Hello all,
I have to sniff internet traffic (igress and egress) but regardless of the display options I can set, for example only entry or exit traffic, with the -t option
I always get only one ouput with both directions.
Example I want to capure incoming traffic.
in the conf file I set line-display: one-line-received
/usr/sbin/iftop-new -c /root/.iftopigress -L 300
I obtain all incoming traffic
The same thing that I obtain launching iftop followed by double t and 3 options:
19.19.19.19:22267 <= 23.50.100.254:https 19.1kb 9.54kb 9.54kb
19.19.19.15:15831 <= 169.50.27.202:https 17.3kb 8.66kb 8.66kb
19.19.19.12:https <= 89.96.192.28:40576 0b 8.52kb 8.52kb
When I add on the prompt command line -t option the text output is different:
iftop-new -i eth0 -n -P -o 40s -L 300 -t -s 10
1 19.19.19.19:25653 => 146Kb 158Kb 158Kb 197KB
8.248.205.254:http <= 7.80Mb 8.40Mb 8.40Mb 10.5MB
2 19.19.19.19:https => 8.83Mb 2.01Mb 2.01Mb 2.51MB
93.57.248.155:58651 <= 132Kb 32.5Kb 32.5Kb 40.7KB
The second problem is that the -s option for the timeout is only associated to the text mode only.
I must work with ulimit -tm timeout or alarm parameter on perl script. I would like something included in the iftop program.
The third problem is that if I do not use text mode (without t option) I obtain ncurses output that I can open with cat.
Mey you suggest me a Linux tool to convert ncurses file to ascii ?
Thank you guys.
Regards
Nellox