What is IPTraf?

IPTraf is an interactive, colorful IP LAN monitor that allows you to view network traffic statistics in real-time. It's a valuable command-line utility for system administrators and network engineers to understand and troubleshoot network activity on their systems. IPTraf provides detailed information about network connections, protocols, and data transfer rates, making it an essential tool for network analysis.

Common IPTraf Commands

Here are some of the most common ways to use IPTraf:

Starting IPTraf

To start IPTraf in its default interactive mode, simply run the command:

iptraf

Monitoring a Specific Interface

You can specify which network interface IPTraf should monitor. For example, to monitor the eth0 interface:

iptraf -i eth0

Minimal Interface Monitoring

For a more streamlined view, use the -m flag along with the interface:

iptraf -m -i eth0

Monitoring a Specific IP Address

To focus on traffic related to a particular IP address:

iptraf -f 192.168.1.1

Logging Traffic to a File

IPTraf can log its output to a file, which is useful for later analysis. Use the -B flag for background operation and -L to specify the log file path:

iptraf -B -L /var/log/iptraf.log

Filtering Traffic

You can use filters to display only specific types of traffic. This requires a filter file:

iptraf -F /path/to/filter

Non-Interactive Mode

IPTraf can also be run in a non-interactive mode, often used for generating reports or specific statistics:

iptraf -g

Port Mode Monitoring

To specifically monitor TCP and UDP ports:

iptraf -d

Layout View

For live packet displays with a specific layout:

iptraf -l

Resetting Statistics

To clear and reset all current traffic statistics:

iptraf -z

Further Resources

• IPTraf-ng Official Website
• IPTraf-ng Man Page
• tcpdump - Network Packet Analyzer