Police your network traffic with IPTraf
Published: 30 Apr 2002 12:33 BST
If you're looking for a simple, reliable network monitoring tool that can be installed on minimal hardware, the free, open source application IPTraf may be just the ticket. IPTraf takes it easy on your budget--commercial alternatives such as Sniffer can run about £2,000--and still offers several handy features, such as custom display filters.
In this article, I'm going to tell you where to get this open source solution, how to install it, and how to use it to create custom display filters for network traffic information.
What it takes
The full list of IPTraf's requirements looks like this:
Hardware minimum requirements
- 16 Megabyte of physical RAM (At least 64MB is recommended for very busy networks).
- 2 MB of free disk space for installation (more will be needed if you log high amounts of traffic over time).
- Pentium-class processor or higher (Pentium II 200 MHz or higher recommended) or equivalent
- One or more of the commonly supported network interface cards (such as cards from 3Com or Intel)
Operating system requirements
- Linux kernel 2.2.0 or higher
- GNU C library 2.1 or later
- ncurses 4.2 or later with the complete terminfo database in /usr/share/terminfo. (Support for Linux > 2.2.x, vt100, xterm, xterm-color is recommended.)
Compilation requirements for building from the source code
- gcc 2.7.2.3 or later
- GNU C (glibc) development library 2.1 or later
- ncurses development libraries 4.2 or later
All of these requirements are met on the newer distributions, dating roughly from the release of Red Hat 7.0. For this article, I tested IPTraf installation with Red Hat 7.2.
Getting and installing IPTraf
The source for IPTraf is available from its Web site. Download the latest tar file (as of this writing, it's 2.5.0) and save it as root to the /usr/local directory. Change to the /usr/local directory with cd /usr/local and install the software by running the following commands:
tar xvzf iptraf-2.5.0.tar.gz
cd iptraf-2.5.0
./Setup
Once the installation is complete, the resulting iptraf binary will be in /usr/local/bin and must be run as root.
Running IPTraf
Open a console sized at 80 columns x 24 lines--the only size at which IPTraf will display. Next, su to root (only root can run IPTraf) and run the command iptraf. You'll be greeted with a splash screen that details product information, including version, author's name, copyright information, and license information. Press any key to continue. The next screen, shown in Figure A, will present a number of options.
| Figure A |
![]() |
| IPTraf's menu highlights action keys in light blue. |
From this main menu, scroll down to Configure, or press the o key (highlighted in light blue). In the Configure menu, you can adjust a number of options, from Reverse DNS Lookup to Closed/Idle Persist. For example, I'm going to set Logging to On. To do this, scroll down with the cursor keys to the Logging entry and press [Enter]. You'll see the Logging entry on the right change from Off to On.











