Monitor your network with iptraf

Jack Wallen
Mar 23, 2010
Updated • Jan 19, 2013
Network
|
7

I am always looking for a good network monitor, and there are plenty out there. But in all my years of searching I have yet to come across a monitor as good as the tried and true iptraf. The iptraf network monitor is an ncurses-based IP LAN monitor (so it's text-based) that is interactive and generates network statistics such as: TCP info, UDP counts, ICMP and OSPF information, Ethernet load info, node stats, IP checksum errors, and more.

Now, the only issue with iptraf is that it is old. It hasn't been updated since 2005 (as far as I can see). But being old doesn't mean it isn't useful. The iptraf tool still installs, still runs, and is just as useful as it was when it was still in active development.  And because iptraf is still a useful tool, I thought I would show how it is installed and used on a modern Linux distribution.

Installation

Installation is simple. The iptraf tool should be found in your distribution's repositories. So open up Synaptic (or gnome-packagekit, or whatever tool you prefer to install with) and follow these steps:

  1. Search for "iptraf" (no quotes).
  2. Mark iptraf for installation.
  3. Click Apply to install.

That's it. Now you are ready to run the tool.

Usage

Figure 1

Using iptraf requires root (or sudo) privileges. It also requires a terminal window. So open up your favorite terminal window and issue the command sudo iptraf. When you run iptraf you will see information about the license and copyright. All you need to do is press a key to get beyond this screen.

The next screen you will see is the options window. From here you can just start up a traffic capture or you can set some options and/or filters you can gather general or detailed interface statistics, or you can gather statics on a LAN station.

Let's take a look at creating a filter for monitoring. Let's say you want to watch web traffic on a web server. To do this scroll down to the Filters entry and hit Enter. In the next screen you can choose from IP, ARP, RARP, and Non-IP. Select IP and then, from the resulting screen, select Define new filter.

Figure 2

The first step to defining the new filter is to give the filter a description. Enter something like "Web Traffic" (no quotes) and hit Enter.  It will now seem like all you have done is create a filter with no rules (just a name). Hit the i key to Insert rules into your new filter. This new screen (see Figure 2) allows you to enter rules for both source and destination. You have to tab around to get to the fields you want. For the IP address(es) just enter the address, for the ports enter the start and ending numbers, and for the protocols you tab to the protocol you want to include and then hit the "y" key (no quotes).

Once you have saved the filter you will find yourself in the Filter list. Follow these steps to start monitoring with your new filter:

  1. Hit <Ctrl>x to get out of this screen.
  2. Scroll up to Apply filter.
  3. Select the new filter and hit Enter.
  4. Exit all of the menus until you are back at the main window.
  5. Select IP traffic monitor and hit Enter.
  6. Select the interface you want to monitor and hit Enter.
Figure 3

Watch the action (see Figure 3) occur in real time. The nice thing about iptraf is that its small size allows for perfect real-time, constant monitoring on a network from a single machine.

Final thoughts

I realize that iptraf is WAY out of date. But the fact that the tool still works as well as it did when it was in active development say a lot about how well this tool was made. And although many might balk at using a tool that is no longer being worked on, in the case of iptraf it's not so much an issue. It still works and it still works well.

Advertisement

Previous Post: «
Next Post: «

Comments

  1. Kenzolly said on May 20, 2010 at 4:35 pm
    Reply

    You can also try ProteMac Meter.

  2. or said on March 29, 2010 at 12:01 pm
    Reply

    actually i didn’t knew it but it seem nice.
    though it’s obsolete. wireshark is way better (and way more complicated then this).
    and simple net\lan tools will give you the same info…

  3. lefty.crupps said on March 23, 2010 at 2:19 pm
    Reply

    I had no idea iptraf was out of date; I use it at least once a week and it always serves me well. Maybe the developer(s) just believe it to be feature complete and have no need to add more to the program? It isn’t like closed apps where they need to sell more.

  4. Crodol said on March 23, 2010 at 6:13 am
    Reply

    What would be a good program (preferably freeware) like this for Windows?

    1. Anonymous said on March 23, 2010 at 7:08 am
      Reply

      Wireshark.

Leave a Reply

Check the box to consent to your data being stored in line with the guidelines set out in our privacy policy

We love comments and welcome thoughtful and civilized discussion. Rudeness and personal attacks will not be tolerated. Please stay on-topic.
Please note that your comment may not appear immediately after you post it.