IPTraf is a network monitoring utility for IP networks. It intercepts packets on the network and gives out various pieces of information about the current IP traffic over it. Information returned by IPTraf include:
Total, IP, TCP, UDP, ICMP, and non-IP byte counts
TCP source and destination addresses and ports
TCP packet and byte counts
TCP flag statuses
UDP source and destination information
ICMP type information
OSPF source and destination information
TCP and UDP service statistics
Interface packet counts
Interface IP checksum error counts
Interface activity indicators
LAN station statistics
IPTraf can be used to monitor the load on an IP network, the most used types of network services, the proceedings of TCP connections, and others.
IPTraf is a software-only analyzer. It utilizes the built-in raw packet capture interface of the Linux kernel, allowing it to be used with a wide range of Ethernet cards, supported FDDI adapters, supported ISDN adapters, Token Ring, asynchronous SLIP/ PPP interfaces and other network devices. No special hardware is required.
Basic knowledge of the important TCP/IP protocols (IP, TCP, UDP, ICMP, etc.) is necessary for you to best understand the information generated by the program.
IPTraf is most readily available on the Internet, but some may receive it on a diskette. Here are the instructions for both types of distributions.
16 megabytes of physical RAM (more recommended, at least 64 MB for very busy networks)
2 megabytes of free disk space for installation (more will be needed if you log high amounts of traffic over time)
Pentium-class processor or higher (Pentium-II 200 MHz or higher recommended) or equivalent.
One or more of the supported network interfaces.
Linux kernel 2.2.0 or higher
GNU C Library 2.1 or later
ncurses 4.2 or later with the complete terminfo database in /usr/share/terminfo. Support for linux, vt100, xterm, xterm-color recommended.
The following components are required when compiling IPTraf from the source code.
gcc 184.108.40.206 or later
GNU C (glibc) development library 2.1 or later
ncurses development libraries 4.2 or later
IPTraf can be downloaded from the Internet from the official FTP site at ftp://iptraf.seul.org/pub/iptraf/.
The software is available in source form in compressed .tar.gz files named iptraf-x.y.z.tar.gz where x.y.z is the version number. Precompiled ready-to-run software is available in the iptraf-x.y.z.machinetype.bin.tar.gz files. (machinetype indicates what platform the precompiled binaries run on. The official distribution will only be for the Intel x86 architecture indicated as i386.)
You will need to have GNU tar and GNU zip installed. All modern Linux installations already have these utilities ready.
Decompress the .tar.gz file by entering
tar zxvf iptraf-x.y.z.tar.gz
for the source code or
tar zxvf iptraf-x.y.z.i386.bin.tar.gz
for the precompiled x86 programs.
If your tar doesn't support the z option, you can separately decompress the .tar.gz file then extract the resulting .tar archive.
gunzip iptraf-x.y.z.tar.gz tar xvf iptraf-x.y.z.tar
This will decompress the sources into a directory called iptraf-x.y.z (source code) or iptraf-x.y.z.bin (precompiled). (x.y.z here should be the IPTraf version number you're installing, like 2.7.0).
Change to the created top level directory.
To compile and install the software, run the Setup program by entering
while you are logged in as root. The Setup script will recognize the source distribution and compile the software before installing. It will immediately install a precompiled distribution.
The resulting binaries will be placed in the /usr/local/bin directory. All needed directories will also be created.
After installation, you will be asked if you want to read the RELEASE-NOTES file. It is recommended that you do so at that point, since the RELEASE-NOTES file contains important information about the new version.
If you received IPTraf on a diskette, the sources are already decompressed. The diskette is in Second Extended filesystem format. Perform the following steps to install the software.
Insert the floppy in the drive.
Mount the floppy on an empty directory. For example, to mount the floppy in the first floppy drive under a directory called /mnt, enter
mount -t ext2 /dev/fd0 /mnt
This assumes your floppy is in /dev/fd0. You can use any empty directory in place of /mnt. With most Linux installations, this will work fine.
After mounting, change to the /mnt (or whatever) directory.
while logged in as root. Setup will determine whether the diskette contains a source code distribution or ready-to-run precompiled software. This will copy the binaries to /usr/local/bin, and create the necessary working directories.
Unmount the diskette by typing
(That's umount, not unmount.)
You can then eject the diskette. Store it in a safe place.
You will also be asked if you want to view the RELEASE-NOTES file. It is recommended that you do so at that point.
In both cases (downloaded and floppy), the installation will store the program in /usr/local/bin with the binaries owned by user root, readable, writable, and executable by the owner, no permissions for the group, no permissions for all others. (700 octal, or -rwx------).
You must be root to do the installation. The old style of installation (cd src;make install) is still supported.
Be sure /usr/local/bin is included in your environment's PATH variable. You can edit the appropriate command in your login customization file (.profile for the Bourne-type shells, .cshrc for the C shell and its relatives).