Hello all,
I have to sniff internet traffic (igress and egress) but  regardless of the display options I can set, for example only entry or exit traffic, with the -t option
I always get only one ouput with both directions.

Example I want to capure incoming traffic.

in the conf file I set line-display: one-line-received

 /usr/sbin/iftop-new -c /root/.iftopigress -L 300

I obtain all incoming traffic 

The same thing that I obtain launching iftop followed by double t  and 3 options:


19.19.19.19:22267                                                    <= 23.50.100.254:https                                                     19.1kb  9.54kb  9.54kb
19.19.19.15:15831                                                    <= 169.50.27.202:https                                                     17.3kb  8.66kb  8.66kb 
19.19.19.12:https                                                      <= 89.96.192.28:40576                                                         0b   8.52kb  8.52kb


When I add on the prompt command line -t option the text output is different:


iftop-new -i eth0 -n -P -o 40s -L 300  -t -s 10

 1 19.19.19.19:25653                       =>      146Kb      158Kb      158Kb      197KB
     8.248.205.254:http                       <=     7.80Mb     8.40Mb     8.40Mb     10.5MB
 2 19.19.19.19:https                       =>     8.83Mb     2.01Mb     2.01Mb     2.51MB
     93.57.248.155:58651                      <=      132Kb     32.5Kb     32.5Kb     40.7KB




The second problem is that the  -s option for the timeout is only associated to the text mode only.
I must work with ulimit -tm timeout or alarm parameter on perl script. I would like something included in the iftop program.


The third problem is that if I do not use text mode (without t option) I obtain ncurses output that I can open with cat.
Mey you suggest me a Linux tool to convert ncurses file to ascii ?


Thank you guys.

Regards
Nellox