NAME
jnettop - View hosts/ports taking up the most network traffic
SYNOPSIS
jnettop [options] [-i interface] [-d filename] [-f filename] [-x rule]
DESCRIPTION
This manual page documents briefly the jnettop command. This manual
page is OBSOLETE. Please use jnettop -h as a main source of information
about usage.
jnettop captures traffic coming across the host it is running on and
displays streams sorted by bandwidth they use. Result is a nice listing
of communication on network by host and port, how many bytes went
through this transport and the bandwidth it is consuming.
OPTIONS
These programs follow the usual GNU command line syntax, with long
options starting with two dashes (‘-’). A summary of options is
included below.
-h, --help
Show summary of options.
-v, --version
Show version of program.
-c, --content-filter
disable content filtering
-d, --debug filename
write debug information into file
-f, --config-file filename
reads configuration from filename. defaults to ~/.jnettop. an
example can be found at /usr/share/doc/jnettop/dot.jnettop.
-i, --interface name
capture packets on specified interface
--local-aggr [none|host|port|host+port]
set local aggregation to specified value
-n, --no-resolver
disable resolving of ip addresses
-p, --promiscuous
enables promiscuous mode on the sniffed interface
--remote-aggr [none|host|port|host+port]
set remote aggregation to specified value
-s, --select-rule name
selects one of the rules defined in .jnettop configuration file
(by it’s name)
-x, --filter rule
allows for specification of custom filtering rule. this allows
for tcpdump(1) style syntax. don’t forget to enclolse the filter
into quotes when running from a shell.
CONFIGURATION
Program looks for settings in the file specified by parameter -f, which
defaults to ~/.jnettop. Configuration file is an ordinary text file
with keywords and their arguments. You HAVE to enclose arguments into
double quotes. Available keywords are:
interface "<interface_name>"
The interface keyword specifies network interface on which to
start listening. Example:
interface "eth0"
local_aggregation [none|host|port|host+port]
The local_aggregation keyword specifies initial active local
aggregation. Valid values are none, host, port, and host+port.
Example:
local_aggregation host
promisc [on|off]
The promisc keyword specifies, whether jnettop captures packets
in promiscuous mode. Example:
promisc on
remote_aggregation [none|host|port|host+port]
The remote_aggregation keyword specifies initial active remote
aggregation. Valid values are none, host, port, and host+port.
Example:
remote_aggregation port
resolve [on|off]
The resolve keyword specifies, whether resolving is performed on
the IP addresses or not.
resolve off
resolve_rule "<network address>" "<network mask>" [normal|external]
(<arguments> ...)
The resolve_rule keyword adds one resolver into list of
resolvers for specified address. When resolving, jnettop
examines all the rules in the order how they were specified in
configuration file. If the network address matches specified
range, declared resolver is used. Resolver can be normal, which
means the standard DNS lookup or external, which executes
specified external program to perform resolving. This can be
used with bundled jnettop-lookup-nmb script, which looks up IP
addresses using nmblookup(1) tool. If a tool returns empty
string or DNS is not found, next rule is examined. If jnettop
runs out of rules, than the standard DNS lookup is executed.
resolve_rule "192.168.0.0" "255.255.255.0" normal
resolve_rule "192.168.0.0" "255.255.255.0" external
"/usr/share/jnettop/jnettop-lookup-nbm"
rule "<rule_name>" "<rule_definition>"
The rule keyword defines a set of predefined tcpdump(1)-like
filters to apply. You can specify various filters as "show me
what 192.168.1.32" sends:
rule "show 192.168.1.32" "src 192.168.1.32"
select_rule "<rule_name>"
The select_rule keyword specifies initial active predefined
rule. The rule must be defined before this keyword is used.
Example:
select_rule "show 192.168.1.32"
variable "<variable_name>" "<variable_contents>"
The variable keyword introduces a string variable for use in
future rule definitions. It can be used to shorten rule
definitions. Example:
variable "intranet" "net 192.168.0.0/16 or 10.0.0.0/8 or
172.16.0.0/12"
For more information, see README file or .jnettop example configuration
file included in distribution.
AUTHOR
This manual page was originally written by Ari Pollak <ari@debian.org>,
for the Debian GNU/Linux system. Small changes were introduced by Jakub
Skopal <j@kubs.cz>
April 8, 2006