[Iftop-users] howdy

raptor raptor at tvskat.net
Sat, 1 Nov 2003 22:25:28 +0200


|On Sat, Nov 01, 2003 at 07:25:27PM +0200, raptor wrote:
|> Thanx alot for this super program... it is very helpfull for analyzing my network...:")
|> I was wondering would it be harder a  output to a file be implemented, more specificly it would be
|> good if I can capture the total speed and/or total/MB transffered every X seconds.
|> So that If I can say something like this :
|
|It's something I've considered, but I would have thought that this would
|be a better fit for tcpdump's mode of operation.  That said, it'd be
|pretty easy to implement, so I'll bung it on the TODO list.

]- yep :"), tcpdump is for looking inside of the packets and such... i feel iftop more abstract tool ...
something in between tcpdump and ntop..:")
As I told I'm now using second provider and it helps me alot to measure many aspects of the 
traffic flow and decide what where to direct.
As u say it now may work in ala-deamon mode..where it listen and store some average results
of its work..  A totaly deamon mode (console-less mode) would be a good addition but probably
will complicate the program alot.

|> One other idea was to be able to group the output of iftop based on some criteria say class C networks,
|> I mean instead of seeing every host of the network, see their combined graph...
|> So if I have 5 class C networks I can view their performance... and/or if many users access some outside 
|> class C network i can view total speed used to access these severs .. So it has to be source and/or dest based.
|> or auto sensing when I exclude source "s" group on dest addresses,  and vs. versa ("d").
|
|An interesting idea - this basically amounts to putting a netmask on all
|hosts.

]- an idea further in that direction would be :
                           group1                                         group2
iftop -g 'src 192.168.0.0/24, src 10.10.2.3; dst 192.168.5.0-10'

so we specifiy groups on the command line..probably this is alot harder than just sane class C nets..


|> Output based on class C networks would be very good too... this way with a single run I can make comparison
|> of several source or destination nets...
|> net|time|Bytes|speed-kbit/s
|> 192.168.0.0/24|0|1000|30
|> 10.10.0.0/24|0|1000|30
|> 192.168.0.0/24|10|3000|37
|> 10.10.0.0/24|10|3000|37
|
|How would this be arranged?  iftop currently works on host-pairs.
|Would you list traffic by net-pairs, or by total traffic into/out of a
|network.  This would probably be the best option, but would mean that
|all traffic would be accounted twice as traffic leaving one network (or
|host) is entering another.

]- if u show the traffic on per class C nets(my prev idea) then u already made that caclulation or I'm wrong ?!

|> Third idea : make time periods for averaging the 3 speed columns configurable... 
|

|That's not to say I wouldn't accept a patch, of course.

]- the bad thing is that I only have theorethical knowledge of C :")... meanwhile I made a quick script to 
ease my libpcap code generation.. Now to monitor say anet, cnet and fnet I call it like this :

tview acf

to view all but anet and fnet i do (x for exclude):

tview xaf

otherway it is alot of typing :")... at moment not work if u say :

tview anet cnet fnet
(dont need it :") when shortcuts work and i need to monitor maximum 6-7 outside nets)

=============tview===============
#!/usr/bin/perl
our %net = (
 anet => 'x.x.x.0/24', bnet => 'x.x.x.0/24',
 cnet => 'x.x.x.0/24', dnet => 'x.x.x.0/24',
 enet => 'x.x.x.0/24', fnet => 'x.x.x.0/24',
 xhost => 'x.x.x.55',
);
use strict;
our $iftop = '/usr/sbin/iftop';
                                                                                           
sub key {
 my $k = shift;
 my ($x) = grep /^$k/, keys %net;
 return $x
}
                                                                                           
sub byChars {
        my $a = shift;
        my @n = split //, $a;
        my ($str, $pr, $begin);
        for my $ch (@n) {
         if ($ch eq 'x') { $pr = ' and not '; $begin = ' not net '; next; }
         else { $pr = ' or net '; $begin = ' net ' };
         my $prefix = $str ? $pr : $begin;
         $str .=  $prefix . $net{key($ch)};
        }
        return $str;
}
                                                                                           
                                                                                           
my $str;# = "net $net{$ARGV[0]}"
for my $a (@ARGV[0 .. $#ARGV]) {
 if ($net{$a}) { $str .= " or net $net{$a}" }
 else {
        if ($a =~ /^x/) { $a =~ s/^.//; $str = 'not (' . byChars($a) . ')'}
        else { $str = byChars($a) }
 }
};
                                                                                           
print $str;
exec qq{$iftop -f '$str'};