Entry submitted by Bart Veraart. DPOTD needs your help, please contribute!
Sometimes you just want to see what connections your machine is making to the outside world and what ports it’s using. While wireshark and tcpdump are really nice for inspecting detailed package contents. IPTraf is really about connections and interface statistics. Because iptraf is based on ncurses the program can be run from a text-console and still have a (primitive) `gui`. Navigation through the menus can be done using your arrow keys. Most of the time all the available options and their keys are shown on the bottomline of the sreen.
By default the program is not accessible by ‘normal’ users so you’ll need root access. Also iptraf can put your interfaces in promiscuous mode (this will probably show up in your logfiles as: ‘device eth0 entered promiscuous mode’). Promiscuous mode can be turned off and on in the configuration menu. If no options are given through the commandline iptraf starts up with a splashscreen and then a menu. Some of the menuitems can be reached directly from the commandline (try using ‘iptraf -i all’ if you want to startup in IP traffic monitoring mode).
There are some configuration options you might want to check. Turning on reverse DNS Lookups and service names comes in handy when using the IP traffic monitor. Iptraf comes with a separate reverse lookup server -rvnamed- wich is only started and used by iptraf to keep it from hanging on slow lookups. If there’s a lot of network traffic on your box try applying some filters.
Filters can be useful if you only want to see info about traffic on certain connections, ports and/or protocols. Filters can be saved, deleted and edited. Multiple rules can be defined.
(Click on the image to enlarge)
IPTraf has been available since ages ago in both Debian and Ubuntu.