I have an IDS station sniffing an unnumbered interface and I want iftop to monitor that interface, but it keeps refusing to do so because it can't look up the address. Is there a way to use it the same way I do with snort, tcpdump, etc?
Thanks!
On Wed, May 21, 2003 at 02:02:27PM -0700, James Wilson wrote:
I have an IDS station sniffing an unnumbered interface and I want iftop to monitor that interface, but it keeps refusing to do so because it can't look up the address. Is there a way to use it the same way I do with snort, tcpdump, etc?
Yeah - see the patch below (it just removes the exit calls if it can't find the address...). It doesn't actually need the IP address, or the hardware for that matter. These are only used to assign direction to packets in a consistent manner. You can always use a -N option to specify an IP network boundary to assign direction across.
Paul
diff -c -r1.44 iftop.c *** iftop.c 20 May 2003 21:14:37 -0000 1.44 --- iftop.c 21 May 2003 21:10:09 -0000 *************** *** 447,453 **** if (ioctl(s, SIOCGIFHWADDR, &ifr) < 0) { fprintf(stderr, "Error getting hardware address for interface: %s\n", options.interface); perror("ioctl(SIOCGIFHWADDR)"); - exit(1); } else { memcpy(if_hw_addr, ifr.ifr_hwaddr.sa_data, 6); --- 447,452 ---- *************** *** 470,476 **** if (ioctl(s, SIOCGIFADDR, &ifr) < 0) { fprintf(stderr, "Error getting IP address for interface: %s\n", options.interface); perror("ioctl(SIOCGIFADDR)"); - exit(1); } else { have_ip_addr = 1; --- 469,474 ----