NAME
Netwatch - Ethernet Internet Protocol Monitor
SYNOPSIS
netwatch [ -h ] [-b] [-i dd.dd.dd.dd] [-m dd.dd.dd.dd] [-n] [ - t] [ -e
ethnum ] [ -c netconfigfile ]
DESCRIPTION
Netwatch examines all the packets travelling on an ethernet and
analyses the IP packets. The information is tallied according to the
source and destination hosts. An ncurses display indicates a dual-list
status for all hosts. The left display refers to LOCAL hosts. The right
list refers to REMOTE hosts. It is possible to examine statistics
(counts) on number of packets, bytes, IP service type and last
communication host for each host. Use the arrow keys (left and right)
to change the display.
OPTIONS
-e ethnum
ethnum is the name of the ethernet device to attempt to run with
netwatch. (e.g. -e eth1 selects the eth1 device rather than
the default eth0 device.
-c confignetfile
selects the name of the file which contains the ifconfig
information. Note that this is not necessary since netwatch will
use the route information from /proc/net to build all the
information needed (without using ANY configuration file).
-b For a transparent bridge, ignore every other packet... (older
kernels)
-i dd.dd.dd.dd
Fake a local internet address for "this" machine... (useful in
making fake local net for monitoring when combined with the -m
option )
-m dd.dd.dd.dd
Fake the netmask which is used for the local net evaluation
-n Do not resolve names (just display addresses)
-h Simple help information
-t Start Netwatch in TOP Mode (30 sec. startup delay)
USER COMMANDS
The following description will attempt to clarify what keys netwatch
understands. It is important to know that the program is mode
dependent. This means commands may change depending on the current
mode. The primary mode is dual-list mode. In this mode use
<tab> key - switch scroll display to the other list (dual-lists).
Look for KEY.
<left> key - Change display options (moving left through the
options)
<right>
key - Change display options (moving right through the
options)
<up> key - Scroll to previous host page on the current list (see
KEY) Change display options (moving right through the options)
<down> key - Scroll to next host page on the current list (see KEY)
h key - gives help screen
t key - Toggle TOP mode (where 30 sec update on busiest hosts)
c key - Clear counts for all hosts
n key - Clean the remote & local host tables
N key - Clean the remote OR local host tables (depends on
which is current)
L key - Produce LOG of current display entries (REMOTE or
LOCAL)
b key - Toggle display of BLUE entries (OLD)
d key - Toggle display of DOMAIN entries (Name Server Queries)
w key - Enter WATCH mode for viewing ROUTING stats and HOST
packets
<F10>, <END>
or q key - Exits the program
AUTHOR
Gordon MacKay
mackay@gmml.slctech.org
COPYRIGHT
Copyright (c) Gordon MacKay 1997, under GPL
BUGS
Yes, but hopefully the program is better than it was...
NETWATCH()