manual.sgml

一个很好用的linux 下的流量监控软件

<!DOCTYPE book PUBLIC "-//OASIS//DTD DocBook V4.1//EN" [
]>
<book id="manual">
<bookinfo>
<title>IPTraf User's Manual</title>

<releaseinfo>
Version 3.0.0
</releaseinfo>

<copyright>
<year>1997</year>
<year>2003</year>
<holder>Gerard Paul Java</holder>
</copyright>

<legalnotice id="legalinfo">
<para>
This manual is released under the terms of the GNU
Free Documentation License of March, 2000 as published by the
Free Software Foundation, reproduced in this manual as Appendix B.
</para>
<para>
IPTraf is open-source software released under the terms of the GNU General
Public License version 2 or any later version as published by the Free
Software Foundation, reproduced in the LICENSE file in the distribution's
top-level directory.
</para>
<para>
The accomanying software and the information contained in this
document are provided "AS IS" without warranty of any kind, express or
implied, including, without limitation, the implied warranties
of mercantability or fitness for any particular purpose.
</para>
<para>
In no event shall the author be liable for any indirect,
special, consequential, or incidental damages arising from the use of this
manual or the accompanying software even if the author has been advised of
the possibility of such damages.
</para>
<para>
Linux is a registered trademark of Linus Torvalds.  Pentium is a
registered trademark of Intel Corporation.  All other trademarks are
property of their respective owners.
</para>
<para>
Some structure declarations were based on code copyrighted by the Regents
of the University of California.
</para>
<para>
Token Ring parsing code based on the Token Ring packet construction code
in the Linux 2.2 kernel.
</para>
</legalnotice>
</bookinfo>
<toc></toc>
<lot></lot>
<preface id="preface">
<title>About This Document</title>
<para>
This document contains the instructions on how to use the IPTraf network
monitoring software version 3.0. This manual details the
different statistical facilities, the user
interface, and the important features of the software.
</para>

<sect1 id="addinfo">
<title>For Additional Information</title>
<para>
See the included README file for summarized and late-breaking information.
Also read the RELEASE-NOTES file for important new information about
this new version. The CHANGES file contains a record of the changes made
to the software since 1.0.0.  README.rvnamed contains information on the
rvnamed reverse resolution program. See the other
README files for support and development information.
</para>
</sect1>

<sect1 id="conventions">
<title>Document Conventions</title>
<para>
  The following symbols and typefaces are used throughout this manual:
</para>

<variablelist>
<varlistentry>
<term><computeroutput>[ ]</computeroutput></term>
<listitem>
<para>
items in brackets are optional. Brackets also denote items that may or may
not be displayed onscreen depending on settings or conditions.
</para></listitem></varlistentry>

<varlistentry>
<term><computeroutput>{ }</computeroutput></term>
<listitem><para>
     curly braces enclose items you choose from
</para></listitem></varlistentry>

<varlistentry>
<term><computeroutput>|</computeroutput></term>
<listitem><para>
     the vertical bar separates choices in curly braces
</para></listitem></varlistentry>

<varlistentry>
<term><computeroutput>normal monospace</computeroutput></term>
<listitem><para>
     normal monospace text in syntax specifications should be typed in exactly as presented. Because UNIX and variants are case-sensitive, case must be preserved. Monospace is also used in presenting items that appear on the screen.
</para></listitem></varlistentry>

<varlistentry>
<term><computeroutput><replaceable>
  monospace italics
</replaceable></computeroutput></term>
<listitem><para>

     italics in syntax specifications indicate items that are to be
     replaced with an actual item (e.g.
     <replaceable>interface</replaceable> should be replaced with an
     actual interface name, like <computeroutput>eth0</computeroutput>).

</para></listitem></varlistentry>
</variablelist>

<para>
Additional information appears distinctively set apart from the main text.
This information includes Notes, Tips, or Technical Notes.
</para>

<para>
<emphasis>Notes</emphasis> are additional pieces of information that may be useful or may
  clarify the preceeding paragraphs of the manual.
</para>
<para>
  <emphasis>Tips</emphasis> provide shortcuts, clarify tasks that may not
  be immediately obvious, or provide references to additional sources of information.
</para>
<para>
<emphasis>Technical notes</emphasis> are explanations of a
  more technical nature and may be of more use to programmers and advanced
  users.
</para>
</sect1>
</preface>

<chapter id="gettingstarted"><title>
Getting Started
</title>
<sect1>
<title>About IPTraf</title>
<para>
IPTraf is a network monitoring utility and traffic analyzer for IP networks. It
intercepts packets and returns data about captured the network traffic
in various statistical facilities.
</para>
<para>
IPTraf comes with these major features:
</para>
<itemizedlist spacing="compact" mark="bullet">
<listitem><para>An IP traffic monitor that shows TCP
connection information (hosts, packet/byte counts, flags,
window sizes), and color-coded information about other
IP packets</para></listitem>
<listitem><para>Statistics (counts and load rates) for network interfaces
in general and detailed views</para></listitem>
<listitem><para>Statistics per TCP/UDP port</para></listitem>
<listitem><para>Statistical breakdown according to packet sizes</para></listitem>
<listitem><para>A LAN host monitor that returns counts and loads per
detected MAC address</para></listitem>
<listitem><para>A powerful filtering system for users to view
only interesting traffic</para></listitem>
<listitem><para>Logging</para></listitem>
<listitem><para>An asynchronous DNS resolver for the
IP traffic monitor</para></listitem>
<listitem><para>A text-based, full-color, menu-driven user interface
suitable for use on all Linux systems with terminals, especially Linux
consoles and color xterms</para></listitem>
<listitem><para>Easy configuration</para></listitem>
<listitem><para>Fully software-based.  No additional
hardware required</para></listitem>
</itemizedlist>
<para>
  Basic knowledge of the important TCP/IP protocols (IP, TCP, UDP, ICMP,
  etc.) is necessary for you to best understand the information generated
  by the program.
</para>

</sect1>
<sect1 id="installation">
<title>
  Installation
</title>
<para>
  IPTraf is most readily available on the Internet, but some may receive
  it on a diskette. Here are the instructions for both types
  of distributions.
</para>
<sect2>
<title>System Requirements</title>
<para>
IPTraf requires:
</para>

<sect3>
<title>Hardware Requirements</title>

<itemizedlist spacing="compact" mark="bullet">
<listitem><para>
     16 megabytes of physical RAM (more recommended, at least 64 MB for very busy networks)
</para></listitem>
<listitem><para>
     2 megabytes of free disk space for installation (more will be needed if you log high amounts of traffic over time)
</para></listitem>
<listitem><para>
     Pentium-class processor or higher (Pentium-II 200 MHz or higher recommended) or equivalent.
</para></listitem>
<listitem><para>
     One or more of the supported network interfaces.
</para></listitem>
</itemizedlist>
</sect3>
<sect3>
   <title>Operating System Requirements</title>

<itemizedlist spacing="compact" mark="bullet">
<listitem><para>
     Linux kernel 2.2.0 or higher
</para></listitem>
<listitem><para>
     GNU C Library 2.1 or later
</para></listitem>
<listitem><para>

     ncurses 4.2 or later with the complete terminfo database in
     <filename>/usr/share/terminfo</filename>. Support for
     <computeroutput>linux</computeroutput>, <computeroutput>vt100</computeroutput>,
     <computeroutput>xterm</computeroutput>,
     <computeroutput>xterm-color</computeroutput> recommended.

</para></listitem>
</itemizedlist>
</sect3>
<sect3>
   <title>Compilation Requirements</title>
<para>
The following components are required when compiling IPTraf from the
source code.
</para>
<itemizedlist spacing="compact" mark="bullet">
<listitem><para>
     gcc 2.7.2.3 or later
</para></listitem>
<listitem><para>

     GNU C (glibc) development library 2.1 or later
</para></listitem>
<listitem><para>

     ncurses development libraries 4.2 or later
</para>
</listitem>
</itemizedlist>
</sect3>
</sect2>

<sect2>
<title>Availability</title>
<para>
  IPTraf can be downloaded from the Internet from the official FTP site at
 <ulink url="ftp://iptraf.seul.org/pub/iptraf/">
ftp://iptraf.seul.org/pub/iptraf/
</ulink>.
</para>
<para>

  The software is available in source form in
  compressed
<filename>.tar.gz</filename> files named
<filename>iptraf-<replaceable>x.y.z</replaceable>.tar.gz</filename> where
<filename><replaceable>x.y.z</replaceable></filename> 
  is the version number. Precompiled ready-to-run software is available in
  the
<filename>iptraf-<replaceable>x.y.z.machinetype</replaceable>.bin.tar.gz</filename>
 files. (<filename><replaceable>machinetype</replaceable></filename> indicates
  what platform the precompiled binaries run on. The official distribution
  will only be for the Intel x86 architecture indicated as
<filename>i386</filename>.)
</para>
</sect2>

<sect2>
<title>Installing Downloaded Packages</title>

<para>
  You will need to have GNU tar and GNU zip installed. All
  modern Linux installations already have these utilities ready.
</para>
<orderedlist>
<listitem>
<para>   
  Decompress the <filename>.tar.gz</filename> file by entering
</para>
<synopsis>
tar zxvf iptraf-<replaceable>x.y.z</replaceable>.tar.gz
</synopsis>
<para>
      for the source code or
</para>
<synopsis>
tar zxvf iptraf-<replaceable>x.y.z</replaceable>.i386.bin.tar.gz
</synopsis>
<para>
for the precompiled x86 programs.
</para>
<para>
If your tar doesn't support the z option, you can separately
decompress the <filename>.tar.gz</filename> file
then extract the resulting <filename>.tar</filename> archive.
</para>
<synopsis>
gunzip iptraf-<replaceable>x.y.z</replaceable>.tar.gz
tar xvf iptraf-<replaceable>x.y.z</replaceable>.tar
</synopsis>
<para>
This will decompress the sources into a directory called
<filename>iptraf-<replaceable>x.y.z</replaceable></filename> (source code)
or
<filename>iptraf-<replaceable>x.y.z</replaceable>.bin</filename>
(precompiled).
    (<replaceable>x.y.z</replaceable> here should be the IPTraf version number
you're installing, like <filename>3.0.0</filename>).
</para>
</listitem>
<listitem>
<para>
Change to the created top level directory.
</para></listitem>
<listitem><para>
To compile and install the software, run the Setup program by entering
</para>
<synopsis>
./Setup
</synopsis>
<para>
    while you are logged in as root. The Setup script will recognize the
    source distribution and compile the software before installing. It
    will immediately install a precompiled distribution.
</para>
</listitem>
</orderedlist>

<para>
    The resulting binaries will be placed in the
<filename>/usr/local/bin</filename> directory.
    All needed directories will also be created.
</para>
<para>
  After installation, you will be asked if you want to
  read the <filename>RELEASE-NOTES</filename> file. It is recommended that you do so at
  that point, since the <filename>RELEASE-NOTES</filename> file
  contains important information about the new version.
</para>
</sect2>
<sect2>
<title>Installing a Floppy Distribution</title>
<para>
  If you received IPTraf
  on a diskette, the sources are already decompressed. The diskette is