manual.sgml

一个很好用的linux 下的流量监控软件

<title>Entry Details</title>
<para>
  In general, the entries in the lower window indicate the protocol, the
  IP datagram size (full frame size for non-IP, including ARP and
  RARP), the source address, the destination
  address, and the network interface the packet was detected on.
  However, some protocols have a little more information.
</para>
<sect3>
<title>ICMP</title>
<para>
  ICMP entries are displayed in this format:
</para>
<synopsis>
ICMP <replaceable>type</replaceable> [(<replaceable>subtype</replaceable>)] (<replaceable>size</replaceable> bytes) from <replaceable>source</replaceable> to <replaceable>destination</replaceable>
[(src HWaddr <replaceable>srcMACaddress</replaceable>)] on <replaceable>interface</replaceable>
</synopsis>
<para>
  where type could be any of the following:
</para>

<variablelist>
<varlistentry>
<term><computeroutput>echo req, echo rply</computeroutput></term>
<listitem><para>
     ICMP echo request and reply. Usually used by the ping program and other network monitoring and diagnostic program. 
</para></listitem></varlistentry>
<varlistentry>
<term><computeroutput>dest unrch</computeroutput></term>
<listitem><para>
     ICMP destination unreachable. Something failed to reach its target. The dest unreach type is supplemented with a further indicator of the problem. Destination unreachable messages for TCP traffic causes the corresponding TCP entry in the upper
     window to be made available for reuse by new connections. 
</para></listitem></varlistentry>
<varlistentry>
<term><computeroutput>redirct</computeroutput></term>
<listitem><para>
     ICMP redirect. Usually generated by a router to tell a host that a better gateway is available. 
</para></listitem></varlistentry>
<varlistentry>
<term><computeroutput>src qnch</computeroutput></term>
<listitem><para>
     The ICMP source quench is used to stop a host from transmitting. It's a
flow control mechanism for IP. 
</para></listitem></varlistentry>
<varlistentry>
<term><computeroutput>time excd</computeroutput></term>
<listitem><para>
     Indicates a packet's time-to-live value expired before it got
to its destination. Mostly happens if a destination is too far away.
Also used by the traceroute program.
</para></listitem></varlistentry>
<varlistentry>
<term><computeroutput>router adv</computeroutput></term>
<listitem><para>
     ICMP router advertisement 
</para></listitem></varlistentry>
<varlistentry>
<term><computeroutput>router sol</computeroutput></term>
<listitem><para>
     ICMP router solicitation 
</para></listitem></varlistentry>
<varlistentry>
<term><computeroutput>timestmp req</computeroutput></term>
<listitem><para>
     ICMP timestamp request
</para></listitem></varlistentry>
<varlistentry>
<term><computeroutput>timestmp rep</computeroutput></term>
<listitem><para>
     ICMP timestamp reply 
</para></listitem></varlistentry>
<varlistentry>
<term><computeroutput>info req</computeroutput></term>
<listitem><para>
     ICMP information request 
</para></listitem></varlistentry>
<varlistentry>
<term><computeroutput>info rep</computeroutput></term>
<listitem><para>
     ICMP information reply 
</para></listitem></varlistentry>
<varlistentry>
<term><computeroutput>addr mask req</computeroutput></term>
<listitem><para>
     ICMP address mask request 
</para></listitem></varlistentry>
<varlistentry>
<term><computeroutput>addr mask rep</computeroutput></term>
<listitem><para>
     ICMP address mask reply 
</para></listitem></varlistentry>
<varlistentry>
<term><computeroutput>param prob</computeroutput></term>
<listitem><para>
     ICMP parameter problem 
</para></listitem></varlistentry>
<varlistentry>
<term><computeroutput>bad/unknown</computeroutput></term>
<listitem><para>
     An unrecognized ICMP packet was received, or the packet is corrupted.
</para></listitem></varlistentry>
</variablelist>
<para>
  The destination unreachable message also includes information on the
  type of error encountered. Here are the destination unreachable codes:
</para>

<variablelist>
<varlistentry>
<term><computeroutput>ntwk</computeroutput></term>
<listitem><para>
     network unreachable 
</para></listitem></varlistentry>
<varlistentry>
<term><computeroutput>host</computeroutput></term>
<listitem><para>
     host unreachable 
</para></listitem></varlistentry>
<varlistentry>
<term><computeroutput>proto</computeroutput></term>
<listitem><para>
     protocol unreachable 
</para></listitem></varlistentry>
<varlistentry>
<term><computeroutput>port</computeroutput></term>
<listitem><para>
     port unreachable 
</para></listitem></varlistentry>
<varlistentry>
<term><computeroutput>pkt fltrd</computeroutput></term>
<listitem><para>
     packet filtered (normally by an access rule on a router or firewall) 
</para></listitem></varlistentry>
<varlistentry>
<term><computeroutput>DF set</computeroutput></term>
<listitem><para>
     the packet has to be fragmented somewhere, but its don't fragment
     (DF) bit is set.
</para></listitem></varlistentry>
<varlistentry>
<term><computeroutput>src rte fail</computeroutput></term>
<listitem><para>
     source route failed 
</para></listitem></varlistentry>
<varlistentry>
<term><computeroutput>src isltd</computeroutput></term>
<listitem><para>
     source isolated (obsolete) 
</para></listitem></varlistentry>
<varlistentry>
<term><computeroutput>net comm denied</computeroutput></term>
<listitem><para>
     network communication denied 
</para></listitem></varlistentry>
<varlistentry>
<term><computeroutput>host comm denied</computeroutput></term>
<listitem><para>
     host communication denied 
</para></listitem></varlistentry>
<varlistentry>
<term><computeroutput>net unrch for TOS</computeroutput></term>
<listitem><para>
     network unreachable for specified IP type-of-service 
</para></listitem></varlistentry>
<varlistentry>
<term><computeroutput>host unrch for TOS</computeroutput></term>
<listitem><para>
     host unreachable for specified IP type-of-service 
</para></listitem></varlistentry>
<varlistentry>
<term><computeroutput>prec violtn</computeroutput></term>
<listitem><para>
     precedence violation 
</para></listitem></varlistentry>
<varlistentry>
<term><computeroutput>prec cutoff</computeroutput></term>
<listitem><para>
     precedence cutoff 
</para></listitem></varlistentry>
<varlistentry>
<term><computeroutput>dest net unkn</computeroutput></term>
<listitem><para>
     destination network unknown 
</para></listitem></varlistentry>
<varlistentry>
<term><computeroutput>dest host unkn</computeroutput></term>
<listitem><para>
     destination network unknown
</para></listitem></varlistentry>
</variablelist>

<para>
  For more information on ICMP, see RFC 792.
</para>
</sect3>

<sect3>
<title>OSPF</title>

<para>
OSPF messages also include a little more information. The format of an
OSPF message in the window is:
</para>

<synopsis>
OSPF <replaceable>type</replaceable> (a=<replaceable>area</replaceable> r=<replaceable>router</replaceable>) (<replaceable>size</replaceable>bytes) from <replaceable>source</replaceable> to <replaceable>destination</replaceable>
[(src HWaddr <replaceable>srcMACaddress</replaceable>)] on <replaceable>interface</replaceable>
</synopsis>

<para>
  The type can be one of the following:
</para>

<variablelist>
<varlistentry>
<term><computeroutput>hlo</computeroutput></term>
<listitem><para>
     OSPF hello. Hello messages establish OSPF communications and keep routers informed of each other's presence. 
</para></listitem></varlistentry>
<varlistentry>
<term><computeroutput>DB desc</computeroutput></term>
<listitem><para>
     OSPF Database Description 
</para></listitem></varlistentry>
<varlistentry>
<term><computeroutput>LSR</computeroutput></term>
<listitem><para>
     OSPF Link State Request 
</para></listitem></varlistentry>
<varlistentry>
<term><computeroutput>LSU</computeroutput></term>
<listitem><para>
     OSPF Link State Update. Messages indicating the states of the OSPF network links 
</para></listitem></varlistentry>
<varlistentry>
<term><computeroutput>LSA</computeroutput></term>
<listitem><para>
     OSPF Link State Acknowledgment
</para></listitem></varlistentry>
</variablelist>
<para>
  The entries in parentheses:
</para>
<variablelist>
<varlistentry>
<term><computeroutput>a=<replaceable>area</replaceable></computeroutput></term>
<listitem><para>
     The area number of the OSPF message
</para></listitem></varlistentry>
<varlistentry>
<term><computeroutput>r=<replaceable>router</replaceable></computeroutput></term>
<listitem><para>
     The IP address of the router that generated the message. It
     is not necessarily the same as the source address
     of the encapsulating IP packet.
</para></listitem></varlistentry>
</variablelist>

<para>
  Many times, the destination addresses for OSPF packets are class D
  multicast addresses in standard dotted decimal notation or (if reverse
  lookup is enabled), hosts under the <computeroutput>MCAST.NET</computeroutput> domain. Such multicast
  addresses are defined as follows:
</para>

<variablelist>
<varlistentry>
<term><computeroutput>224.0.0.5 (OSPF-ALL.MCAST.NET)</computeroutput></term>
<listitem><para>OSPF all routers</para></listitem></varlistentry>
<varlistentry>
<term><computeroutput>224.0.0.6 (OSPF-DSIG.MCAST.NET)</computeroutput></term>
<listitem><para>OSPF all designated routers</para></listitem></varlistentry>
</variablelist>

<para>
  See RFC 1247 for details on the OSPF protocol.
</para>
</sect3>
</sect2>
</sect1>
<sect1>
<title>Additional Information</title>
<para>
  When started from the main menu and logging is enabled, the IP traffic
  monitor prompts you for a log file name. The default name is
<filename>ip_traffic-<replaceable>n</replaceable>.log (where
<replaceable>n</replaceable></filename> is what
  instance of the traffic monitor this is (1, 2, 3, and so on). (e.g. if
  this is the first instance, the default file name will
  be <filename>ip_traffic-1.log</filename>.)
</para>
<para>
  When started with the <computeroutput>-i</computeroutput> parameter,
  the log filename can be specified with the <computeroutput>-L</computeroutput>
  parameter. See the <link linkend="cmdline">Command-line Parameters</link>
  section above for more information.
</para>
<para>
On busy networks, the display may become cluttered with traffic you're not
interested in.  To control the traffic monitor's output, you can apply a
<emphasis>filter</emphasis>.  See Chapter 7, <link
linkend="filters">Filters</link> for more information on IPTraf's filters.
</para>
<para>
  At any time, you can press X or Q to return to the main menu (or back to
  the shell if the monitor was started with <command>iptraf -i</command>).
</para>
</sect1>
</chapter>

<chapter id="netstats">
<title>Network Interface Statistics</title>
<para>
There are two network interface
statistics facilities: the general interface statistics, which
displays a statistical summary of all attached interfaces, and the
detailed interface statistics, which shows  more statistical and
load information about a single selected interface.
</para>
<sect1 id="genstats">

<title>General Interface Statistics</title>
<para>
  The second menu option displays a list of
  attached network interfaces, and some general
  packet counts. Specifically, it displays counts of IP, non-IP, and bad
  IP packets (packets with IP checksum errors). It also includes an
  activity indicator, which shows the number of kilobits and packets the
  interface sees per second. All figures are for incoming and outgoing
  packets. (Again, considering promiscuous
  mode for LAN interfaces, which simply causes the machine
  to intercept all packets). This is useful for general monitoring
  of all attached interfaces. If byte counts and
  additional information are needed for a specific interface, the <emphasis>Detailed
  interface statistics</emphasis> option is also available.
</para>
<para>
  The activity indicators can be toggled between kbits/s and kbytes/s with
  the <emphasis>Activity mode</emphasis> configuration option.
</para>
<para>
  The general statistics window will dynamically add new entries
  as packets from newly-created interfaces (e.g. new PPP interfaces) are
  intercepted. Long lists can be scrolled with the Up, Down, PgUp, and
  PgDn keys.
</para>
<para>
This monitor is affected by IPTraf's <link
linkend="filters">filters</link> as described in Chapter 7.
</para>
<para>
  Copies of the statistics are written to the log file
  <filename>iface_stats_general.log</filename> at regular intervals if logging is
  enabled. See the <emphasis>Logging</emphasis>
option int the <link linkend="config">Configuration</link> chapter.
</para>
<para>
  This facility can be started directly from the command line with the
  <command>-g</command> option to the <command>iptraf</command> command.
  When started from the command line, the log filename and log interval can be
  specified with the <computeroutput>-L</computeroutput> and <computeroutput>-I</computeroutput>
  parameters respectively.  See the <link linkend="cmdline">Command-line Parameters</link>
  section above for more information.
</para>
<figure>
<title>The general interface statistics screen</title>
<graphic format="png" fileref="ip