SYNOPSIS

netwatch [ -h ] [-b] [-i dd.dd.dd.dd] [-m dd.dd.dd.dd] [-n] [ - t] [ -e ethnum ] [ -c netconfigfile ]

DESCRIPTION

Netwatch examines all the packets travelling on an ethernet and analyses the IP packets. The information is tallied according to the source and destination hosts. An ncurses display indicates a dual-list status for all hosts. The left display refers to LOCAL hosts. The right list refers to REMOTE hosts. It is possible to examine statistics (counts) on number of packets, bytes, IP service type and last communication host for each host. Use the arrow keys (left and right) to change the display.

OPTIONS

-e ethnum

ethnum is the name of the ethernet device to attempt to run with netwatch. (e.g. -e eth1 selects the eth1 device rather than the default eth0 device.

-c confignetfile

selects the name of the file which contains the ifconfig information. Note that this is not necessary since netwatch will use the route information from /proc/net to build all the information needed (without using ANY configuration file).

-b

For a transparent bridge, ignore every other packet... (older kernels)

-i dd.dd.dd.dd

Fake a local internet address for "this" machine... (useful in making fake local net for monitoring when combined with the -m option )

-m dd.dd.dd.dd

Fake the netmask which is used for the local net evaluation

-n

Do not resolve names (just display addresses)

-h

Simple help information

-t

Start Netwatch in TOP Mode (30 sec. startup delay)

USER COMMANDS

The following description will attempt to clarify what keys netwatch understands. It is important to know that the program is mode dependent. This means commands may change depending on the current mode. The primary mode is dual-list mode. In this mode use

<tab>

key - switch scroll display to the other list (dual-lists). Look for KEY.

<left>

key - Change display options (moving left through the options)

<right>

key - Change display options (moving right through the options)

<up>

key - Scroll to previous host page on the current list (see KEY) Change display options (moving right through the options)

<down>

key - Scroll to next host page on the current list (see KEY)

h

key - gives help screen

t

key - Toggle TOP mode (where 30 sec update on busiest hosts)

c

key - Clear counts for all hosts

n

key - Clean the remote & local host tables

N

key - Clean the remote OR local host tables (depends on which is current)

L

key - Produce LOG of current display entries (REMOTE or LOCAL)

b

key - Toggle display of BLUE entries (OLD)

d

key - Toggle display of DOMAIN entries (Name Server Queries)

w

key - Enter WATCH mode for viewing ROUTING stats and HOST packets

<F10>, <END>

or q key - Exits the program

AUTHOR

Gordon MacKay

		[email protected]

COPYRIGHT

Copyright (c) Gordon MacKay 1997, under GPL

BUGS

Yes, but hopefully the program is better than it was...