iftop-users May 2003

iftop-users@lists.beasts.org

3 participants
5 discussions

Kudos and Question
by Jonathan Abbey 23 May '03

23 May '03

Hi everyone. Just wanted to drop a line and say that we're extremely pleased to have iftop here at ARL:UT. I, personally, have been wanting something like this for some time, and seeing it on freshmeat yesterday was really fantastic. I do have a question, however. We're running it on Solaris 8, and while I understand that it's necessary to use -p to run it in promiscuous mode to see the outgoing packets, even when this is done, I still see nothing but flatline on the cummulative and peak TX stats on the bottom of the display. This even in the case where I'm seeing outgoing statistics in the bar-graph display. I built iftop-0.12 against libpcap-0.7.2.. is this a supported configuration? Thanks for a really attractive tool. Jon -- ------------------------------------------------------------------------------- Jonathan Abbey jonabbey(a)arlut.utexas.edu Applied Research Laboratories The University of Texas at Austin GPG Key: 71767586 at keyserver pgp.mit.edu, http://www.ganymeta.org/workkey.gpg

2 3

RE: [Iftop-users] Unnumbered interface problem
by James Wilson 21 May '03

21 May '03

Yep, I commented out the two exit(1)'s and things work great! This will help me a lot when it is time to hunt down the source of heavy bandwidth utilization... Thanks! -- James D. Wilson Sr. Network/Security Engineer "non sunt multiplicanda entia praeter necessitatem" William of Ockham (1285-1347/49) -----Original Message----- From: Paul Warren [mailto:pdw@ex-parrot.com] Sent: Wednesday, May 21, 2003 2:13 PM To: James Wilson Cc: iftop-users(a)lists.beasts.org Subject: Re: [Iftop-users] Unnumbered interface problem On Wed, May 21, 2003 at 02:02:27PM -0700, James Wilson wrote: > I have an IDS station sniffing an unnumbered interface and I want > iftop to monitor that interface, but it keeps refusing to do so > because it can't look up the address. Is there a way to use it the > same way I do with snort, tcpdump, etc? Yeah - see the patch below (it just removes the exit calls if it can't find the address...). It doesn't actually need the IP address, or the hardware for that matter. These are only used to assign direction to packets in a consistent manner. You can always use a -N option to specify an IP network boundary to assign direction across. Paul diff -c -r1.44 iftop.c *** iftop.c 20 May 2003 21:14:37 -0000 1.44 --- iftop.c 21 May 2003 21:10:09 -0000 *************** *** 447,453 **** if (ioctl(s, SIOCGIFHWADDR, &ifr) < 0) { fprintf(stderr, "Error getting hardware address for interface: %s\n", options.interface); perror("ioctl(SIOCGIFHWADDR)"); - exit(1); } else { memcpy(if_hw_addr, ifr.ifr_hwaddr.sa_data, 6); --- 447,452 ---- *************** *** 470,476 **** if (ioctl(s, SIOCGIFADDR, &ifr) < 0) { fprintf(stderr, "Error getting IP address for interface: %s\n", options.interface); perror("ioctl(SIOCGIFADDR)"); - exit(1); } else { have_ip_addr = 1; --- 469,474 ----

1 0

Unnumbered interface problem
by James Wilson 21 May '03

21 May '03

I have an IDS station sniffing an unnumbered interface and I want iftop to monitor that interface, but it keeps refusing to do so because it can't look up the address. Is there a way to use it the same way I do with snort, tcpdump, etc? Thanks! -- James D. Wilson Sr. Network/Security Engineer "non sunt multiplicanda entia praeter necessitatem" William of Ockham (1285-1347/49)

2 1

test
by Paul Warren 21 May '03

21 May '03

1 0

Test email
by Paul Warren 21 May '03

21 May '03

1 0

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

2006

2005

2004

2003

iftop-users May 2003