Netwatch - Ethernet Internet Protocol Monitor
netwatch [ -h ] [-b] [-i dd.dd.dd.dd] [-m dd.dd.dd.dd] [-n]
[ - t] [ -e ethnum ] [ -c netconfigfile ]
Netwatch examines all the packets travelling on an ethernet
and analyses the IP packets. The information is tallied according to the
source and destination hosts. An ncurses display indicates a
dual-list status for all hosts. The left display refers to LOCAL hosts. The
right list refers to REMOTE hosts. It is possible to examine statistics
(counts) on number of packets, bytes, IP service type and last communication
host for each host. Use the arrow keys (left and right) to change the
display.
- -e ethnum
- ethnum is the name of the ethernet device to attempt to run with
netwatch. (e.g. -e eth1 selects the eth1 device
rather than the default eth0 device.
- -c confignetfile
- selects the name of the file which contains the ifconfig
information. Note that this is not necessary since netwatch will
use the route information from /proc/net to build all the
information needed (without using ANY configuration file).
- -b
- For a transparent bridge, ignore every other packet... (older
kernels)
- -i dd.dd.dd.dd
- Fake a local internet address for "this" machine... (useful in
making fake local net for monitoring when combined with the -m
option )
- -m dd.dd.dd.dd
- Fake the netmask which is used for the local net evaluation
- -n
- Do not resolve names (just display addresses)
- -h
- Simple help information
- -t
- Start Netwatch in TOP Mode (30 sec. startup delay)
The following description will attempt to clarify what keys
netwatch understands. It is important to know that the program is
mode dependent. This means commands may change depending on the
current mode. The primary mode is dual-list mode. In this mode
use
- <tab>
- key - switch scroll display to the other list (dual-lists). Look for
KEY.
- <left>
- key - Change display options (moving left through the options)
- <right>
- key - Change display options (moving right through the options)
- <up>
- key - Scroll to previous host page on the current list (see KEY)
Change display options (moving right through the options)
- <down>
- key - Scroll to next host page on the current list (see KEY)
- h
- key - gives help screen
- t
- key - Toggle TOP mode (where 30 sec update on busiest hosts)
- c
- key - Clear counts for all hosts
- n
- key - Clean the remote & local host tables
- N
- key - Clean the remote OR local host tables (depends on which is
current)
- L
- key - Produce LOG of current display entries (REMOTE or LOCAL)
- b
- key - Toggle display of BLUE entries (OLD)
- d
- key - Toggle display of DOMAIN entries (Name Server Queries)
- w
- key - Enter WATCH mode for viewing ROUTING stats and HOST packets
- <F10>, <END>
- or q key - Exits the program
Copyright (c) Gordon MacKay 1997, under GPL
Yes, but hopefully the program is better than it was...