DOKK / manpages / debian 12 / jnettop / jnettop.8.en
JNETTOP(8) System Manager's Manual JNETTOP(8)

jnettop - View hosts/ports taking up the most network traffic

jnettop [options] [-i interface] [-d filename] [-f filename] [-x rule]

This manual page documents briefly the jnettop command. This manual page is OBSOLETE. Please use jnettop -h as a main source of information about usage.

jnettop captures traffic coming across the host it is running on and displays streams sorted by bandwidth they use. Result is a nice listing of communication on network by host and port, how many bytes went through this transport and the bandwidth it is consuming.

These programs follow the usual GNU command line syntax, with long options starting with two dashes (`-'). A summary of options is included below.

Show summary of options.
Show version of program.
disable content filtering
write debug information into file
reads configuration from filename. defaults to ~/.jnettop. an example can be found at /usr/share/doc/jnettop/dot.jnettop.
capture packets on specified interface
set local aggregation to specified value
disable resolving of ip addresses
enables promiscuous mode on the sniffed interface
set remote aggregation to specified value
selects one of the rules defined in .jnettop configuration file (by it's name)
allows for specification of custom filtering rule. this allows for tcpdump(1) style syntax. don't forget to enclolse the filter into quotes when running from a shell.

Program looks for settings in the file specified by parameter -f, which defaults to ~/.jnettop. Configuration file is an ordinary text file with keywords and their arguments. You HAVE to enclose arguments into double quotes. Available keywords are:

The interface keyword specifies network interface on which to start listening. Example:

interface "eth0"

The local_aggregation keyword specifies initial active local aggregation. Valid values are none, host, port, and host+port. Example:

local_aggregation host

The promisc keyword specifies, whether jnettop captures packets in promiscuous mode. Example:

promisc on

The remote_aggregation keyword specifies initial active remote aggregation. Valid values are none, host, port, and host+port. Example:

remote_aggregation port

The resolve keyword specifies, whether resolving is performed on the IP addresses or not.

resolve off

The resolve_rule keyword adds one resolver into list of resolvers for specified address. When resolving, jnettop examines all the rules in the order how they were specified in configuration file. If the network address matches specified range, declared resolver is used. Resolver can be normal, which means the standard DNS lookup or external, which executes specified external program to perform resolving. This can be used with bundled jnettop-lookup-nmb script, which looks up IP addresses using nmblookup(1) tool. If a tool returns empty string or DNS is not found, next rule is examined. If jnettop runs out of rules, than the standard DNS lookup is executed.

resolve_rule "" "" normal
resolve_rule "" "" external "/usr/share/jnettop/jnettop-lookup-nbm"

The rule keyword defines a set of predefined tcpdump(1)-like filters to apply. You can specify various filters as "show me what" sends:

rule "show" "src"

The select_rule keyword specifies initial active predefined rule. The rule must be defined before this keyword is used. Example:

select_rule "show"

The variable keyword introduces a string variable for use in future rule definitions. It can be used to shorten rule definitions. Example:

variable "intranet" "net or or"

This manual page was originally written by Ari Pollak <>, for the Debian GNU/Linux system. Small changes were introduced by Jakub Skopal <>

April 8, 2006