0/src/version0100644000076400000000000000000607544074424014055 0ustar rikerroot3.0.0 iptraf-3.0.0/src/ipfilter.h0100644000076400000000000000116510311472356014433 0ustar rikerrootvoid gethostparams(struct hostparams *data, char *init_saddr, char *init_smask, char *init_sport1, char *init_sport2, char *init_daddr, char *init_dmask, char *init_dport1, char *init_dport2, char *initinex, char *initmatchop, int *aborted); void ipfilterselect(struct filterlist *fl, char *filename, int *fltcode, int *faborted); int ipfilter(unsigned long saddr, unsigned long daddr, unsigned int sport, unsigned int dport, unsigned int protocol, int match_opp_mode, struct filterlist *fl); iptraf-3.0.0/src/bar.c0100644000076400000000000000160110311472356013347 0ustar rikerroot/* * bar.c - sets the highlight and rate indicator bar for the IP traffic * monitor and TCP/UDP statistics * * Copyright (c) Gerard Paul Java 2001 * * */ /* * Set the highlight bar to point to the specified entry. * This routine also sets the cleared flag (indicates whether the * flow rate has been displayed). The flow rate computation timer * and accumulator are also reset. */ #include #include #include #include #include "attrs.h" void set_barptr(char **barptr, char *entry, time_t * starttime, char *spanbr, size_t size, WINDOW * win, int *cleared, int x) { *barptr = entry; *starttime = time(NULL); bzero(spanbr, size); if (!(*cleared)) { wattrset(win, IPSTATATTR); mvwprintw(win, 0, x, "Computing"); tx_wcoloreol(win); *cleared = 1; } } iptraf-3.0.0/src/bar.h0100644000076400000000000000023710311472356013360 0ustar rikerrootvoid set_barptr(char **barptr, char *entry, time_t * starttime, char *spanbr, size_t size, WINDOW * win, int *cleared, int x); iptraf-3.0.0/src/tr.h0100644000076400000000000000015510311472356013240 0ustar rikerroot/* * tr.h - prototype for Token Ring header parser. */ unsigned int get_tr_ip_offset(unsigned char *pkt); iptraf-3.0.0/src/tr.c0100644000076400000000000000117410311472356013235 0ustar rikerroot/* * tr.c - Token Ring frame parsing code * * Based on the sources from the Linux kernel. * * Copyright (c) Gerard Paul Java 2002 */ #include #include #include unsigned int get_tr_ip_offset(unsigned char *pkt) { struct trh_hdr *trh; unsigned int riflen = 0; trh = (struct trh_hdr *) pkt; /* * Check if this packet has TR routing information and get * its length. */ if (trh->saddr[0] & TR_RII) riflen = (ntohs(trh->rcf) & TR_RCF_LEN_MASK) >> 8; return sizeof(struct trh_hdr) - TR_MAXRIFLEN + riflen + sizeof(struct trllc); } iptraf-3.0.0/src/tcptimeout.h0100644000076400000000000000017710311472356015014 0ustar rikerrootvoid write_timeout_log(int logging, FILE * logfile, struct tcptableent *tcpnode, struct OPTIONS *opts); iptraf-3.0.0/src/rawtime.c0100644000076400000000000000047610311472356014264 0ustar rikerroot#include #include #include #include int main(int argc, char **argv) { if (argv[1] != NULL) { if (strcmp(argv[1], "-v") == 0) { printf("rawtime version 2.6.0\n"); return (1); } } printf("%lu\n", time(NULL)); return 0; } iptraf-3.0.0/src/fltselect.c0100644000076400000000000001272710311472356014603 0ustar rikerroot /*** fltselect.c - a menu-based module that allows selection of other protocols to display Written by Gerard Paul Java Copyright (c) Gerard Paul Java 1997, 1998 This software is open source; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 2 of the License, or (at your option) any later version. This program is distributed WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License in the included COPYING file for details. ***/ #include #include #include #include #include #include #include #include #include #include #include #include #include "addproto.h" #include "dirs.h" #include "fltdefs.h" #include "fltselect.h" #include "fltedit.h" #include "fltmgr.h" #include "deskman.h" #include "attrs.h" #include "instances.h" void makemainfiltermenu(struct MENU *menu) { tx_initmenu(menu, 8, 18, (LINES - 8) / 2, (COLS - 31) / 2, BOXATTR, STDATTR, HIGHATTR, BARSTDATTR, BARHIGHATTR, DESCATTR); tx_additem(menu, " ^I^P...", "Manages IP packet filters"); tx_additem(menu, " ^A^RP", "Toggles Address Resolution Protocol filter"); tx_additem(menu, " ^R^ARP", "Toggles Reverse ARP filter"); tx_additem(menu, " ^N^on-IP", "Toggles filter for all other non-IP packets"); tx_additem(menu, NULL, NULL); tx_additem(menu, " E^x^it menu", "Returns to the filter management menu"); } void setfilters(struct filterstate *filter, unsigned int row) { int aborted; switch (row) { case 1: ipfilterselect(&(filter->fl), filter->filename, &(filter->filtercode), &aborted); break; case 2: filter->arp = ~(filter->arp); break; case 3: filter->rarp = ~(filter->rarp); break; case 4: filter->nonip = ~(filter->nonip); break; } } void toggleprotodisplay(WINDOW * win, struct filterstate *filter, unsigned int row) { wmove(win, row, 2); switch (row) { case 1: if (filter->filtercode == 0) wprintw(win, "No IP filter active"); else wprintw(win, "IP filter active "); break; case 2: if (filter->arp) wprintw(win, "ARP visible "); else wprintw(win, "ARP not visible"); break; case 3: if (filter->rarp) wprintw(win, "RARP visible "); else wprintw(win, "RARP not visible"); break; case 4: if (filter->nonip) wprintw(win, "Non-IP visible "); else wprintw(win, "Non-IP not visible"); break; } } /* * Filter for non-IP packets */ int nonipfilter(struct filterstate *filter, unsigned int protocol) { int result = 0; switch (protocol) { case ETH_P_ARP: result = filter->arp; break; case ETH_P_RARP: result = filter->rarp; break; case 0: result = filter->nonip; break; } return result; } void config_filters(struct filterstate *filter) { struct MENU menu; WINDOW *statwin; PANEL *statpanel; int row; int aborted; statwin = newwin(6, 30, (LINES - 8) / 2, (COLS - 15) / 2 + 10); statpanel = new_panel(statwin); wattrset(statwin, BOXATTR); tx_colorwin(statwin); tx_box(statwin, ACS_VLINE, ACS_HLINE); tx_stdwinset(statwin); wmove(statwin, 0, 1); wprintw(statwin, " Filter Status "); wattrset(statwin, STDATTR); for (row = 1; row <= 4; row++) toggleprotodisplay(statwin, filter, row); makemainfiltermenu(&menu); row = 1; do { tx_showmenu(&menu); tx_operatemenu(&menu, &row, &aborted); setfilters(filter, row); toggleprotodisplay(statwin, filter, row); } while (row != 6); tx_destroymenu(&menu); del_panel(statpanel); delwin(statwin); update_panels(); doupdate(); } void setodefaults(struct filterstate *filter) { memset(filter, 0, sizeof(struct filterstate)); filter->filtercode = 0; } void loadfilters(struct filterstate *filter) { int pfd; int br; pfd = open(FLTSTATEFILE, O_RDONLY); /* open filter state file */ if (pfd < 0) { setodefaults(filter); return; } br = read(pfd, filter, sizeof(struct filterstate)); if (br < 0) setodefaults(filter); close(pfd); /* * Reload IP filter if one was previously applied */ if (filter->filtercode != 0) loadfilter(filter->filename, &(filter->fl), FLT_RESOLVE); } void savefilters(struct filterstate *filter) { int pfd; int bw; int resp; if (!facility_active(FLTIDFILE, "")) mark_facility(FLTIDFILE, "Filter configuration change", ""); else { tx_errbox("Filter state file currently in use; try again later", ANYKEY_MSG, &resp); return; } pfd = open(FLTSTATEFILE, O_CREAT | O_TRUNC | O_WRONLY, S_IRUSR | S_IWUSR); bw = write(pfd, filter, sizeof(struct filterstate)); if (bw < 1) tx_errbox("Unable to write filter state information", ANYKEY_MSG, &resp); close(pfd); unmark_facility(FLTIDFILE, ""); } iptraf-3.0.0/src/fltdefs.h0100644000076400000000000000234710311472356014247 0ustar rikerroot/*** fltdefs.h - declarations for the TCP, UDP, and misc IP filters Written by Gerard Paul Java Copyright (c) Gerard Paul Java 1997-2002 ***/ #define FLT_FILENAME_MAX 40 #define FLT_RESOLVE 1 #define FLT_DONTRESOLVE 0 #define F_ALL_IP 0 #define F_TCP 6 #define F_UDP 17 #define F_OTHERIP 59 #define F_ICMP 1 #define F_IGMP 2 #define F_OSPF 89 #define F_IGP 9 #define F_IGRP 88 #define F_GRE 47 #define F_L2TP 115 #define F_IPSEC_AH 51 #define F_IPSEC_ESP 50 #define MATCH_OPPOSITE_ALWAYS 1 #define MATCH_OPPOSITE_USECONFIG 2 /* * IP filter parameter entry */ struct hostparams { char s_fqdn[45]; char d_fqdn[45]; char s_mask[20]; char d_mask[20]; unsigned int sport1; unsigned int sport2; unsigned int dport1; unsigned int dport2; int filters[256]; char protolist[70]; char reverse; char match_opposite; }; struct filterent { struct hostparams hp; unsigned long saddr; unsigned long daddr; unsigned long smask; unsigned long dmask; unsigned int index; struct filterent *next_entry; struct filterent *prev_entry; }; struct filterlist { struct filterent *head; struct filterent *tail; unsigned int lastpos; }; iptraf-3.0.0/src/parseproto.h0100644000076400000000000000061710311472356015014 0ustar rikerroot#define RANGE_OK 0 #define COMMA_EXPECTED 1 #define INVALID_RANGE 2 #define OUT_OF_RANGE 4 #define NO_MORE_TOKENS 5 void get_next_protorange(char *src, char **cptr, unsigned int *proto1, unsigned int *proto2, int *parse_result, char **badtokenptr); int validate_ranges(char *src, int *parse_result, char **bptr); iptraf-3.0.0/src/parseproto.c0100644000076400000000000001067510311472356015014 0ustar rikerroot/* * parseports.c - code to extract the protocol codes or ranges thereof from * the user-defined string. * * Copyright (c) Gerard Paul Java 2002 * * This software is open-source; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by * the Free Software Foundation; either version 2 of the License, or * (at your option) any later version. * * This program is distributed WITHOUT ANY WARRANTY; without even the * implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. * See the GNU General Public License in the included COPYING file for * details. */ #include #include #include #include "parseproto.h" /* * Extracts next token from the buffer. */ char *get_next_token(char *buf, char **cptr) { static char rtoken[32]; int i; i = 0; /* * Skip over leading whitespace */ while (isspace(**cptr)) (*cptr)++; if (**cptr == ',' || **cptr == '-') { rtoken[0] = **cptr; rtoken[1] = '\0'; (*cptr)++; } else { while (!isspace(**cptr) && **cptr != '-' && **cptr != ',' && **cptr != '\0') { rtoken[i] = **cptr; (*cptr)++; i++; } rtoken[i] = '\0'; } return rtoken; } void get_next_protorange(char *src, char **cptr, unsigned int *proto1, unsigned int *proto2, int *parse_result, char **badtokenptr) { char toktmp[5]; char prototmp1[5]; char prototmp2[5]; char *cerr_ptr; static char bad_token[5]; unsigned int tmp; memset(toktmp, 0, 5); memset(prototmp1, 0, 5); memset(prototmp2, 0, 5); memset(bad_token, 0, 5); strncpy(prototmp1, get_next_token(src, cptr), 5); if (prototmp1[0] == '\0') { *parse_result = NO_MORE_TOKENS; return; } strncpy(toktmp, get_next_token(src, cptr), 5); *parse_result = RANGE_OK; switch (toktmp[0]) { case '-': strncpy(prototmp2, get_next_token(src, cptr), 5); /* * Check for missing right-hand token for - */ if (prototmp2[0] == '\0') { *parse_result = INVALID_RANGE; strcpy(bad_token, "-"); *badtokenptr = bad_token; break; } *proto2 = (unsigned int) strtoul(prototmp2, &cerr_ptr, 10); /* * First check for an invalid character */ if (*cerr_ptr != '\0') { *parse_result = INVALID_RANGE; strncpy(bad_token, prototmp2, 5); *badtokenptr = bad_token; } else { /* * Then check for the validity of the token */ if (*proto2 > 255) { strncpy(bad_token, prototmp2, 5); *badtokenptr = bad_token; *parse_result = OUT_OF_RANGE; } /* * Then check if the next token is a comma */ strncpy(toktmp, get_next_token(src, cptr), 5); if (toktmp[0] != '\0' && toktmp[0] != ',') { *parse_result = COMMA_EXPECTED; strncpy(bad_token, toktmp, 5); *badtokenptr = bad_token; } } break; case ',': case '\0': *proto2 = 0; break; default: *parse_result = COMMA_EXPECTED; strncpy(bad_token, toktmp, 5); *badtokenptr = bad_token; break; } if (*parse_result != RANGE_OK) return; *proto1 = (unsigned int) strtoul(prototmp1, &cerr_ptr, 10); if (*cerr_ptr != '\0') { *parse_result = INVALID_RANGE; strncpy(bad_token, prototmp1, 5); *badtokenptr = bad_token; } else if (*proto1 > 255) { *parse_result = OUT_OF_RANGE; strncpy(bad_token, prototmp1, 5); *badtokenptr = bad_token; } else *badtokenptr = NULL; if (*proto2 != 0 && *proto1 > *proto2) { tmp = *proto1; *proto1 = *proto2; *proto2 = tmp; } } int validate_ranges(char *samplestring, int *parse_result, char **badtokenptr) { int proto1, proto2; char *cptr = samplestring; do { get_next_protorange(samplestring, &cptr, &proto1, &proto2, parse_result, badtokenptr); } while (*parse_result == RANGE_OK); if (*parse_result != NO_MORE_TOKENS) return 0; return 1; } iptraf-3.0.0/src/ipfilter.c0100644000076400000000000003762210311472356014435 0ustar rikerroot/*** ipfilter.c - user interface and filter function for all IP packets Written by Gerard Paul Java Copyright (c) Gerard Paul Java 2001, 2002 This software is open-source; you may redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 2 of the License, or (at your option) any later version. This program is distributed WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License in the included COPYING file for details. ***/ #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include "addproto.h" #include "dirs.h" #include "deskman.h" #include "attrs.h" #include "fltdefs.h" #include "fltmgr.h" #include "ipfilter.h" #include "fltedit.h" #include "getpath.h" #include "parseproto.h" #include "cidr.h" extern int daemonized; void gethostparams(struct hostparams *data, char *init_saddr, char *init_smask, char *init_sport1, char *init_sport2, char *init_daddr, char *init_dmask, char *init_dport1, char *init_dport2, char *initinex, char *initmatchop, int *aborted) { WINDOW *dlgwin; PANEL *dlgpanel; struct FIELDLIST fields; struct FIELD *fieldptr; int rangeproto1, rangeproto2; int parse_result; char *bptr, *cptr; int i, doagain; char msgstr[60]; char actual_address[30]; unsigned int maskbits; const char *init_yesno = "Y"; const char *WILDCARD = "0.0.0.0"; dlgwin = newwin(22, 80, (LINES - 22) / 2, (COLS - 80) / 2); dlgpanel = new_panel(dlgwin); wattrset(dlgwin, DLGBOXATTR); tx_colorwin(dlgwin); tx_box(dlgwin, ACS_VLINE, ACS_HLINE); mvwprintw(dlgwin, 0, 22, " Source "); mvwprintw(dlgwin, 0, 52, " Destination "); wmove(dlgwin, 20, 2); tabkeyhelp(dlgwin); stdkeyhelp(dlgwin); wattrset(dlgwin, DLGTEXTATTR); mvwprintw(dlgwin, 2, 2, "IP address"); mvwprintw(dlgwin, 4, 2, "Wildcard mask"); mvwprintw(dlgwin, 6, 2, "Port"); mvwprintw(dlgwin, 9, 2, "Protocols to match"); mvwprintw(dlgwin, 10, 2, "(Enter Y beside each"); mvwprintw(dlgwin, 11, 2, "protocol to match.)"); mvwprintw(dlgwin, 18, 2, "Include/Exclude (I/E)"); tx_initfields(&fields, 19, 55, (LINES - 22) / 2 + 1, (COLS - 80) / 2 + 23, DLGTEXTATTR, FIELDATTR); mvwprintw(fields.fieldwin, 5, 6, "to"); mvwprintw(fields.fieldwin, 5, 36, "to"); mvwprintw(fields.fieldwin, 6, 0, "Port fields apply only to TCP and UDP packets"); mvwprintw(fields.fieldwin, 8, 3, "All IP"); mvwprintw(fields.fieldwin, 8, 16, "TCP"); mvwprintw(fields.fieldwin, 8, 26, "UDP"); mvwprintw(fields.fieldwin, 8, 35, "ICMP"); mvwprintw(fields.fieldwin, 8, 45, "IGMP"); mvwprintw(fields.fieldwin, 10, 5, "OSPF"); mvwprintw(fields.fieldwin, 10, 16, "IGP"); mvwprintw(fields.fieldwin, 10, 25, "IGRP"); mvwprintw(fields.fieldwin, 10, 36, "GRE"); mvwprintw(fields.fieldwin, 10, 45, "L2TP"); mvwprintw(fields.fieldwin, 12, 1, "IPSec AH"); mvwprintw(fields.fieldwin, 12, 13, "IPSec ESP"); mvwprintw(fields.fieldwin, 14, 1, "Additional protocols or ranges (e.g. 8, 18-20, 69, 90)"); mvwprintw(fields.fieldwin, 17, 11, "Match opposite (Y/N)"); tx_addfield(&fields, 25, 1, 0, init_saddr); tx_addfield(&fields, 25, 3, 0, init_smask); tx_addfield(&fields, 5, 5, 0, init_sport1); tx_addfield(&fields, 5, 5, 9, init_sport2); tx_addfield(&fields, 25, 1, 30, init_daddr); tx_addfield(&fields, 25, 3, 30, init_dmask); tx_addfield(&fields, 5, 5, 30, init_dport1); tx_addfield(&fields, 5, 5, 39, init_dport2); if (data->filters[F_ALL_IP]) init_yesno = "Y"; else init_yesno = ""; tx_addfield(&fields, 1, 8, 10, init_yesno); if (data->filters[F_TCP]) init_yesno = "Y"; else init_yesno = ""; tx_addfield(&fields, 1, 8, 20, init_yesno); if (data->filters[F_UDP]) init_yesno = "Y"; else init_yesno = ""; tx_addfield(&fields, 1, 8, 30, init_yesno); if (data->filters[F_ICMP]) init_yesno = "Y"; else init_yesno = ""; tx_addfield(&fields, 1, 8, 40, init_yesno); if (data->filters[F_IGMP]) init_yesno = "Y"; else init_yesno = ""; tx_addfield(&fields, 1, 8, 50, init_yesno); if (data->filters[F_OSPF]) init_yesno = "Y"; else init_yesno = ""; tx_addfield(&fields, 1, 10, 10, init_yesno); if (data->filters[F_IGP]) init_yesno = "Y"; else init_yesno = ""; tx_addfield(&fields, 1, 10, 20, init_yesno); if (data->filters[F_IGRP]) init_yesno = "Y"; else init_yesno = ""; tx_addfield(&fields, 1, 10, 30, init_yesno); if (data->filters[F_GRE]) init_yesno = "Y"; else init_yesno = ""; tx_addfield(&fields, 1, 10, 40, init_yesno); if (data->filters[F_L2TP]) init_yesno = "Y"; else init_yesno = ""; tx_addfield(&fields, 1, 10, 50, init_yesno); if (data->filters[F_IPSEC_AH]) init_yesno = "Y"; else init_yesno = ""; tx_addfield(&fields, 1, 12, 10, init_yesno); if (data->filters[F_IPSEC_ESP]) init_yesno = "Y"; else init_yesno = ""; tx_addfield(&fields, 1, 12, 23, init_yesno); cptr = tx_ltrim(data->protolist); tx_addfield(&fields, 54, 15, 1, cptr); tx_addfield(&fields, 1, 17, 1, initinex); tx_addfield(&fields, 1, 17, 32, initmatchop); do { tx_fillfields(&fields, aborted); /*get input */ if (!(*aborted)) { fieldptr = fields.list; /* * Adjust upper loop bound depending on the number of fields * before the "Additional IP protocols" field. */ for (i = 2; i <= 21; i++) fieldptr = fieldptr->nextfield; if (!validate_ranges(fieldptr->buf, &parse_result, &bptr)) { snprintf(msgstr, 60, "Invalid protocol input at or near token \"%s\"", bptr); tx_errbox(msgstr, ANYKEY_MSG, &i); doagain = 1; } else doagain = 0; } else { doagain = 0; } } while (doagain); /* * Store entered filter data into data structures */ if (!(*aborted)) { fieldptr = fields.list; maskbits = 0; /* * Process Source Address field */ if (fieldptr->buf[0] == '\0') strcpy(data->s_fqdn, WILDCARD); else strcpy(data->s_fqdn, fieldptr->buf); if (strchr(data->s_fqdn, '/') != NULL) { cidr_split_address(data->s_fqdn, actual_address, &maskbits); strcpy(data->s_fqdn, actual_address); } /* * Process Source Mask field */ fieldptr = fieldptr->nextfield; if (fieldptr->buf[0] == '\0') { if (maskbits > 32) { strcpy(data->s_mask, WILDCARD); } else { strncpy(data->s_mask, cidr_get_quad_mask(maskbits), 20); } } else strcpy(data->s_mask, fieldptr->buf); /* * Process Source Port fields */ fieldptr = fieldptr->nextfield; if (fieldptr->buf[0] == '\0') data->sport1 = 0; else data->sport1 = atoi(fieldptr->buf); fieldptr = fieldptr->nextfield; if (fieldptr->buf[0] == '\0') data->sport2 = 0; else data->sport2 = atoi(fieldptr->buf); /* * Process Destination Address field */ fieldptr = fieldptr->nextfield; if (fieldptr->buf[0] == '\0') strcpy(data->d_fqdn, WILDCARD); else strcpy(data->d_fqdn, fieldptr->buf); maskbits = 0; if (strchr(data->d_fqdn, '/') != NULL) { cidr_split_address(data->d_fqdn, actual_address, &maskbits); strcpy(data->d_fqdn, actual_address); } /* * Process Destination mask field */ fieldptr = fieldptr->nextfield; if (fieldptr->buf[0] == '\0') { if (maskbits > 32) { strcpy(data->d_mask, WILDCARD); } else { strncpy(data->d_mask, cidr_get_quad_mask(maskbits), 20); } } else strcpy(data->d_mask, fieldptr->buf); /* * Process Dedination Port fields */ fieldptr = fieldptr->nextfield; if (fieldptr->buf[0] == '\0') data->dport1 = 0; else data->dport1 = atoi(fieldptr->buf); fieldptr = fieldptr->nextfield; if (fieldptr->buf[0] == '\0') data->dport2 = 0; else data->dport2 = atoi(fieldptr->buf); /* * Process IP protocol filter fields */ fieldptr = fieldptr->nextfield; memset(&(data->filters), 0, sizeof(data->filters)); if (toupper(fieldptr->buf[0]) == 'Y') data->filters[F_ALL_IP] = 1; fieldptr = fieldptr->nextfield; if (toupper(fieldptr->buf[0]) == 'Y') data->filters[F_TCP] = 1; fieldptr = fieldptr->nextfield; if (toupper(fieldptr->buf[0]) == 'Y') data->filters[F_UDP] = 1; fieldptr = fieldptr->nextfield; if (toupper(fieldptr->buf[0]) == 'Y') data->filters[F_ICMP] = 1; fieldptr = fieldptr->nextfield; if (toupper(fieldptr->buf[0]) == 'Y') data->filters[F_IGMP] = 1; fieldptr = fieldptr->nextfield; if (toupper(fieldptr->buf[0]) == 'Y') data->filters[F_OSPF] = 1; fieldptr = fieldptr->nextfield; if (toupper(fieldptr->buf[0]) == 'Y') data->filters[F_IGP] = 1; fieldptr = fieldptr->nextfield; if (toupper(fieldptr->buf[0]) == 'Y') data->filters[F_IGRP] = 1; fieldptr = fieldptr->nextfield; if (toupper(fieldptr->buf[0]) == 'Y') data->filters[F_GRE] = 1; fieldptr = fieldptr->nextfield; if (toupper(fieldptr->buf[0]) == 'Y') data->filters[F_L2TP] = 1; fieldptr = fieldptr->nextfield; if (toupper(fieldptr->buf[0]) == 'Y') data->filters[F_IPSEC_AH] = 1; fieldptr = fieldptr->nextfield; if (toupper(fieldptr->buf[0]) == 'Y') data->filters[F_IPSEC_ESP] = 1; fieldptr = fieldptr->nextfield; /* * Parse protocol string */ cptr = fieldptr->buf; strncpy(data->protolist, cptr, 60); do { get_next_protorange(fieldptr->buf, &cptr, &rangeproto1, &rangeproto2, &parse_result, &bptr); if (parse_result == RANGE_OK) { if (rangeproto2 != 0) { for (i = rangeproto1; i <= rangeproto2; i++) { data->filters[i] = 1; } } else { data->filters[rangeproto1] = 1; } } } while (parse_result == RANGE_OK); data->reverse = toupper(fieldptr->nextfield->buf[0]); if (data->reverse != 'E') data->reverse = 'I'; data->match_opposite = toupper(fieldptr->nextfield->nextfield->buf[0]); if (data->match_opposite != 'Y') data->match_opposite = 'N'; } tx_destroyfields(&fields); del_panel(dlgpanel); delwin(dlgwin); update_panels(); doupdate(); } void ipfilterselect(struct filterlist *fl, char *filename, int *fltcode, int *aborted) { struct MENU menu; int row = 1; struct filterfileent fflist; makestdfiltermenu(&menu); do { tx_showmenu(&menu); tx_operatemenu(&menu, &row, aborted); switch (row) { case 1: definefilter(aborted); break; case 2: selectfilter(&fflist, aborted); if (!(*aborted)) { memset(filename, 0, FLT_FILENAME_MAX); strncpy(filename, get_path(T_WORKDIR, fflist.filename), FLT_FILENAME_MAX - 1); if (!loadfilter(filename, fl, FLT_RESOLVE)) *fltcode = 1; else *fltcode = 0; } break; case 3: destroyfilter(fl); *fltcode = 0; tx_infobox("IP filter deactivated", ANYKEY_MSG); break; case 4: editfilter(aborted); break; case 5: delfilter(aborted); if (!(*aborted)) tx_infobox("IP filter deleted", ANYKEY_MSG); } } while (row != 7); tx_destroymenu(&menu); update_panels(); doupdate(); } /* * Display/logging filter for other (non-TCP, non-UDP) IP protocols. */ int ipfilter(unsigned long saddr, unsigned long daddr, unsigned int sport, unsigned int dport, unsigned int protocol, int match_opp_mode, struct filterlist *fl) { struct filterent *fe = fl->head; int result = 0; int fltexpr1; int fltexpr2; while (fe != NULL) { if (protocol == IPPROTO_TCP || protocol == IPPROTO_UDP) { fltexpr1 = ((saddr & fe->smask) == (fe->saddr & fe->smask) && (daddr & fe->dmask) == (fe->daddr & fe->dmask)) && (((fe->hp.sport2 == 0 && (fe->hp.sport1 == sport || fe->hp.sport1 == 0)) || (fe->hp.sport2 != 0 && (sport >= fe->hp.sport1 && sport <= fe->hp.sport2))) && ((fe->hp.dport2 == 0 && (fe->hp.dport1 == dport || fe->hp.dport1 == 0)) || (fe->hp.dport2 != 0 && (dport >= fe->hp.dport1 && dport <= fe->hp.dport2)))); if ((protocol == IPPROTO_TCP && match_opp_mode == MATCH_OPPOSITE_ALWAYS) || (fe->hp.match_opposite == 'Y')) fltexpr2 = ((saddr & fe->dmask) == (fe->daddr & fe->dmask) && (daddr & fe->smask) == (fe->saddr & fe->smask)) && (((fe->hp.dport2 == 0 && (sport == fe->hp.dport1 || fe->hp.dport1 == 0)) || (fe->hp.dport2 != 0 && (sport >= fe->hp.dport1 && sport <= fe->hp.dport2))) && ((fe->hp.sport2 == 0 && (dport == fe->hp.sport1 || fe->hp.sport1 == 0)) || (fe->hp.dport2 != 0 && (dport >= fe->hp.sport1 && dport <= fe->hp.sport2)))); else fltexpr2 = 0; } else { fltexpr1 = ((saddr & fe->smask) == (fe->saddr & fe->smask)) && ((daddr & fe->dmask) == (fe->daddr & fe->dmask)); if (fe->hp.match_opposite == 'Y') { fltexpr2 = ((daddr & fe->smask) == (fe->saddr & fe->smask)) && ((saddr & fe->dmask) == (fe->daddr & fe->dmask)); } else fltexpr2 = 0; } if (fltexpr1 || fltexpr2) { result = fe->hp.filters[protocol] || fe->hp.filters[F_ALL_IP]; if (result) { if (toupper(fe->hp.reverse) == 'E') { return 0; } return 1; } } fe = fe->next_entry; } return 0; } iptraf-3.0.0/src/cidr.c0100644000076400000000000000524010311472356013527 0ustar rikerroot /* * cidr.c - functions to process addresses in CIDR notation * * Copyright (c) Gerard Paul Java 2003 * * This module contains functions that deal with CIDR address/mask notation. * * This module may be freely used for any purpose, commercial or otherwise, * In any product that uses this module, the following notice must appear: * * Includes software developed by Gerard Paul Java * Copyright (c) Gerard Paul Java 2003 */ #include #include #include #include #include /* * Returns a binary subnet mask based on the number of mask bits. The * dotted-decimal notation may be obtained with inet_ntoa. */ unsigned long cidr_get_mask(unsigned int maskbits) { struct in_addr mask; if (maskbits == 0) return 0; inet_aton("255.255.255.255", &mask); mask.s_addr = htonl(mask.s_addr << (32 - maskbits)); return mask.s_addr; } /* * Returns a subnet mask in dotted-decimal notation given the number of * 1-bits in the mask. */ char *cidr_get_quad_mask(unsigned int maskbits) { struct in_addr addr; addr.s_addr = cidr_get_mask(maskbits); return inet_ntoa(addr); } /* * Returns the number of 1-bits in the given binary subnet mask in * network byte order. */ unsigned int cidr_get_maskbits(unsigned long mask) { unsigned int i = 32; if (mask == 0) return 0; mask = ntohl(mask); while (mask % 2 == 0) { mask >>= 1; i--; } return i; } /* * Splits a CIDR-style address/mask string into its constituent address and * mask parts. In case of absent or invalid input in the mask part, 255 is * returned in *maskbits (255 is invalid for an IPv4 address). */ void cidr_split_address(char *cidr_addr, char *addresspart, unsigned int *maskbits) { char maskpart[4]; char *endptr; char *slashptr; char address_buffer[80]; if (strchr(cidr_addr, '/') == NULL) { strncpy(addresspart, cidr_addr, 80); *maskbits = 255; return; } memset(address_buffer, 0, 80); memset(addresspart, 0, 80); memset(maskpart, 0, 4); strncpy(address_buffer, cidr_addr, 80); slashptr = strchr(address_buffer, '/'); /* * Cut out the mask part and move past the slash */ *slashptr = '\0'; slashptr++; /* * Copy out the address and mask parts into their buffers. */ strncpy(addresspart, address_buffer, 80); strncpy(maskpart, slashptr, 4); if (maskpart[0] != '\0') { *maskbits = strtoul(maskpart, &endptr, 10); if (*endptr != '\0') *maskbits = 255; } else *maskbits = 255; return; } iptraf-3.0.0/src/fltlist.c0100644000076400000000000000410110311472356014262 0ustar rikerrootvoid init_filter_table(struct filterlist *fl) { fl->head = fl->tail = NULL; } /* * Loads the filter from the filter file */ int loadfilter(char *filename, struct filterlist *fl, int resolve) { struct filterent *fe; int pfd; unsigned int idx = 0; int br; int resolv_err = 0; char err_msg[80]; init_filter_table(fl); pfd = open(filename, O_RDONLY); if (pfd < 0) { memset(err_msg, 0, 80); snprintf(err_msg, 80, "Error opening IP filter data file"); write_error(err_msg, daemonized); fl->head = NULL; return 1; } do { fe = malloc(sizeof(struct filterent)); br = read(pfd, &(fe->hp), sizeof(struct hostparams)); if (br > 0) { fe->index = idx; if (resolve) { fe->saddr = nametoaddr(fe->hp.s_fqdn, &resolv_err); fe->daddr = nametoaddr(fe->hp.d_fqdn, &resolv_err); if (resolv_err) { free(fe); continue; } fe->smask = inet_addr(fe->hp.s_mask); fe->dmask = inet_addr(fe->hp.d_mask); } if (fl->head == NULL) { fl->head = fe; fe->prev_entry = NULL; } else { fl->tail->next_entry = fe; fe->prev_entry = fl->tail; } fe->next_entry = NULL; fl->tail = fe; idx++; } else { free(fe); } } while (br > 0); if (br == 0) close(pfd); return 0; } void savefilter(char *filename, struct filterlist *fl) { struct filterent *fe = fl->head; int pfd; int bw; int resp; pfd = open(filename, O_CREAT | O_TRUNC | O_WRONLY, S_IRUSR | S_IWUSR); while (fe != NULL) { bw = write(pfd, &(fe->hp), sizeof(struct hostparams)); if (bw < 0) { tx_errbox("Unable to save filter changes", ANYKEY_MSG, &resp); clear_flt_tag(); return; } fe = fe->next_entry; } close(pfd); } iptraf-3.0.0/src/cidr.h0100644000076400000000000000125210311472356013533 0ustar rikerroot /* * cidr.h - prototypes for cidr.c * * Copyright (c) Gerard Paul Java 2003 * * This module contains functions that deal with CIDR address/mask notation. * * This module may be freely used for any purpose, commercial or otherwise, * In any product that uses this module, the following notice must appear: * * Includes software developed by Gerard Paul Java * Copyright (c) Gerard Paul Java 2003 */ unsigned long cidr_get_mask(unsigned int maskbits); char *cidr_get_quad_mask(unsigned int maskbits); unsigned int cidr_get_maskbits(unsigned long mask); void cidr_split_address(char *cidr_addr, char *addresspart, unsigned int *maskbits); iptraf-3.0.0/FAQ0100644000076400000000000000733107523756655012232 0ustar rikerrootThis is the beginning of a FAQ for IPTraf. --- Q: Could you include support for interface? A: Please read the README.interfaces file for what is needed for a new interface type to be supported. Q: I try to start IPTraf but it tells me that is already active in another process. But I'm sure IPTraf isn't running at the time! A: Probably due to a faulty installation or abnormal termination. If you're sure you've installed the software properly, you may have stale lock files from a previous abort. Just issue the iptraf command with the -f parameter (iptraf -f). This will override stale locks and IPTraf should proceed normally. Q: I want to configure IPTraf but it tells me only the first instance can configure. A: Similar to the previous question. Issue the iptraf command with the -f parameter. NOTE: Versions prior to 2.6.2 did not properly erase stale lock files when IPTraf aborted due to an insufficient screen size. Q: Is there a way to make IPTraf run in the background and collect statistics to a log file? A: Prior to 2.1.0, there was no elegant way of doing so. Version 2.1.0 and later have the -B command-line parameter to force IPTraf to dump all its screen output into oblivion and move into the background. See the manual for details on background operation. Q: I get the error message "Unable to open raw socket". A: If you're using IPTraf 2.x, you must be running version 2.2.x of the Linux kernel. Furthermore, the "Packet Socket" driver must be installed. Most stock kernels include this driver already. Be sure to include it if you're compiling a custom kernel. Q: I'm getting a "cannot allocate memory" error but I've got loads of memory available. A: The "cannot allocate memory" error is a reponse to the "segmentation fault" condition (SIGSEGV). If you're sure it's not a memory condition on your machine, please report it to me, and if possible, include a gdb trace or strace output to help me debug. Q: Is there Web/HTTP/HTML/whatever version available? A: I've received several requests for this one. Perhaps in time, I've been caught up in some work and some personal stuff. Suggestions on implementation of such a feature are welcome. (Addition: I hope to get this incorporated into the next major release. Who knows? If I have the time, I might be able to WAP it in the near future :)) Q: It would be great if the statistics could be sorted. A: As of version 2.3, sorting is now available with the IP traffic monitor, TCP/UDP statistical breakdown, and LAN station monitor. Sorting is invoked by pressing the S key and selecting a sort criterion. (Note: versions 2.5.0 and later sorts the entries with the Quicksort algorithm, which significantly cuts down the time to sort.) Q: I want to run IPTraf from a Secure Shell terminal but the output of the program causes a heavy load on the network. What should I do? A: The output of the program is returned over the network, which in turn tells IPTraf about the new traffic, which IPTraf then outputs, which is then sent over the network... in other words, it's a feedback effect. The solution to this is to set the screen update interval to 1 second or more. To do that, go to Configuration... then select Timers... then Screen update interval... and enter the interval value in seconds. One second should be fine. Q: Does IPTraf run on FreeBSD? A: I wish it did. IPTraf was designed from the ground up to use the Linux PF_PACKET mechanism, not libpcap. The main reasons for doing this are less overhead and more control over the captured packets. Since Linux kernel 2.2, the raw socket API featured more goodies, like the direction of the packets. I hope to be able to successfully port to FreeBSD, but I do not have the resources to do so now. iptraf-3.0.0/contrib/0040755000076400000000000000000007246353620013322 5ustar rikerrootiptraf-3.0.0/README.contact0100644000076400000000000000270307276413765014205 0ustar rikerroot============================================================================ CONTACT INFORMATION ---------------------------------------------------------------------------- INDIVIDUAL CONTACT IPTraf is written and primarily maintained by me. My name is Gerard Paul Java, and my official e-mail address for IPTraf is riker@seul.org. The address iptraf@seul.org is also available for bug reports or other software-related concerns. WEB AND FTP INFORMATION The official IPTraf sites are http://cebu.mozcom.com/riker/iptraf and http://iptraf.seul.org. IPTraf can be downloaded via FTP at ftp://ftp.cebu.mozcom.com/pub/linux/net/ and ftp://iptraf.seul.org/pub/iptraf/ Latest releases will also be made available on ftp://metalab.unc.edu/pub/Linux/system/network/monitor/ MAILING LISTS Two mailing lists are available: iptraf-users and iptraf-announce. General discussions, help, and reports can be sent through iptraf-users, while announcements of new releases and other issues will be posted on iptraf-announce. To subscribe to these lists, send a mail message to majordomo@seul.org with no subject, and the line subscribe listname in the BODY of the message, where listname is iptraf-users or iptraf-subscribe. For example, to subscribe to iptraf-users, send a message with the line subscribe iptraf-users in the subject. You will be asked to confirm the action. You can leave the list by specifying replacing the word "subscribe" with "unsubscribe". iptraf-3.0.0/RELEASE-NOTES0100644000076400000000000001041207604000254013534 0ustar rikerroot=============================================================================== RELEASE NOTES FOR IPTRAF 3.0.0 ------------------------------------------------------------------------------- This file contains important release information for IPTraf 3.0.0. Please read it in full before running this new version for the first time. ------------------------------------------------------------------------------- CONTENTS OF THIS DOCUMENT ------------------------- UPGRADING TO IPTRAF 3.0. NEW FILTER BEHAVIOR BUG FIXES ADDITIONAL NETWORK INTERFACE SUPPORT DOCUMENTATION FORMAT CHANGES FILE FORMATS CODE CHANGES UPGRADING TO IPTRAF 3.0 ----------------------- IPTraf 3.0 is a major release. The most significant change is a completely redesigned IP filtering system. Starting with IPTraf 3.0, all IP traffic can be filtered with a unified set of filter rules, unlike previous versions wherein separate filters had to be defined for TCP, UDP, and all other IP traffic. The new filter design uses a single filter for IP traffic, which allows the user to specify, in addition to the addresses and ports, the IP protocols (TCP, UDP, ICMP, etc) to match. Because of the radical change in filter design, previous IPTraf filters will no longer work with IPTraf 3.0. Therefore the installation scripts will simply move the old filter lists to new files, and IP filters will have to be redefined. NEW FILTER BEHAVIOR ------------------- A. UNIFIED IP FILTERS IP traffic is now filtered with a single defined filter for all IP-type protocols (TCP, UDP, etc) unlike previous versions which used three separate filters for TCP, UDP, and all other IP traffic. This makes it easier to define filters for for all IP traffic to or from a certain host or network without having to define three distinct filters. This redesign breaks compatibility with previous versions of IPTraf. A. REVERSE MATCHING Until IPTraf 3.0, TCP and UDP filters automatically matched in both directions, for example, a filter defined to match 100.1.1.1/255.255.255.255 port 80 to 192.168.1.0/255.255.255.0 port 0 matched all packets flowing from host 10.1.1.1, port 80 to any host on the network 192.168.1.0, as well as packets coming from the network 192.168.1.0 to host 100.1.1.1 port 80. With IPTraf 3.0, this no longer is the case. Automatic reverse matching is done only in the IP traffic monitor's TCP window (because of TCP's full-duplex nature), but in all other places, automatic reverse matching is no longer done unless you set the "Match opposite" field in the filter definition dialog boxes to Y. The "Match opposite" fields in the filter dialog boxes allow you to match packets flowing in the opposite direction without having to define another filter. This is useful for such things as ICMP echo request/echo reply packets (pings), UDP DNS queries, and other things that come in "pairs". Or you can turn them off for more precise measurement of incoming and outgoing data rates. However as earlier stated, the "Match opposite" field in TCP filters are ignored in the IP traffic monitor's TCP window, because reverse matching is always performed there. C. MISCELLANEOUS IP PROTOCOLS The filter rule definition dialog contains some fields that match common IP protocols. However a longer field is provided for additional protocols to match. You can enter here a comma-separated list of individual protocol numbers or ranges (e.g. 49, 69, 88-100, 110). BUG FIXES --------- IPTraf 3.0 fixes a minor bug where Token Ring interfaces' promiscuous modes were not toggled by the Force Promiscuous configuration option. Window borders don't appear in color when IPTraf is compiled under Red Hat Linux 7.3, possibly others. The window support library has been updated to fix this problem. Minor user interface quirks have also been fixed. ADDITIONAL NETWORK INTERFACE SUPPORT ------------------------------------ Support for tun and brg (tunnelling and bridging) interfaces has been added to this version. PROTOCOL RECOGNITION -------------------- For not-so-common IP protocols, IPTraf's IP traffic monitor looks up the /etc/services file to determine the protocol names. More common protocols (ICMP, UDP) are looked up internally. L2TP, IPSec Authentication, and IPSec Encrypted Payload packets have been added to IPTraf's internal recognition. iptraf-3.0.0/support/0040755000076400000000000000000010311513666013371 5ustar rikerrootiptraf-3.0.0/support/menurt.c0100644000076400000000000001523507516041340015050 0ustar rikerroot/*** menurt.c- ncurses-based menu definition module Written by Gerard Paul Java Copyright (c) Gerard Paul Java 1997, 1998 This program is distributed WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License in the included COPYING file for details. ***/ #include #include #include #include #include #include "menurt.h" #include "winops.h" #include "labels.h" /* initialize menu system */ void tx_initmenu(struct MENU *menu, int y1, int x1, int y2, int x2, int borderattr, int normalattr, int highattr, int barnormalattr, int barhighattr, int descattr) { menu->itemlist = NULL; menu->itemcount = 0; strcpy(menu->shortcuts, ""); menu->x1 = x1; menu->y1 = y1; menu->x2 = x2; menu->y2 = y2; menu->menuwin = newwin(y1, x1, y2, x2); menu->menupanel = new_panel(menu->menuwin); menu->menu_maxx = x1 - 2; keypad(menu->menuwin, 1); meta(menu->menuwin, 1); noecho(); wtimeout(menu->menuwin, -1); /* block until input */ notimeout(menu->menuwin, 0); /* disable Esc timer */ nonl(); cbreak(); menu->borderattr = borderattr; menu->normalattr = normalattr; menu->highattr = highattr; menu->barnormalattr = barnormalattr; menu->barhighattr = barhighattr; menu->descriptionattr = descattr; } /* add menu item */ void tx_additem(struct MENU *menu, char *item, char *desc) { struct ITEM *tnode; char cur_option[OPTIONSTRLEN_MAX]; char thekey[2]; if (menu->itemcount >= 25) return; tnode = malloc(sizeof(struct ITEM)); if (item != NULL) { strcpy(tnode->option, item); strcpy(tnode->desc, desc); tnode->itemtype = REGULARITEM; strcpy(cur_option, item); strtok(cur_option, "^"); strcpy(thekey, strtok(NULL, "^")); thekey[0] = toupper(thekey[0]); strcat(menu->shortcuts, thekey); } else { tnode->itemtype = SEPARATOR; strcat(menu->shortcuts, "^"); /* mark shortcut position for seps */ } if (menu->itemlist == NULL) { menu->itemlist = tnode; } else { menu->lastitem->next = tnode; tnode->prev = menu->lastitem; } menu->itemlist->prev = tnode; menu->lastitem = tnode; tnode->next = menu->itemlist; menu->itemcount++; } /* show each individual item */ void tx_showitem(struct MENU *menu, struct ITEM *itemptr, int selected) { int hiattr = 0; int loattr = 0; int ctr; char curoption[OPTIONSTRLEN_MAX]; char padding[OPTIONSTRLEN_MAX]; if (itemptr->itemtype == REGULARITEM) { switch (selected) { case NOTSELECTED: hiattr = menu->highattr; loattr = menu->normalattr; break; case SELECTED: hiattr = menu->barhighattr; loattr = menu->barnormalattr; break; } strcpy(curoption, itemptr->option); wattrset(menu->menuwin, loattr); wprintw(menu->menuwin, "%s", strtok(curoption, "^")); wattrset(menu->menuwin, hiattr); wprintw(menu->menuwin, "%s", strtok((char *) NULL, "^")); wattrset(menu->menuwin, loattr); wprintw(menu->menuwin, "%s", strtok((char *) NULL, "^")); strcpy(padding, ""); for (ctr = strlen(itemptr->option); ctr <= menu->x1 - 1; ctr++) strcat(padding, " "); wprintw(menu->menuwin, "%s", padding); } else { wattrset(menu->menuwin, menu->borderattr); whline(menu->menuwin, ACS_HLINE, menu->menu_maxx); } update_panels(); doupdate(); } /* repeatedly calls tx_showitem to display individual items */ void tx_showmenu(struct MENU *menu) { struct ITEM *itemptr; /* points to each item in turn */ int ctr = 1; /* counts each item */ wattrset(menu->menuwin, menu->borderattr); /* set to bg+/b */ tx_colorwin(menu->menuwin); /* color window */ tx_box(menu->menuwin, ACS_VLINE, ACS_HLINE); /* draw border */ itemptr = menu->itemlist; /* point to start */ wattrset(menu->menuwin, menu->normalattr); do { /* display items */ wmove(menu->menuwin, ctr, 1); tx_showitem(menu, itemptr, NOTSELECTED); /* show items, initially unselected */ ctr++; itemptr = itemptr->next; } while (ctr <= menu->itemcount); update_panels(); doupdate(); } void menumoveto(struct MENU *menu, struct ITEM **itemptr, unsigned int row) { struct ITEM *tnode; unsigned int i; tnode = menu->itemlist; for (i = 1; i < row; i++) tnode = tnode->next; *itemptr = tnode; } /* * Actually do the menu operation after all the initialization */ void tx_operatemenu(struct MENU *menu, int *position, int *aborted) { struct ITEM *itemptr; int row = *position; int exitloop = 0; int ch; char *keyptr; tx_menukeyhelp(menu->normalattr, menu->highattr); *aborted = 0; menumoveto(menu, &itemptr, row); menu->descwin = newwin(1, COLS, LINES - 2, 0); menu->descpanel = new_panel(menu->descwin); do { wmove(menu->menuwin, row, 1); tx_showitem(menu, itemptr, SELECTED); /* * Print item description */ wattrset(menu->descwin, menu->descriptionattr); tx_colorwin(menu->descwin); wmove(menu->descwin, 0, 0); wprintw(menu->descwin, " %s", itemptr->desc); update_panels(); doupdate(); wmove(menu->menuwin, row, 2); ch = wgetch(menu->menuwin); wmove(menu->menuwin, row, 1); tx_showitem(menu, itemptr, NOTSELECTED); switch (ch) { case KEY_UP: if (row == 1) row = menu->itemcount; else row--; itemptr = itemptr->prev; if (itemptr->itemtype == SEPARATOR) { row--; itemptr = itemptr->prev; } break; case KEY_DOWN: if (row == menu->itemcount) row = 1; else row++; itemptr = itemptr->next; if (itemptr->itemtype == SEPARATOR) { row++; itemptr = itemptr->next; } break; case 12: tx_refresh_screen(); break; case 13: exitloop = 1; break; /* case 27: exitloop = 1;*aborted = 1;row=menu->itemcount;break; */ case '^': break; /* ignore caret key */ default: keyptr = strchr(menu->shortcuts, toupper(ch)); if ((keyptr != NULL) && keyptr - menu->shortcuts < menu->itemcount) { row = keyptr - menu->shortcuts + 1; exitloop = 1; } } } while (!(exitloop)); *position = row; /* position of executed option is in *position */ del_panel(menu->descpanel); delwin(menu->descwin); update_panels(); doupdate(); } void tx_destroymenu(struct MENU *menu) { struct ITEM *tnode; struct ITEM *tnextnode; if (menu->itemlist != NULL) { tnode = menu->itemlist; tnextnode = menu->itemlist->next; tnode->prev->next = NULL; while (tnode != NULL) { free(tnode); tnode = tnextnode; if (tnextnode != NULL) tnextnode = tnextnode->next; } } del_panel(menu->menupanel); delwin(menu->menuwin); update_panels(); doupdate(); } iptraf-3.0.0/support/menurt.h0100644000076400000000000000253107377122624015062 0ustar rikerroot/*** menu.h - declaration file for my menu library Copyright (c) Gerard Paul R. Java 1997 ***/ #define SELECTED 1 #define NOTSELECTED 0 #define SEPARATOR 0 #define REGULARITEM 1 #define OPTIONSTRLEN_MAX 50 #define DESCSTRLEN_MAX 81 #define SHORTCUTSTRLEN_MAX 25 struct ITEM { char option[OPTIONSTRLEN_MAX]; char desc[DESCSTRLEN_MAX]; unsigned int itemtype; struct ITEM *prev; struct ITEM *next; }; struct MENU { struct ITEM *itemlist; struct ITEM *selecteditem; struct ITEM *lastitem; int itemcount; int postn; int x1, y1; int x2, y2; unsigned int menu_maxx; WINDOW *menuwin; PANEL *menupanel; WINDOW *descwin; PANEL *descpanel; int borderattr; int normalattr; int highattr; int barnormalattr; int barhighattr; int descriptionattr; char shortcuts[SHORTCUTSTRLEN_MAX]; }; extern void tx_initmenu(struct MENU *menu, int y1, int x1, int y2, int x2, int borderattr, int normalattr, int highattr, int barnormalattr, int barhighattr, int descattr); extern void tx_additem(struct MENU *menu, char *item, char *desc); extern void tx_showitem(struct MENU *menu, struct ITEM *itemptr, int selected); extern void tx_showmenu(struct MENU *menu); extern void tx_operatemenu(struct MENU *menu, int *row, int *aborted); extern void tx_destroymenu(struct MENU *menu); iptraf-3.0.0/support/input.c0100644000076400000000000001014207602462512014671 0ustar rikerroot/*** input.c - a custom keyboard input module Written by Gerard Paul Java Copyright (c) Gerard Paul Java 1997 This module is distributed WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. ***/ #include #include #include #include "input.h" void tx_initfields(struct FIELDLIST *list, int leny, int lenx, int begy, int begx, int dlgtextattr, int fieldattr) { list->list = NULL; list->fieldwin = newwin(leny, lenx, begy, begx); list->fieldpanel = new_panel(list->fieldwin); tx_stdwinset(list->fieldwin); wtimeout(list->fieldwin, -1); wattrset(list->fieldwin, dlgtextattr); tx_colorwin(list->fieldwin); update_panels(); doupdate(); list->dlgtextattr = dlgtextattr; list->fieldattr = fieldattr; } void tx_addfield(struct FIELDLIST *list, unsigned int len, unsigned int y, unsigned int x, const char *initstr) { struct FIELD *newfield; int i; newfield = malloc(sizeof(struct FIELD)); if (list->list == NULL) { list->list = newfield; newfield->prevfield = newfield; newfield->nextfield = newfield; } else { newfield->prevfield = list->list->prevfield; list->list->prevfield->nextfield = newfield; list->list->prevfield = newfield; newfield->nextfield = list->list; } newfield->xpos = x; newfield->ypos = y; newfield->len = len; newfield->tlen = strlen(initstr); newfield->buf = malloc(len + 1); bzero(newfield->buf, len + 1); strncpy(newfield->buf, initstr, len); if (newfield->tlen > (len)) newfield->tlen = len; wattrset(list->fieldwin, list->fieldattr); wmove(list->fieldwin, y, x); for (i = 1; i <= len; i++) wprintw(list->fieldwin, " "); wmove(list->fieldwin, y, x); wprintw(list->fieldwin, "%s", newfield->buf); update_panels(); doupdate(); } void tx_getinput(struct FIELDLIST *list, struct FIELD *field, int *exitkey) { int ch; int y, x; int endloop = 0; wmove(list->fieldwin, field->ypos, field->xpos); wattrset(list->fieldwin, list->fieldattr); wprintw(list->fieldwin, "%s", field->buf); update_panels(); doupdate(); do { ch = wgetch(list->fieldwin); switch (ch) { #ifndef DISABLEBS case KEY_BACKSPACE: #endif case 7: case 8: case KEY_DC: case KEY_LEFT: case 127: if (field->tlen > 0) { getyx(list->fieldwin, y, x); x--; wmove(list->fieldwin, y, x); wprintw(list->fieldwin, " "); wmove(list->fieldwin, y, x); field->tlen--; field->buf[field->tlen] = '\0'; } break; case 9: case 27: case 24: case 13: case 10: case KEY_UP: case KEY_DOWN: endloop = 1; *exitkey = ch; break; case 12: tx_refresh_screen(); break; default: if ((field->tlen < field->len) && ((ch >= 32) && (ch <= 127))) { wprintw(list->fieldwin, "%c", ch); if (ch == ' ') { getyx(list->fieldwin, y, x); wmove(list->fieldwin, y, x); } field->buf[field->tlen + 1] = '\0'; field->buf[field->tlen] = ch; field->tlen++; } break; } doupdate(); } while (!endloop); } void tx_fillfields(struct FIELDLIST *list, int *aborted) { struct FIELD *field; int exitkey; int exitloop = 0; field = list->list; curs_set(1); do { tx_getinput(list, field, &exitkey); switch (exitkey) { case 9: case KEY_DOWN: field = field->nextfield; break; case KEY_UP: field = field->prevfield; break; case 13: case 10: *aborted = 0; exitloop = 1; break; case 27: case 24: *aborted = 1; exitloop = 1; break; } } while (!exitloop); curs_set(0); } void tx_destroyfields(struct FIELDLIST *list) { struct FIELD *ptmp; struct FIELD *pnext; list->list->prevfield->nextfield = NULL; ptmp = list->list; pnext = list->list->nextfield; do { free(ptmp); ptmp = pnext; if (pnext != NULL) { pnext = pnext->nextfield; } } while (ptmp != NULL); del_panel(list->fieldpanel); delwin(list->fieldwin); } char *tx_ltrim(char *str) { char *cptr = str; while (isspace(*cptr)) cptr++; return cptr; } iptraf-3.0.0/support/input.h0100644000076400000000000000174507602462526014714 0ustar rikerroot /*** input.h - structure declarations and function prototypes for input.c Written by Gerard Paul Java Copyright (c) Gerard Paul Java 1997 ***/ #include #include #include #include "winops.h" #define CTRL_X 24 struct FIELD { char *buf; unsigned int len; unsigned int tlen; unsigned int xpos; unsigned int ypos; struct FIELD *prevfield; struct FIELD *nextfield; }; struct FIELDLIST { struct FIELD *list; WINDOW *fieldwin; PANEL *fieldpanel; int dlgtextattr; int fieldattr; }; void tx_initfields(struct FIELDLIST *list, int leny, int lenx, int begy, int begx, int dlgtextattr, int dlgfieldattr); void tx_addfield(struct FIELDLIST *list, unsigned int len, unsigned int y, unsigned int x, const char *initstr); void tx_getinput(struct FIELDLIST *list, struct FIELD *field, int *exitkey); void tx_fillfields(struct FIELDLIST *list, int *aborted); void tx_destroyfields(struct FIELDLIST *list); iptraf-3.0.0/support/listbox.c0100644000076400000000000001241607516041313015220 0ustar rikerroot/* * listbox.c - scrollable listbox management module * * Written by Gerard Paul Java * Copyright (c) Gerard Paul Java 2001 */ #include #include #include #include #include "winops.h" #include "labels.h" #include "listbox.h" #include "msgboxes.h" void tx_init_listbox(struct scroll_list *list, int width, int height, int startx, int starty, int mainattr, int borderattr, int selectattr, int keyattr) { bzero(list, sizeof(struct scroll_list)); list->borderwin = newwin(height, width, starty, startx); list->borderpanel = new_panel(list->borderwin); wattrset(list->borderwin, borderattr); tx_box(list->borderwin, ACS_VLINE, ACS_HLINE); list->win = newwin(height - 2, width - 2, starty + 1, startx + 1); list->panel = new_panel(list->win); wattrset(list->win, mainattr); tx_colorwin(list->win); list->mainattr = mainattr; list->selectattr = selectattr; list->height = height; list->width = width; list->keyattr = keyattr; tx_stdwinset(list->win); scrollok(list->win, 0); } void tx_set_listbox_title(struct scroll_list *list, char *text, int x) { mvwprintw(list->borderwin, 0, x, " %s ", text); } void tx_add_list_entry(struct scroll_list *list, char *node, char *text) { struct textlisttype *ptmp; ptmp = malloc(sizeof(struct textlisttype)); bzero(ptmp, sizeof(struct textlisttype)); strncpy(ptmp->text, text, MAX_TEXT_LENGTH); ptmp->nodeptr = node; if (list->textlist == NULL) { list->textlist = ptmp; ptmp->prev_entry = NULL; } else { list->texttail->next_entry = ptmp; ptmp->prev_entry = list->texttail; } list->texttail = ptmp; ptmp->next_entry = NULL; } void tx_show_listbox(struct scroll_list *list) { int i = 0; struct textlisttype *tptr = list->textlist; while ((i <= list->height - 3) && (tptr != NULL)) { mvwprintw(list->win, i, 1, tptr->text); tptr = tptr->next_entry; i++; } update_panels(); doupdate(); } void tx_operate_listbox(struct scroll_list *list, int *keystroke, int *aborted) { int ch; int exitloop = 0; int row = 0; char padding[MAX_TEXT_LENGTH]; char sp_buf[10]; if (list->textlist == NULL) { tx_errbox("No list entries", ANYKEY_MSG, &ch); *aborted = 1; return; } list->textptr = list->textlist; tx_listkeyhelp(list->mainattr, list->keyattr); update_panels(); doupdate(); while (!exitloop) { snprintf(sp_buf, 9, "%%%dc", list->width - strlen(list->textptr->text) - 3); snprintf(padding, MAX_TEXT_LENGTH - 1, sp_buf, ' '); wattrset(list->win, list->selectattr); mvwprintw(list->win, row, 0, " %s%s", list->textptr->text, padding); ch = wgetch(list->win); wattrset(list->win, list->mainattr); mvwprintw(list->win, row, 0, " %s%s", list->textptr->text, padding); switch(ch) { case KEY_UP: if (list->textptr == NULL) continue; if (list->textptr->prev_entry != NULL) { if (row == 0) { scrollok(list->win, 1); wscrl(list->win, -1); scrollok(list->win, 0); } else row--; list->textptr = list->textptr->prev_entry; } break; case KEY_DOWN: if (list->textptr == NULL) continue; if (list->textptr->next_entry != NULL) { if (row == list->height - 3) { scrollok(list->win, 1); wscrl(list->win, 1); scrollok(list->win, 0); } else row++; list->textptr = list->textptr->next_entry; } break; case 13: *aborted = 0; exitloop = 1; break; case 27: case 'x': case 'X': case 24: *aborted = 1; exitloop = 1; case 12: case 'l': case 'L': tx_refresh_screen(); break; } } *keystroke = ch; } void tx_hide_listbox(struct scroll_list *list) { hide_panel(list->panel); hide_panel(list->borderpanel); update_panels(); doupdate(); } void tx_unhide_listbox(struct scroll_list *list) { show_panel(list->panel); show_panel(list->panel); update_panels(); doupdate(); } void tx_close_listbox(struct scroll_list *list) { del_panel(list->panel); del_panel(list->borderpanel); delwin(list->win); delwin(list->borderwin); update_panels(); doupdate(); } void tx_destroy_list(struct scroll_list *list) { struct textlisttype *ttmp = list->textlist; struct textlisttype *ctmp; if (ttmp != NULL) { ctmp = ttmp->next_entry; while (ttmp != NULL) { free(ttmp); ttmp = ctmp; if (ctmp != NULL) ctmp = ctmp->next_entry; } } } iptraf-3.0.0/support/Makefile0100644000076400000000000000060207516037364015035 0ustar rikerrootINCLUDEDIR = -I/usr/include/ncurses OBJS = input.o menurt.o listbox.o winops.o labels.o \ msgboxes.o txbox.o all: libtextbox.a libtextbox.a: $(OBJS) rm -rf libtextbox.a ar cq libtextbox.a $(OBJS) ranlib libtextbox.a # gcc -shared -o libtextbox.so $(OBJS) %.o: %.c *.h gcc -O2 -g -Wall -fPIC $(INCLUDEDIR) -c -o $*.o $< clean: rm -rf *.o *~ libtextbox.a libtextbox.so iptraf-3.0.0/support/textbox.h0100644000076400000000000001052607400641704015240 0ustar rikerroot /*** input.h - structure declarations and function prototypes for input.c Written by Gerard Paul Java Copyright (c) Gerard Paul Java 1997 ***/ #include #include #include #include "winops.h" #define CTRL_X 24 struct FIELD { char *buf; unsigned int len; unsigned int tlen; unsigned int xpos; unsigned int ypos; struct FIELD *prevfield; struct FIELD *nextfield; }; struct FIELDLIST { struct FIELD *list; WINDOW *fieldwin; PANEL *fieldpanel; int dlgtextattr; int fieldattr; }; void tx_initfields(struct FIELDLIST *list, int leny, int lenx, int begy, int begx, int dlgtextattr, int dlgfieldattr); void tx_addfield(struct FIELDLIST *list, unsigned int len, unsigned int y, unsigned int x, char *initstr); void tx_getinput(struct FIELDLIST *list, struct FIELD *field, int *exitkey); void tx_fillfields(struct FIELDLIST *list, int *aborted); void tx_destroyfields(struct FIELDLIST *list); #include void tx_printkeyhelp(char *keytext, char *desc, WINDOW * win, int highattr, int textattr); void tx_menukeyhelp(int textattr, int highattr); void tx_listkeyhelp(int textattr, int highattr); #include #define MAX_TEXT_LENGTH 240 struct textlisttype { char text[MAX_TEXT_LENGTH]; int cellwidth[10]; /* up to 10 cells per line */ char *nodeptr; /* generic pointer, cast to appropriate type */ struct textlisttype *next_entry; struct textlisttype *prev_entry; }; struct scroll_list { char *mainlist; /* generic pointer, cast to appropriate type */ char *mlistptr; /* generic pointer, cast to appropriate type */ struct textlisttype *textlist; /* list of raw text entries */ struct textlisttype *texttail; struct textlisttype *textptr; int height; int width; int mainattr; int selectattr; int keyattr; char *exitkeys; WINDOW *win; PANEL *panel; WINDOW *borderwin; PANEL *borderpanel; }; void tx_init_listbox(struct scroll_list *list, int width, int height, int startx, int starty, int mainattr, int borderattr, int selectattr, int keyattr); void tx_set_listbox_title(struct scroll_list *list, char *text, int x); void tx_add_list_entry(struct scroll_list *list, char *node, char *text); void tx_show_listbox(struct scroll_list *list); void tx_operate_listbox(struct scroll_list *list, int *keystroke, int *aborted); void tx_hide_listbox(struct scroll_list *list); void tx_unhide_listbox(struct scroll_list *list); void tx_close_listbox(struct scroll_list *list); void tx_destroy_list(struct scroll_list *list); #define tx_destroy_listbox tx_destroy_list /*** menu.h - declaration file for my menu library Copyright (c) Gerard Paul R. Java 1997 ***/ #define SELECTED 1 #define NOTSELECTED 0 #define SEPARATOR 0 #define REGULARITEM 1 #define OPTIONSTRLEN_MAX 50 #define DESCSTRLEN_MAX 81 #define SHORTCUTSTRLEN_MAX 25 struct ITEM { char option[OPTIONSTRLEN_MAX]; char desc[DESCSTRLEN_MAX]; unsigned int itemtype; struct ITEM *prev; struct ITEM *next; }; struct MENU { struct ITEM *itemlist; struct ITEM *selecteditem; struct ITEM *lastitem; int itemcount; int postn; int x1, y1; int x2, y2; unsigned int menu_maxx; WINDOW *menuwin; PANEL *menupanel; WINDOW *descwin; PANEL *descpanel; int borderattr; int normalattr; int highattr; int barnormalattr; int barhighattr; int descriptionattr; char shortcuts[SHORTCUTSTRLEN_MAX]; }; extern void tx_initmenu(struct MENU *menu, int y1, int x1, int y2, int x2, int borderattr, int normalattr, int highattr, int barnormalattr, int barhighattr, int descattr); extern void tx_additem(struct MENU *menu, char *item, char *desc); extern void tx_showitem(struct MENU *menu, struct ITEM *itemptr, int selected); extern void tx_showmenu(struct MENU *menu); extern void tx_operatemenu(struct MENU *menu, int *row, int *aborted); extern void tx_destroymenu(struct MENU *menu); /*** stdwinset.h - prototype declaration for setting the standard window settings for IPTraf ***/ #include void tx_stdwinset(WINDOW * win); void tx_refresh_screen(void); void tx_colorwin(WINDOW *win); void tx_coloreol(void);iptraf-3.0.0/support/listbox.h0100644000076400000000000000311307400564517015227 0ustar rikerroot#include #define MAX_TEXT_LENGTH 240 struct textlisttype { char text[MAX_TEXT_LENGTH]; int cellwidth[10]; /* up to 10 cells per line */ char *nodeptr; /* generic pointer, cast to appropriate type */ struct textlisttype *next_entry; struct textlisttype *prev_entry; }; struct scroll_list { char *mainlist; /* generic pointer, cast to appropriate type */ char *mlistptr; /* generic pointer, cast to appropriate type */ struct textlisttype *textlist; /* list of raw text entries */ struct textlisttype *texttail; struct textlisttype *textptr; int height; int width; int mainattr; int selectattr; int keyattr; char *exitkeys; WINDOW *win; PANEL *panel; WINDOW *borderwin; PANEL *borderpanel; }; void tx_init_listbox(struct scroll_list *list, int width, int height, int startx, int starty, int mainattr, int borderattr, int selectattr, int keyattr); void tx_set_listbox_title(struct scroll_list *list, char *text, int x); void tx_add_list_entry(struct scroll_list *list, char *node, char *text); void tx_show_listbox(struct scroll_list *list); void tx_operate_listbox(struct scroll_list *list, int *keystroke, int *aborted); void tx_hide_listbox(struct scroll_list *list); void tx_unhide_listbox(struct scroll_list *list); void tx_close_listbox(struct scroll_list *list); void tx_destroy_list(struct scroll_list *list); #define tx_destroy_listbox tx_destroy_list iptraf-3.0.0/support/README0100644000076400000000000000206607400665401014252 0ustar rikerroot========================================================================= IPTraf User Interface Support Library README ------------------------------------------------------------------------- Some of the more reusable user-interface functions originally part of the IPTraf source tree have been recoded and moved to this directory as a support library. This way it would be easier for interested developers to use these functions in other programs. Full programming information will be provided in an upcoming separate release of this library although documentation may be provided via mail should there be any requests for it. Then again, there's always the IPTraf source code. RELEASE INFORMATION This is currently code derived from IPTraf, and is for now released under the GNU General Public License version 2 or any later version. I may release it as a separate package soon under a less restrictive license. Should you be interested in this little library, and you have a concern regarding the GPL, I can still be reached privately via . Gerard iptraf-3.0.0/support/winops.c0100644000076400000000000000172507425421023015053 0ustar rikerroot /*** winops.c - screen configuration and setup functions ***/ #include #include #include void tx_stdwinset(WINDOW * win) { meta(win, TRUE); keypad(win, TRUE); notimeout(win, 0); scrollok(win, 1); } void tx_refresh_screen(void) { endwin(); doupdate(); curs_set(0); } void tx_colorwin(WINDOW * win) { int ctr; char *blankpad; blankpad = (char *) malloc(sizeof(char) * (COLS + 1)); strcpy(blankpad, ""); for (ctr = 0; ctr <= win->_maxx; ctr++) { strcat(blankpad, " "); } scrollok(win, 0); for (ctr = 0; ctr <= win->_maxy; ctr++) { wmove(win, ctr, 0); wprintw(win, "%s", blankpad); } scrollok(win, 1); free(blankpad); } void tx_wcoloreol(WINDOW *win) { int y, x; int cury, curx; char sp_buf[10]; getyx(win, cury, curx); getmaxyx(win, y, x); sprintf(sp_buf, "%%%dc", x - curx - 1); scrollok(win, 0); wprintw(win, sp_buf, ' '); } iptraf-3.0.0/support/labels.c0100644000076400000000000000201407412567255015004 0ustar rikerroot/* * labels.c - some common keyhelp printing routines for the iptraf * user interface library * * Written by Gerard Paul Java * Copyright (c) Gerard Paul Java 2001 */ #include #include #include "winops.h" void tx_printkeyhelp(char *keytext, char *desc, WINDOW * win, int highattr, int textattr) { wattrset(win, highattr); wprintw(win, "%s", keytext); wattrset(win, textattr); wprintw(win, "%s", desc); } void tx_menukeyhelp(int textattr, int highattr) { move(LINES - 1, 1); tx_printkeyhelp("Up/Down", "-Move selector ", stdscr, highattr, textattr); tx_printkeyhelp("Enter", "-execute", stdscr, highattr, textattr); tx_coloreol(); } void tx_listkeyhelp(int textattr, int highattr) { move(LINES - 1, 1); tx_printkeyhelp("Up/Down", "-move pointer ", stdscr, highattr, textattr); tx_printkeyhelp("Enter", "-select ", stdscr, highattr, textattr); tx_printkeyhelp("X/Ctrl+X", "-close list", stdscr, highattr, textattr); tx_coloreol(); } iptraf-3.0.0/support/winops.h0100644000076400000000000000052307516037270015063 0ustar rikerroot/*** stdwinset.h - prototype declaration for setting the standard window settings for IPTraf ***/ #include #define tx_coloreol() tx_wcoloreol(stdscr) void tx_stdwinset(WINDOW * win); void tx_refresh_screen(void); void tx_colorwin(WINDOW *win); void tx_wcoloreol(WINDOW *win); void tx_box(WINDOW *win, int vline, int hline); iptraf-3.0.0/support/labels.h0100644000076400000000000000040007532712661015002 0ustar rikerroot#include void tx_printkeyhelp(char *keytext, char *desc, WINDOW * win, int highattr, int textattr); void tx_menukeyhelp(int textattr, int highattr); void tx_listkeyhelp(int textattr, int highattr); char *tx_ltrim(char *str); iptraf-3.0.0/support/msgboxes.c0100644000076400000000000000401007516041410015350 0ustar rikerroot/* * msgboxes.c - message and error box display functions * * Written by Gerard Paul Java * Copyright (c) Gerard Paul Java 2001 */ #include #include #include "winops.h" int ERR_BORDER_ATTR; int ERR_TEXT_ATTR; int ERR_PROMPT_ATTR; int INFO_BORDER_ATTR; int INFO_TEXT_ATTR; int INFO_PROMPT_ATTR; void tx_init_error_attrs(int border, int text, int prompt) { ERR_BORDER_ATTR = border; ERR_TEXT_ATTR = text; ERR_PROMPT_ATTR = prompt; } void tx_init_info_attrs(int border, int text, int prompt) { INFO_BORDER_ATTR = border; INFO_TEXT_ATTR = text; INFO_PROMPT_ATTR = prompt; } void tx_errbox(char *message, char *prompt, int *response) { WINDOW *win; PANEL *panel; win = newwin(4, 70, (LINES - 4) / 2, (COLS - 70) / 2); panel = new_panel(win); wattrset(win, ERR_BORDER_ATTR); tx_colorwin(win); tx_box(win, ACS_VLINE, ACS_HLINE); wmove(win, 2, 2); wattrset(win, ERR_PROMPT_ATTR); wprintw(win, "%s", prompt); wattrset(win, ERR_TEXT_ATTR); wmove(win, 1, 2); wprintw(win, "%s", message); update_panels(); doupdate(); do { *response = wgetch(win); if (*response == 12) tx_refresh_screen(); } while (*response == 12); del_panel(panel); delwin(win); update_panels(); doupdate(); } void tx_infobox(char *text, char *prompt) { WINDOW *win; PANEL *panel; int ch; win = newwin(4, 50, (LINES - 4) / 2, (COLS - 50) / 2); panel = new_panel(win); wattrset(win, INFO_BORDER_ATTR); tx_colorwin(win); tx_box(win, ACS_VLINE, ACS_HLINE); wattrset(win, INFO_TEXT_ATTR); mvwprintw(win, 1, 2, text); wattrset(win, INFO_PROMPT_ATTR); mvwprintw(win, 2, 2, prompt); update_panels(); doupdate(); do { ch = wgetch(win); if (ch == 12) tx_refresh_screen(); } while (ch == 12); del_panel(panel); delwin(win); update_panels(); doupdate(); } iptraf-3.0.0/support/msgboxes.h0100644000076400000000000000041607400657611015373 0ustar rikerroot #define ANYKEY_MSG "Press a key to continue" void tx_init_error_attrs(int border, int text, int prompt); void tx_init_info_attrs(int border, int text, int prompt); void tx_errbox(char *message, char *prompt, int *response); void tx_infobox(char *text, char *prompt); iptraf-3.0.0/support/txbox.c0100644000076400000000000000214207516166067014711 0ustar rikerroot/* * txbox.c - custom window bordering routine for ncurses windows. * * Copyright (c) Gerard Paul Java 2002 * * This function is written to address a strange symptom in ncurses 5.2, at *least on RedHat 7.3. The border drawn by the box() macro (actually an alias * for a call to wborder()) no longer uses the color attributes set by * wattrset(). However, the addch() and wvline() functions still do. * * The tx_box function is a drop-in replacement for box(). */ #include void tx_box(WINDOW *win, int vline, int hline) { int winwidth; int winheight; int i; scrollok(win, 0); getmaxyx(win, winheight, winwidth); winheight--; winwidth--; mvwaddch(win, 0, 0, ACS_ULCORNER); mvwhline(win, 0, 1, hline, winwidth - 1); mvwaddch(win, 0, winwidth, ACS_URCORNER); for (i = 1; i < winheight; i++) { mvwaddch(win, i, 0, vline); mvwaddch(win, i, winwidth, vline); } mvwaddch(win, winheight, 0, ACS_LLCORNER); mvwhline(win, winheight, 1, hline, winwidth - 1); mvwaddch(win, winheight, winwidth, ACS_LRCORNER); } iptraf-3.0.0/support/txbox.h0100644000076400000000000000012607516037061014705 0ustar rikerroot/* * function prototype for tx_box() */ void tx_box(WINDOW *win, int vline, hline); iptraf-3.0.0/Setup0100755000076400000000000000301507513515631012703 0ustar rikerroot#!/bin/sh # # IPTraf Setup System # Written by Gerard Paul Java # Version 2.8.0 # # This script determines whether the IPTraf distribution is source code # or ready-to-run executable files. It will automatically recompile # source code before installation, and will immediately install # precompiled executables. # # After the actual installation, the program will prompt you if you # want convert your filters. You should do so, since there is a # change to the filter formats. # # If started with the -c command-line option, the software will be # recompiled from the sources before installation. # # The actual installation scripts are in the src/ directory. # VERSION=`cat src/version` clear echo "=====================================================================" echo " IPTraf Version $VERSION Setup" echo " Target Platform: $(uname -s)/$(uname -m)" echo "---------------------------------------------------------------------" echo if [ ! -x src/iptraf -o "$1" = "-c" ]; then if [ -f src/iptraf.c ]; then echo ">>>>>> COMPILING IPTRAF $VERSION FROM SUPPLIED SOURCE CODE" echo /usr/bin/make -C src clean /usr/bin/make -C support clean /usr/bin/make -C src all else echo "*** ERROR: Unable to locate source files." echo "*** If this is a binary-only distribution of IPTraf, try running $0" echo " again without -c." echo echo "*** $0 exiting with error code 1" echo exit 1 fi fi /usr/bin/make -C src install iptraf-3.0.0/LICENSE0100644000076400000000000004353707441554753012707 0ustar rikerrootIPTraf is open-source software, distributed under the terms of the GNU General Public License, Version 2 (reproduced below), or (at your option) any later version. License terms follow. -------------------------------------------------------------------------- GNU GENERAL PUBLIC LICENSE Version 2, June 1991 Copyright (C) 1989, 1991 Free Software Foundation, Inc. 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA Everyone is permitted to copy and distribute verbatim copies of this license document, but changing it is not allowed. Preamble The licenses for most software are designed to take away your freedom to share and change it. By contrast, the GNU General Public License is intended to guarantee your freedom to share and change free software--to make sure the software is free for all its users. This General Public License applies to most of the Free Software Foundation's software and to any other program whose authors commit to using it. (Some other Free Software Foundation software is covered by the GNU Library General Public License instead.) You can apply it to your programs, too. When we speak of free software, we are referring to freedom, not price. Our General Public Licenses are designed to make sure that you have the freedom to distribute copies of free software (and charge for this service if you wish), that you receive source code or can get it if you want it, that you can change the software or use pieces of it in new free programs; and that you know you can do these things. To protect your rights, we need to make restrictions that forbid anyone to deny you these rights or to ask you to surrender the rights. These restrictions translate to certain responsibilities for you if you distribute copies of the software, or if you modify it. For example, if you distribute copies of such a program, whether gratis or for a fee, you must give the recipients all the rights that you have. You must make sure that they, too, receive or can get the source code. And you must show them these terms so they know their rights. We protect your rights with two steps: (1) copyright the software, and (2) offer you this license which gives you legal permission to copy, distribute and/or modify the software. Also, for each author's protection and ours, we want to make certain that everyone understands that there is no warranty for this free software. If the software is modified by someone else and passed on, we want its recipients to know that what they have is not the original, so that any problems introduced by others will not reflect on the original authors' reputations. Finally, any free program is threatened constantly by software patents. We wish to avoid the danger that redistributors of a free program will individually obtain patent licenses, in effect making the program proprietary. To prevent this, we have made it clear that any patent must be licensed for everyone's free use or not licensed at all. The precise terms and conditions for copying, distribution and modification follow. GNU GENERAL PUBLIC LICENSE TERMS AND CONDITIONS FOR COPYING, DISTRIBUTION AND MODIFICATION 0. This License applies to any program or other work which contains a notice placed by the copyright holder saying it may be distributed under the terms of this General Public License. The "Program", below, refers to any such program or work, and a "work based on the Program" means either the Program or any derivative work under copyright law: that is to say, a work containing the Program or a portion of it, either verbatim or with modifications and/or translated into another language. (Hereinafter, translation is included without limitation in the term "modification".) Each licensee is addressed as "you". Activities other than copying, distribution and modification are not covered by this License; they are outside its scope. The act of running the Program is not restricted, and the output from the Program is covered only if its contents constitute a work based on the Program (independent of having been made by running the Program). Whether that is true depends on what the Program does. 1. You may copy and distribute verbatim copies of the Program's source code as you receive it, in any medium, provided that you conspicuously and appropriately publish on each copy an appropriate copyright notice and disclaimer of warranty; keep intact all the notices that refer to this License and to the absence of any warranty; and give any other recipients of the Program a copy of this License along with the Program. You may charge a fee for the physical act of transferring a copy, and you may at your option offer warranty protection in exchange for a fee. 2. You may modify your copy or copies of the Program or any portion of it, thus forming a work based on the Program, and copy and distribute such modifications or work under the terms of Section 1 above, provided that you also meet all of these conditions: a) You must cause the modified files to carry prominent notices stating that you changed the files and the date of any change. b) You must cause any work that you distribute or publish, that in whole or in part contains or is derived from the Program or any part thereof, to be licensed as a whole at no charge to all third parties under the terms of this License. c) If the modified program normally reads commands interactively when run, you must cause it, when started running for such interactive use in the most ordinary way, to print or display an announcement including an appropriate copyright notice and a notice that there is no warranty (or else, saying that you provide a warranty) and that users may redistribute the program under these conditions, and telling the user how to view a copy of this License. (Exception: if the Program itself is interactive but does not normally print such an announcement, your work based on the Program is not required to print an announcement.) These requirements apply to the modified work as a whole. If identifiable sections of that work are not derived from the Program, and can be reasonably considered independent and separate works in themselves, then this License, and its terms, do not apply to those sections when you distribute them as separate works. But when you distribute the same sections as part of a whole which is a work based on the Program, the distribution of the whole must be on the terms of this License, whose permissions for other licensees extend to the entire whole, and thus to each and every part regardless of who wrote it. Thus, it is not the intent of this section to claim rights or contest your rights to work written entirely by you; rather, the intent is to exercise the right to control the distribution of derivative or collective works based on the Program. In addition, mere aggregation of another work not based on the Program with the Program (or with a work based on the Program) on a volume of a storage or distribution medium does not bring the other work under the scope of this License. 3. You may copy and distribute the Program (or a work based on it, under Section 2) in object code or executable form under the terms of Sections 1 and 2 above provided that you also do one of the following: a) Accompany it with the complete corresponding machine-readable source code, which must be distributed under the terms of Sections 1 and 2 above on a medium customarily used for software interchange; or, b) Accompany it with a written offer, valid for at least three years, to give any third party, for a charge no more than your cost of physically performing source distribution, a complete machine-readable copy of the corresponding source code, to be distributed under the terms of Sections 1 and 2 above on a medium customarily used for software interchange; or, c) Accompany it with the information you received as to the offer to distribute corresponding source code. (This alternative is allowed only for noncommercial distribution and only if you received the program in object code or executable form with such an offer, in accord with Subsection b above.) The source code for a work means the preferred form of the work for making modifications to it. For an executable work, complete source code means all the source code for all modules it contains, plus any associated interface definition files, plus the scripts used to control compilation and installation of the executable. However, as a special exception, the source code distributed need not include anything that is normally distributed (in either source or binary form) with the major components (compiler, kernel, and so on) of the operating system on which the executable runs, unless that component itself accompanies the executable. If distribution of executable or object code is made by offering access to copy from a designated place, then offering equivalent access to copy the source code from the same place counts as distribution of the source code, even though third parties are not compelled to copy the source along with the object code. 4. You may not copy, modify, sublicense, or distribute the Program except as expressly provided under this License. Any attempt otherwise to copy, modify, sublicense or distribute the Program is void, and will automatically terminate your rights under this License. However, parties who have received copies, or rights, from you under this License will not have their licenses terminated so long as such parties remain in full compliance. 5. You are not required to accept this License, since you have not signed it. However, nothing else grants you permission to modify or distribute the Program or its derivative works. These actions are prohibited by law if you do not accept this License. Therefore, by modifying or distributing the Program (or any work based on the Program), you indicate your acceptance of this License to do so, and all its terms and conditions for copying, distributing or modifying the Program or works based on it. 6. Each time you redistribute the Program (or any work based on the Program), the recipient automatically receives a license from the original licensor to copy, distribute or modify the Program subject to these terms and conditions. You may not impose any further restrictions on the recipients' exercise of the rights granted herein. You are not responsible for enforcing compliance by third parties to this License. 7. If, as a consequence of a court judgment or allegation of patent infringement or for any other reason (not limited to patent issues), conditions are imposed on you (whether by court order, agreement or otherwise) that contradict the conditions of this License, they do not excuse you from the conditions of this License. If you cannot distribute so as to satisfy simultaneously your obligations under this License and any other pertinent obligations, then as a consequence you may not distribute the Program at all. For example, if a patent license would not permit royalty-free redistribution of the Program by all those who receive copies directly or indirectly through you, then the only way you could satisfy both it and this License would be to refrain entirely from distribution of the Program. If any portion of this section is held invalid or unenforceable under any particular circumstance, the balance of the section is intended to apply and the section as a whole is intended to apply in other circumstances. It is not the purpose of this section to induce you to infringe any patents or other property right claims or to contest validity of any such claims; this section has the sole purpose of protecting the integrity of the free software distribution system, which is implemented by public license practices. Many people have made generous contributions to the wide range of software distributed through that system in reliance on consistent application of that system; it is up to the author/donor to decide if he or she is willing to distribute software through any other system and a licensee cannot impose that choice. This section is intended to make thoroughly clear what is believed to be a consequence of the rest of this License. 8. If the distribution and/or use of the Program is restricted in certain countries either by patents or by copyrighted interfaces, the original copyright holder who places the Program under this License may add an explicit geographical distribution limitation excluding those countries, so that distribution is permitted only in or among countries not thus excluded. In such case, this License incorporates the limitation as if written in the body of this License. 9. The Free Software Foundation may publish revised and/or new versions of the General Public License from time to time. Such new versions will be similar in spirit to the present version, but may differ in detail to address new problems or concerns. Each version is given a distinguishing version number. If the Program specifies a version number of this License which applies to it and "any later version", you have the option of following the terms and conditions either of that version or of any later version published by the Free Software Foundation. If the Program does not specify a version number of this License, you may choose any version ever published by the Free Software Foundation. 10. If you wish to incorporate parts of the Program into other free programs whose distribution conditions are different, write to the author to ask for permission. For software which is copyrighted by the Free Software Foundation, write to the Free Software Foundation; we sometimes make exceptions for this. Our decision will be guided by the two goals of preserving the free status of all derivatives of our free software and of promoting the sharing and reuse of software generally. NO WARRANTY 11. BECAUSE THE PROGRAM IS LICENSED FREE OF CHARGE, THERE IS NO WARRANTY FOR THE PROGRAM, TO THE EXTENT PERMITTED BY APPLICABLE LAW. EXCEPT WHEN OTHERWISE STATED IN WRITING THE COPYRIGHT HOLDERS AND/OR OTHER PARTIES PROVIDE THE PROGRAM "AS IS" WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESSED OR IMPLIED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. THE ENTIRE RISK AS TO THE QUALITY AND PERFORMANCE OF THE PROGRAM IS WITH YOU. SHOULD THE PROGRAM PROVE DEFECTIVE, YOU ASSUME THE COST OF ALL NECESSARY SERVICING, REPAIR OR CORRECTION. 12. IN NO EVENT UNLESS REQUIRED BY APPLICABLE LAW OR AGREED TO IN WRITING WILL ANY COPYRIGHT HOLDER, OR ANY OTHER PARTY WHO MAY MODIFY AND/OR REDISTRIBUTE THE PROGRAM AS PERMITTED ABOVE, BE LIABLE TO YOU FOR DAMAGES, INCLUDING ANY GENERAL, SPECIAL, INCIDENTAL OR CONSEQUENTIAL DAMAGES ARISING OUT OF THE USE OR INABILITY TO USE THE PROGRAM (INCLUDING BUT NOT LIMITED TO LOSS OF DATA OR DATA BEING RENDERED INACCURATE OR LOSSES SUSTAINED BY YOU OR THIRD PARTIES OR A FAILURE OF THE PROGRAM TO OPERATE WITH ANY OTHER PROGRAMS), EVEN IF SUCH HOLDER OR OTHER PARTY HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES. END OF TERMS AND CONDITIONS How to Apply These Terms to Your New Programs If you develop a new program, and you want it to be of the greatest possible use to the public, the best way to achieve this is to make it free software which everyone can redistribute and change under these terms. To do so, attach the following notices to the program. It is safest to attach them to the start of each source file to most effectively convey the exclusion of warranty; and each file should have at least the "copyright" line and a pointer to where the full notice is found. Copyright (C) 19yy This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 2 of the License, or (at your option) any later version. This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details. You should have received a copy of the GNU General Public License along with this program; if not, write to the Free Software Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA Also add information on how to contact you by electronic and paper mail. If the program is interactive, make it output a short notice like this when it starts in an interactive mode: Gnomovision version 69, Copyright (C) 19yy name of author Gnomovision comes with ABSOLUTELY NO WARRANTY; for details type `show w'. This is free software, and you are welcome to redistribute it under certain conditions; type `show c' for details. The hypothetical commands `show w' and `show c' should show the appropriate parts of the General Public License. Of course, the commands you use may be called something other than `show w' and `show c'; they could even be mouse-clicks or menu items--whatever suits your program. You should also get your employer (if you work as a programmer) or your school, if any, to sign a "copyright disclaimer" for the program, if necessary. Here is a sample; alter the names: Yoyodyne, Inc., hereby disclaims all copyright interest in the program `Gnomovision' (which makes passes at compilers) written by James Hacker. , 1 April 1989 Ty Coon, President of Vice This General Public License does not permit incorporating your program into proprietary programs. If your program is a subroutine library, you may consider it more useful to permit linking proprietary applications with the library. If this is what you want to do, use the GNU Library General Public License instead of this License.