*** IPTraf 2.2 See the IMPORTANT CHANGES section below. *** DESCRIPTION IPTraf is a console-based network monitoring program for Linux that displays information about IP traffic. It returns such information as: Current TCP connections UDP, ICMP, OSPF, and other types of IP packets Packet and byte counts on TCP connections IP, TCP, UDP, ICMP, non-IP, and other packet and byte counts TCP/UDP counts by ports Packet counts by packet sizes Packet and byte counts by IP address Interface activity Flag statuses on TCP packets LAN station statistics This program can be used to determine the type of traffic on your network, and what kind of service is the most heavily used on what machines, among others. IPTraf works on Ethernet, FDDI, ISDN, PLIP, loopback, and SLIP/PPP interfaces. Updates and announcements are at the IPTraf Web page at http://iptraf.seul.org. Please send e-mail to riker@seul.org or iptraf@seul.org. IMPORTANT CHANGES Promiscuous Mode Restoration IPTraf now saves the promiscuous flags of the interfaces on disk before starting a statistical facility. The previous state is restored on exit. In case of multiple instances, the last instance to exit restores the promiscuous state. This is unlike previous versions, which always shut off the promiscuous flag, making it unsuitable for bridges. Masquerading Okay The -q command-line parameter is no longer needed. IP Masquerading no longer causes forwarded packets to contain inconsistent IP addresses, and TCP connections now appear correctly. The -q parameter may be dropped in the next release. TCP Closed/Reset/Idle Entry Timeouts TCP entries that haven't been updated within a user-defined time interval now time out. The interval is user-configurable. As an additional feature, the user may interactively clear out all such entries by pressing the 'F' key at the IP Traffic Monitor. DISTRIBUTION NOTICE This is the general release of IPTraf. IPTraf has been incorporated into the Debian GNU/Linux, Turbolinux and S.u.S.E. distributions, as well as the Trinux security toolkit distribution and Red Hat Powertools. Linux distributions may have tailored the IPTraf package to suit their purposes. Direct questions, comments or inquiries about a distribution-specific package to its maintainer. NEW SYSTEM REQUIREMENTS IPTraf 2 requires Linux 2.2. It now uses the new PF_PACKET socket family as its capture mechanism. This feature is new to the 2.2 kernel. IPTraf 1.4 will still work with kernel 2.2 with no problems, except for a warning message in the syslog indicating the use of the obsolete (AF_INET, SOCK_PACKET) mechanism. The warning can be safely ignored. Make sure you have the Packet Socket driver compiled in or installed as a module, or IPTraf will fail (and so will others like it: tcpdump, netwatch, etc). Use of the latest glibc 2.x is also recommended. But libc5 works fine. WHERE IS IT NOW? IPTraf 2 has a reorganized menu structure. A new facility has been added, and some statistical pieces have been moved. The TCP/UDP service monitor has been moved to Statistical breakdowns/By TCP/UDP port. The packet size distribution has also been moved from the detailed interface statistics screen to a facility of its own; select Statistical breakdowns/By packet size. COPYING AND DISTRIBUTION This software is OSI Certified Open Source Software OSI Certified is a certification mark of the Open Source Initiative. Redistribution and modification of this software is permitted under the terms of the GNU General Public License. See the included COPYING file for details. FOR FURTHER INFORMATION Full information is in the manual in the Documentation directory. See also the CHANGES file for a record of fixes and new features. Updates and announcements are in the IPTraf Web page indicated above. Other README files contain some other bits of information.