Scroll to navigation

NETWATCH() NETWATCH()

NAME

Netwatch - Ethernet Internet Protocol Monitor

SYNOPSIS

netwatch [ -h ] [-b] [-i dd.dd.dd.dd] [-m dd.dd.dd.dd] [-n] [ - t] [ -e ethnum ] [ -c netconfigfile ]

DESCRIPTION

Netwatch examines all the packets travelling on an ethernet and analyses the IP packets. The information is tallied according to the source and destination hosts. An ncurses display indicates a dual-list status for all hosts. The left display refers to LOCAL hosts. The right list refers to REMOTE hosts. It is possible to examine statistics (counts) on number of packets, bytes, IP service type and last communication host for each host. Use the arrow keys (left and right) to change the display.

OPTIONS

ethnum is the name of the ethernet device to attempt to run with netwatch. (e.g. -e eth1 selects the eth1 device rather than the default eth0 device.
-c confignetfile
selects the name of the file which contains the ifconfig information. Note that this is not necessary since netwatch will use the route information from /proc/net to build all the information needed (without using ANY configuration file).
For a transparent bridge, ignore every other packet... (older kernels)
Fake a local internet address for "this" machine... (useful in making fake local net for monitoring when combined with the -m option )
Fake the netmask which is used for the local net evaluation
Do not resolve names (just display addresses)
Simple help information
Start Netwatch in TOP Mode (30 sec. startup delay)

USER COMMANDS

The following description will attempt to clarify what keys netwatch understands. It is important to know that the program is mode dependent. This means commands may change depending on the current mode. The primary mode is dual-list mode. In this mode use

<tab>
key - switch scroll display to the other list (dual-lists). Look for KEY.
<left>
key - Change display options (moving left through the options)
<right>
key - Change display options (moving right through the options)
<up>
key - Scroll to previous host page on the current list (see KEY) Change display options (moving right through the options)
<down>
key - Scroll to next host page on the current list (see KEY)
key - gives help screen
key - Toggle TOP mode (where 30 sec update on busiest hosts)
key - Clear counts for all hosts
key - Clean the remote & local host tables
key - Clean the remote OR local host tables (depends on which is current)
key - Produce LOG of current display entries (REMOTE or LOCAL)
key - Toggle display of BLUE entries (OLD)
key - Toggle display of DOMAIN entries (Name Server Queries)
key - Enter WATCH mode for viewing ROUTING stats and HOST packets
<F10>, <END>
or q key - Exits the program

AUTHOR

Gordon MacKay

		mackay@gmml.slctech.org

COPYRIGHT

Copyright (c) Gordon MacKay 1997, under GPL

BUGS

Yes, but hopefully the program is better than it was...