Monitoring Network Traffic With IPTraf

Thursday Sep 25th 2008 by Juliet Kemp

Tip of the Trade: Check out the traffic passing through your machine with this useful and easy-to-use ncurses-based app.

IPTraf is a very useful ncurses-based application that shows the traffic passing through your machine.

On startup, you can immediately see all network traffic on your machine by choosing "IP traffic monitor." The configuration menu enables you to change the logging interval (under Timers) or add monitoring of ports above 1023, as these aren't monitored by default. You can also turn on DNS lookups and service name lookups to get names rather than numbers.

One of the best points of iptraf is its flexible traffic-filtering options. In the Add Filters screen, the left-hand set of filters are for the source address; the right-hand for the destination. A value of for IP address and netmask translates to "all hosts." The I/E at the bottom control whether matching data is included or excluded.

An important point is that iptraf interprets filters to mean "include/exclude this data, and show nothing else." For including data, this works fine. But if you exclude a particular set of data, that data won't be shown; nor will any other data. You must add a second filter, which has both sets of address and mask as, and that has "Y" by all the protocols, to show the rest of the traffic. Filters are applied in order, so this general filter must be the last in the chain.

After you've defined the filter, you need to use the "Apply filter" option from the Filters - IP menu, before using the display again to examine the data you want.

