Yep, I commented out the two exit(1)'s and things work great! This will help me a lot when it is time to hunt down the source of heavy bandwidth utilization...
Thanks!
--
James D. Wilson
Sr. Network/Security Engineer
"non sunt multiplicanda entia praeter necessitatem"
William of Ockham (1285-1347/49)
-----Original Message-----
From: Paul Warren [mailto:pdw@ex-parrot.com]
Sent: Wednesday, May 21, 2003 2:13 PM
To: James Wilson
Cc: iftop-users(a)lists.beasts.org
Subject: Re: [Iftop-users] Unnumbered interface problem
On Wed, May 21, 2003 at 02:02:27PM -0700, James Wilson wrote:
> I have an IDS station sniffing an unnumbered interface and I want
> iftop to monitor that interface, but it keeps refusing to do so
> because it can't look up the address. Is there a way to use it the
> same way I do with snort, tcpdump, etc?
Yeah - see the patch below (it just removes the exit calls if it can't
find the address...). It doesn't actually need the IP address, or the
hardware for that matter. These are only used to assign direction to
packets in a consistent manner. You can always use a -N option to
specify an IP network boundary to assign direction across.
Paul
diff -c -r1.44 iftop.c
*** iftop.c 20 May 2003 21:14:37 -0000 1.44
--- iftop.c 21 May 2003 21:10:09 -0000
***************
*** 447,453 ****
if (ioctl(s, SIOCGIFHWADDR, &ifr) < 0) {
fprintf(stderr, "Error getting hardware address for interface:
%s\n",
options.interface);
perror("ioctl(SIOCGIFHWADDR)");
- exit(1);
}
else {
memcpy(if_hw_addr, ifr.ifr_hwaddr.sa_data, 6);
--- 447,452 ----
***************
*** 470,476 ****
if (ioctl(s, SIOCGIFADDR, &ifr) < 0) {
fprintf(stderr, "Error getting IP address for interface:
%s\n", options.interface);
perror("ioctl(SIOCGIFADDR)");
- exit(1);
}
else {
have_ip_addr = 1;
--- 469,474 ----