|On Sat, Nov 01, 2003 at 07:25:27PM +0200, raptor wrote: |> Thanx alot for this super program... it is very helpfull for analyzing my network...:") |> I was wondering would it be harder a output to a file be implemented, more specificly it would be |> good if I can capture the total speed and/or total/MB transffered every X seconds. |> So that If I can say something like this : | |It's something I've considered, but I would have thought that this would |be a better fit for tcpdump's mode of operation. That said, it'd be |pretty easy to implement, so I'll bung it on the TODO list.

]- yep :"), tcpdump is for looking inside of the packets and such... i feel iftop more abstract tool ... something in between tcpdump and ntop..:") As I told I'm now using second provider and it helps me alot to measure many aspects of the traffic flow and decide what where to direct. As u say it now may work in ala-deamon mode..where it listen and store some average results of its work.. A totaly deamon mode (console-less mode) would be a good addition but probably will complicate the program alot.

|> One other idea was to be able to group the output of iftop based on some criteria say class C networks, |> I mean instead of seeing every host of the network, see their combined graph... |> So if I have 5 class C networks I can view their performance... and/or if many users access some outside |> class C network i can view total speed used to access these severs .. So it has to be source and/or dest based. |> or auto sensing when I exclude source "s" group on dest addresses, and vs. versa ("d"). | |An interesting idea - this basically amounts to putting a netmask on all |hosts.

]- an idea further in that direction would be : group1 group2 iftop -g 'src 192.168.0.0/24, src 10.10.2.3; dst 192.168.5.0-10'

so we specifiy groups on the command line..probably this is alot harder than just sane class C nets..

|> Output based on class C networks would be very good too... this way with a single run I can make comparison |> of several source or destination nets... |> net|time|Bytes|speed-kbit/s |> 192.168.0.0/24|0|1000|30 |> 10.10.0.0/24|0|1000|30 |> 192.168.0.0/24|10|3000|37 |> 10.10.0.0/24|10|3000|37 | |How would this be arranged? iftop currently works on host-pairs. |Would you list traffic by net-pairs, or by total traffic into/out of a |network. This would probably be the best option, but would mean that |all traffic would be accounted twice as traffic leaving one network (or |host) is entering another.

]- if u show the traffic on per class C nets(my prev idea) then u already made that caclulation or I'm wrong ?!

|> Third idea : make time periods for averaging the 3 speed columns configurable... |

|That's not to say I wouldn't accept a patch, of course.

]- the bad thing is that I only have theorethical knowledge of C :")... meanwhile I made a quick script to ease my libpcap code generation.. Now to monitor say anet, cnet and fnet I call it like this :

tview acf

to view all but anet and fnet i do (x for exclude):

tview xaf

otherway it is alot of typing :")... at moment not work if u say :

tview anet cnet fnet (dont need it :") when shortcuts work and i need to monitor maximum 6-7 outside nets)

=============tview=============== #!/usr/bin/perl our %net = ( anet => 'x.x.x.0/24', bnet => 'x.x.x.0/24', cnet => 'x.x.x.0/24', dnet => 'x.x.x.0/24', enet => 'x.x.x.0/24', fnet => 'x.x.x.0/24', xhost => 'x.x.x.55', ); use strict; our $iftop = '/usr/sbin/iftop';

sub key { my $k = shift; my ($x) = grep /^$k/, keys %net; return $x }

sub byChars { my $a = shift; my @n = split //, $a; my ($str, $pr, $begin); for my $ch (@n) { if ($ch eq 'x') { $pr = ' and not '; $begin = ' not net '; next; } else { $pr = ' or net '; $begin = ' net ' }; my $prefix = $str ? $pr : $begin; $str .= $prefix . $net{key($ch)}; } return $str; }

my $str;# = "net $net{$ARGV[0]}" for my $a (@ARGV[0 .. $#ARGV]) { if ($net{$a}) { $str .= " or net $net{$a}" } else { if ($a =~ /^x/) { $a =~ s/^.//; $str = 'not (' . byChars($a) . ')'} else { $str = byChars($a) } } };

print $str; exec qq{$iftop -f '$str'};