Getting Started

IPTraf is a network monitoring utility for IP networks. It intercepts packets on the network and gives out various pieces of information about the current IP traffic over it. Information returned by IPTraf include:

IPTraf can be used to monitor the load on an IP network, the most used types of network services, the proceedings of TCP connections, and others.

IPTraf is a software-only analyzer. It utilizes the built-in raw packet capture interface of the Linux kernel, allowing it to be used with a wide range of Ethernet cards, supported FDDI adapters, supported ISDN adapters, Token Ring, asynchronous SLIP/ PPP interfaces and other network devices. No special hardware is required.

Basic knowledge of the important TCP/IP protocols (IP, TCP, UDP, ICMP, etc.) is necessary for you to best understand the information generated by the program.


IPTraf is most readily available on the Internet, but some may receive it on a diskette. Here are the instructions for both types of distributions.

System Requirements

IPTraf requires:

Hardware Requirements

  • 16 megabytes of physical RAM (more recommended, at least 64 MB for very busy networks)

  • 2 megabytes of free disk space for installation (more will be needed if you log high amounts of traffic over time)

  • Pentium-class processor or higher (Pentium-II 200 MHz or higher recommended) or equivalent.

  • One or more of the supported network interfaces.

Operating System Requirements

  • Linux kernel 2.2.0 or higher

  • GNU C Library 2.1 or later

  • ncurses 4.2 or later with the complete terminfo database in /usr/share/terminfo. Support for linux, vt100, xterm, xterm-color recommended.

Compilation Requirements

The following components are required when compiling IPTraf from the source code.

  • gcc or later

  • GNU C (glibc) development library 2.1 or later

  • ncurses development libraries 4.2 or later


IPTraf can be downloaded from the Internet from the official FTP site at

The software is available in source form in compressed .tar.gz files named iptraf-x.y.z.tar.gz where x.y.z is the version number. Precompiled ready-to-run software is available in the iptraf-x.y.z.machinetype.bin.tar.gz files. (machinetype indicates what platform the precompiled binaries run on. The official distribution will only be for the Intel x86 architecture indicated as i386.)

Installing Downloaded Packages

You will need to have GNU tar and GNU zip installed. All modern Linux installations already have these utilities ready.

  1. Decompress the .tar.gz file by entering

    tar zxvf iptraf-x.y.z.tar.gz

    for the source code or

    tar zxvf iptraf-x.y.z.i386.bin.tar.gz

    for the precompiled x86 programs.

    If your tar doesn't support the z option, you can separately decompress the .tar.gz file then extract the resulting .tar archive.

    gunzip iptraf-x.y.z.tar.gz
    tar xvf iptraf-x.y.z.tar

    This will decompress the sources into a directory called iptraf-x.y.z (source code) or iptraf-x.y.z.bin (precompiled). (x.y.z here should be the IPTraf version number you're installing, like 2.7.0).

  2. Change to the created top level directory.

  3. To compile and install the software, run the Setup program by entering


    while you are logged in as root. The Setup script will recognize the source distribution and compile the software before installing. It will immediately install a precompiled distribution.

The resulting binaries will be placed in the /usr/local/bin directory. All needed directories will also be created.

After installation, you will be asked if you want to read the RELEASE-NOTES file. It is recommended that you do so at that point, since the RELEASE-NOTES file contains important information about the new version.

Installing a Floppy Distribution

If you received IPTraf on a diskette, the sources are already decompressed. The diskette is in Second Extended filesystem format. Perform the following steps to install the software.

  1. Insert the floppy in the drive.

  2. Mount the floppy on an empty directory. For example, to mount the floppy in the first floppy drive under a directory called /mnt, enter

    mount -t ext2 /dev/fd0 /mnt

    This assumes your floppy is in /dev/fd0. You can use any empty directory in place of /mnt. With most Linux installations, this will work fine.

  3. After mounting, change to the /mnt (or whatever) directory.

  4. Enter


    while logged in as root. Setup will determine whether the diskette contains a source code distribution or ready-to-run precompiled software. This will copy the binaries to /usr/local/bin, and create the necessary working directories.

  5. Unmount the diskette by typing

    umount /mnt

    (That's umount, not unmount.)

    You can then eject the diskette. Store it in a safe place.

    You will also be asked if you want to view the RELEASE-NOTES file. It is recommended that you do so at that point.

    In both cases (downloaded and floppy), the installation will store the program in /usr/local/bin with the binaries owned by user root, readable, writable, and executable by the owner, no permissions for the group, no permissions for all others. (700 octal, or -rwx------).


    You must be root to do the installation. The old style of installation (cd src;make install) is still supported.

Be sure /usr/local/bin is included in your environment's PATH variable. You can edit the appropriate command in your login customization file (.profile for the Bourne-type shells, .cshrc for the C shell and its relatives).