Chapter 13 Network Monitor and Statistics (ºô¸ôªººÊ±±»P¬y¶q¤ÀªR)
²¤¶
1.¦w¸Ë
1.1.¨t²Î»Ý¨D
1.2.¦w¸Ë
1.3.±Ò°ÊIPTraf
1.4.©R¥O¦æ¿ï¶µ
1.5.¶i¤J¥\¯àªí¤¶±
2.¨Ï¥ÎIPTraf
2.1.¤@¯ë¸ê°T
2.2.IP¬y¶qºÊµø
2.3.ºô¸ô¤¶±ªº¤@¯ë¸ê°T²Îp(General Interface Statistics)
2.4.ºô¸ô¤¶±ªº²Ó¸`¸ê°T²Îp(Detailed Interface Statistics)
2.5.²Îp¤ÀªR(Statistical Breakdowns)
2.6.°Ï°ìºô¸ô¤u§@¯¸²Îp(LAN Station Statistics)
3.Åã¥Ü¿zÀ˵{¦¡(Display Filter)
3.1.TCP¿zÀ˵{¦¡(TCP Filters)
3.2.¨ä¥L¨ó©w¿zÀ˵{¦¡
4.IPTraf¥\¯à³]©w
4.1.¶}Ãö¿ï¶µ
4.2.®ÉÄÁ¿ï¶µ(Timers)
4.3.°ð¸¹³]©w¿ï¶µ
4.4.°Ï°ìºô¸ô¤u§@¯¸ÃѧO¸¹(LAN Station Identifiers)
5. °Ñ¦Ò¸ê°T
²¤¶
IPTraf¬O¤@®Mºô¸ôºÊ±±¤u¨ã¡A¥¦¥i¥H¦¬¶°¦UºØªºTCP/UDP«Ê¥]¡AÁÙ¦³°O¿ý¦UÓ«Ê¥]ªº³s½uª¬ºA¡A¥H¤Î°O¿ý°Ï°ìºô¸ôªºª¬ºA¡C
IPTraf¥i¥H¼sªx¦a¥Î©ó¤A¤Óºô¸ô¥d¡AFDDI¤¶±¥d¡BISDN¥H¤Î¥ô¦ó«D¦P¨BSLIP/PPP¤¶±¡C
1.¦w¸Ë
1.1.¨t²Î»Ý¨D
½sĶ¡B¨Ï¥ÎIPTraf»Ýn¨ã³Æ¥H¤U±ø¥ó¡G
80386©ÎªÌ§ó¦nªº¹q¸£¡CIPTraf¥i¯à¤]¥i¥H¥Î©ó¨ä¥LÅé¨tªº³B²z¾¹(SPARC¡BAlpha¡BM68K¡BPowerPCµ¥)¡C
Linux 2.2.0¥H¤Î§ó·sª©¥»¤º®Ö ¡C
8M¥H¤Wªº°O¾ÐÅé¡A16M¥H¤WªºµêÀÀ°O¾ÐÅé¡C
¦pªG§An¦Û¤v½sĶ¡A»Ýnncurses©Mpanels°ÊºA®w¡C
/usr/share/terminfo¤ºªºTerminfo¸ê®Æ®w¡C
±±¨î¥x©ÎªÌ²×ºÝ¾÷¡C
¤A¤Óºô¸ô¡BFDDI¡BISDN¡BPLIP©ÎªÌ«D¦P¨BSLIP/PPP¤¶±¡C
IPTraf¤£»ÝnX Window¨t²Î¡C
1.2.¦w¸Ë
¤j³¡¥÷ªºlinux®M¥ó¤w¸g´N¦³Iptraf, ¥i¥Hª½±µ±q¥úºÐ¦w¸Ë¡C
¤]¥i¥H±qhttp://iptraf.seul.org¤U¸üIPTraf¡CµM«á¨Ï¥Î¦p¤U©R¥O¦w¸ËIPTraf¡G
¸ÑÀ£¤å¥ó
#tar zxvf Iptraf-2.4.0.tar.gz
#cd iptraf-x.y.z
°õ¦æsetup¸}¥»¡A³o¤@¨Bn¥Hrootªº³\¥iÅv¶i¦æ¡Asetup·|¦Û°Ê½sĶ¨Ã§âIPTraf¦w¸Ë¨ì/usr/local/bin¥Ø¿ý¤¤,¦P®É¤]·|«Ø¥ß¨ä¥Lªº¥Ø¿ý¡G
./Setup
1.3.±Ò°ÊIPTraf
¦w¥þ§¹¦¨¤§«á¡A¥un¦bshell¤¤¿é¤J¡G
#iptraf
´N¥i¥H±Ò°ÊIPTraf¡Cª`·N, ¨Ï¥Îiptraf»Ýnroot³\¥iÅv¡CIPTraf»Ýn¤Þ¥Î/usr/share/terminfo¥Ø¿ý¤¤ªº²×ºÝ¸ê°T¸ê®Æ®w¡A¦]¦¹¦pªG³oӥؿý¦ì©ó¨ä¥Lªº¦ì¸m¡AIPTraf±N¿é¥X"Error
opening terminal"¿ù»~¸ê°T¤§«á¡A±Ò°Ê¥¢±Ñ¡C¤@¯ë¦bSlackware¤¤¥i¯à¥X²{³oºØ¿ù»~¡A¦]¬°¦bSlackwareµo§G¤¤¡Aterminfo¤@¯ë¦ì©ó/usr/lib/terminfo¡C³oºØ±¡ªp¥i¥H
¶ñ¥[¤@Ó³s±µ¨Ó¸Ñ¨M¡G
#ln -s /usr/lib/terminfo /usr/share/terminfo
1.4.©R¥O¦æ¿ï¶µ
»P¤j¦h¼ÆLinux¨t²Îªº©R¥O¤@¼Ë¡AIPTrafÁ٤䴩¤@¨Ç©R¥O¦æ°Ñ¼Æ¡AÁöµM¤£¦h¡C¥H¤U¬Oiptraf¤ä´©ªº©Ò¦³¥\¯à¿ï¶µ¡G
iptraf { [ -f ] [ -q ] [ { -i iface | -g | -d iface | -s iface |
-z iface | -l iface } [ -t timeout ] [ -B [ -L logfile ] ] ] | [ -h ] }
-i ºô¸ô¤¶±
ÅýIpTrafºÊµø¯S©wªººô¸ô¤¶±¡A¨Ò¦p¡Geth0¡C-i all ªí¥ÜºÊµø¨t²Îªº©Ò¦³ºô¸ô¤¶±¡C
-g
ºô¸ô¤¶±ªº¤@¯ë²Îp¸ê°T¡C
-d ºô¸ô¤¶±
Åã¥Ü¯S©wºô¸ô¤¶±ªº¸Ô²Ó²Îp¸ê°T¡C
-s ºô¸ô¤¶±
¹ï¯S©wºô¸ô¤¶±ªºTCP/UDP¸ê®Æ¬yµ{¶q¶i¦æºÊµø¡C
-z ºô¸ô¤¶±
°w¹ï¯S©w¤¶±¡A±N«Ê¥]¨Ì¤j¤p¶i¦æ¤ÀÃþ¤ÀªR¡C
-t timeout
¨ÏIPTraf¦b«ü©wªº®É¶¡«á¡A¦Û°Ê°h¥X¡C¦pªG¨S¦³³]¸mIPTraf´N·|¤@ª½¹B¦æ¡Aª½¨ì¥Î¤á«ö¤U¶h¥XÁä(x)¤~°h¥X¡C
-B
¨ÏIPTraf¦bI´º°õ¦æ¡C³æ¿W¨Ï¥ÎµL®Ä(³Q©¿²¤ª½±µ¶i¤J¥\¯àªí¤¶±)¡A¥u¯à©M-i¡B-g¡B-d¡B-s¡B-z¡B-l¤¤ªº¬YӰѼƤ@¶ô¨Ï¥Î¡C
-L filename
§â¨Æ¥ó°O¿ý¼g¤J¨ä¥LªºÀÉ®×(filename)¤¤¡C¦pªG¨S¦³«ü©w¡A´N§â¤å¥ó©ñ¦b¹w³]ªº¥Ø¿ý(/var/log/iptraf)¡C
-q
³oӰѼƲ{¦b¤w¸g¤£¥Î¤F¡C
-f
²M°£©Ò¦³ªºp¼Æ¾¹¡C
-h
Åã¥Ü²µuªºÀ°§U¸ê°T
1.5.¶i¤J¥\¯àªí¤¶±
¤£¨Ï¥Î¥ô¦ó°Ñ¼Æ¹B¦æIpTraf´N·|¶i¤J¥\¯àªí¤¶±¡C¨Ï¥Î¤W¡B¤U½bÀYÁä²¾°Ê¥\¯àªí¿ï¶µ¡CÁÙ¥i¥H¨Ï¥Î¥\¯àªí¤¤¥[«Gªº¦r¥À§@¬°¹B¦æ¬YÓ¥\¯à¶µ¥Øªº
¿ï¾ÜÁä¡C
2.¨Ï¥ÎIPTraf
2.1.¤@¯ë¸ê°T
2.1.1.¼Æ¦ìªí¥Ü
IPTraf¯à°÷p¶q±µ³q¹Lªº«Ê¥]¼Æ©M¦ì¤¸²Õ¼Æ¡CIPTraf·|¨Ï¥Î¤@¨Ç²Å¸¹¨Óªí¥Ü¸û¤jªº¼Æ¦r¡A³o¨Ç²Å¸¹¥]¬A¡GK(1x10E3)¡BM(1x10E6)¡BG(1x10E9¡BT(1x10E12)¡C³o¨Ç²Å¸¹©M¥¦Ì³q±`ªí¥Üªº¼Æ¥Ø¤£¤@¼Ë¡C¨Ò¦p¡G
1024K=1024000
1024M=1024000000
1024G=1024000000000
1024T=1024000000000000
2.1.2.¤ä´©ªººô¸ô¤¶±
IPTraf¥Ø«e¤ä´©¦p¤Uºô¸ô¤¶±:
lo
¥»¾÷¦^¸ô¤¶±¡C¨C¥x¾÷¾¹³£¦³³oÓ¤¶±¡AIP¦ì§}¬O127.0.0.1¡C
ethn(n>=0)
¤A¤Óºô¤¶±¡An¬O±q0¶}©lªº¾ã¼Æ¡Ceth0¬O²Ä¤@Ó¤A¤Óºô¤¶±¡Aeth1¬O²Ä¤GÓºô¸ô¤¶±¡C
fddin(n>=0)
FDDI(¥úÅÖ¤À´²¦¡¼Æ¦ì¤¶±)¤¶±¡An¬O±q0¶}©lªº¾ã¼Æ¡C
pppn(n>=0)
PPP(ÂI¨ìÂI¨ó©w)¤¶±¡An¬O±q0¶}©lªº¾ã¼Æ¡C
slin(n>=0)
SLIP(¦ê¦C½u¸ô¤¶±¨ó©w)¤¶±¡An¬O±q0¶}©lªº¾ã¼Æ¡C
ipppn(n>=0)
¨Ï¥ÎISDNªº¦P¨BPPP¤¶±¡An¬O±q0¶}©lªº¾ã¼Æ¡C
isdnn(n>=0)
ISDN¤¶±¡C
plipn(n>=0)
PLIP¤¶±¡C
2.2.IP¬y¶qºÊµø
°õ¦æIPTrafªºIP Traffic Monitor¥\¯àªí¶µ©ÎªÌ¨Ï¥Î-i©R¥O¦æ¡A§A´N¥i¥H¨Ï¥ÎIPTrafªºIP¬y¶qºÊµø¥\¯à¡C¨Ï¥Î³oÓ¥\¯à¡A§A¥i¥H§Y®É¦aºÊµøºô¸ô¤¶±¤W³q¹Lªº©Ò¦³
«Ê¥]¡CIPTrafªººÊµø¾¹¹ïIP«Ê¥]¶i¦æ¸Ñ½X¡AÅã¥Ü«Ê¥]ªº¯S©w¸ê°T¡A¨Ò¦p¡G¨Ó·½¦a§}©M¥Øªº¦a§}¡C°£¦¹¤§¥~¡A¥¦ÁÙ¥i¥H¿ë§O¥XIP«Ê¸Ëªº¨ó©w(¨Ò¦p¡GTCP¡BUDPµ¥)¡A¨ÃÅã¥Ü³o¨Ç¨ó©wªº¬Y¨Ç«n¸ê°T¡C
¡@
¡@
¡@
¡@
¡@
¡@
¡@
¡@
¡@
¡@
¡@
¡@
¡@
IPTrafªºIP¬y¶qºÊµø¾¹¦³¨âÓÅã¥Üµøµ¡¡C¨CÓµøµ¡³£¥i¥H¨Ï¥Î¤pÁä½Lªºup¡BdownÁä¤W¤Uºu°Ê¡C¨Ï¥Îw¥i¥H¤Á´«¬¡°Êªºµ¡¤f¡C
2.2.1.IP¬y¶qºÊµø¾¹ªº¤W³¡µ¡¤f
2.2.1.1.IP¬y¶qºÊµø¾¹¤W³¡µøµ¡Åã¥Ü¤º®e
IPTrafªº¬y¶qºÊµø¾¹¤W¥b³¡ªºªºÅã¥Üµøµ¡Åã¥Ü·í«eªºÀË´ú¨ìªºTCP³s±µ¡C¥Dn¥]¬ATCP³s±µªº¦p¤U¸ê°T¡G
¨Ó
·½¦a§}©M°ð
«Ê¥]p¼Æ
¦ì¤¸²Õp¼Æ
¨Ó
·½MAC¦a§}
«Ê¥]¤j¤p
µ¡¤f(window)¤j¤p
TCPºX¼Ð(flag)
ºô¸ô¤¶±
IP¬y¶qºÊµø¾¹Åã¥Ü¨âÓ¤è¦VªºTCP¬y¶q¡Aµøµ¡³Ì¥ªÃ䪺¬OTCP³s±µªº¨âºÝ(¥H¥D¾÷:°ðªº®æ¦¡Åã¥Ü)¡C¬°¤F¤è«KÅã¥Ü¡A¨CÓTCP³s±µ¹ï³£
¬Û¾F¤@°_Åã¥Ü¡C
IP¬y¶qºÊµø¾¹¤W³¡µ¡¤fªº¨CÓ±ø¥Ø³£¥]¬A¤Wz¸ê®Æ¡Aª`·N¡A¦³¨Ç¸ê®Æ¬O¤£Åã¥Üªº¡An«ömÁä¤~¯àÅã¥Ü¡C
2.2.1.2.Åã¥Ü±ø¥Ø±Æ§Ç
§A¥i¥H¹ï¤W¥b³¡µøµ¡ªºÅã¥Ü±ø¥Ø¶i¦æ±Æ§Ç¡C«ösÁä¥i¥HÅã¥Ü¤@ӱƧǥ\¯àªí¡C«öpÁä¡A·|¥H«Ê¥]ªº¼Æ¶q¶i¦æ±Æ§Ç¡F«öbÁä¡A·|¥H¦ì¤¸²Õ¼Æ¶i¦æ±Æ§Ç¡C
2.2.2.©³³¡Åã¥Üµøµ¡
IP¬y¶qºÊµø¾¹ªº©³³¡Åã¥Üµøµ¡Åã¥Ü¨ä¥LºØÃþªººô¸ô¬y¶q¡CIPTraf¤ä´©¥H¤U¨ó©w¡G
¥Î¤á¸ê®Æ³ø¨ó©w(User Datagram Protocol¡AUDP)
¤¬Ápºô±±¨î«Ê¥]¨ó©w(Internet Control Message Protocol¡AICMP)
¶}©ñ¦¡³Ìµu¸ô®|Àu¥ý(Open Shortest-Path First¡AOSPF)
¤º³¡¹h¹D¸ô¥Ñ¨ó©w(Interior Gateway Routing Protocol,IGRP)
¤º³¡¹h¹D¨ó©w(Interior Gateway Protocol,IGP)
¤¬Ápºô²ÕºÞ²z¨ó©w(Internet Group Management Protocol,IGMP)
General Routing Encapsulation (GRE)
¦ì§}¸ÑªR¨ó©w(Address Resolution Protocol, ARP)
¤Ï¦V¦ì§}¸ÑªR¨ó©w(Reverse Address Resolution Protocol,RARP)
¥t¥~¡A¹ï©ó¤£»{ÃѪºIP«Ê¥]¡AIPTraf·|Åã¥Ü¨ä¨ó©w½s¸¹¡F¹ï©ó«DIP«Ê¥]IPTraf·|¦bµ¡¤f¤¤«ü¥X¡C¦b©³³¡Åã¥Üªº±ø¥Ø¤¤¡AUDP«Ê¥]¤]¥H¦ì§}:°ðªº®æ¦¡Åã¥Ü¡FICMP±ø¥Ø¥]¬AICMP¨ó©wÃþ«¬¡C¬°¤F¥¿½T°Ï¤À¡A¨CºØ¨ó©w³£¨Ï¥Î¤£¦PªºÃC¦â¡C
©³³¡Åã¥Üµøµ¡¥i¥H®e¯Ç512Ó±ø¥Ø¡C¥i¥H¨Ï¥Î¤W¤U½bÀYÁäºu°Ê¡C¦pªG¹F¨ì¤F512Ó±ø¥Ø¡A¦A¦³·sªº±ø¥Ø¥[¤J¡A³Ì¦Ñªº´N·|³Q¥á±¼¡C¬Y¨Ç±ø¥Ø¥i¯à«Üªø¡A§A¤]¥i¥H¨Ï¥Î¥ª¥kÁäºu°ÊÅã¥Ü¡C¨Ï¥Îw¤Á´«¨âÓÅã¥Üµ¡¤fªº¬¡°Êª¬ºA¡C
2.3.ºô¸ô¤¶±ªº¤@¯ë¸ê°T²Îp(General Interface Statistics)
¥D¥\¯àªíªº²Ä¤GÓ¥\¯àªí¶µ¬Oºô¸ô¤¶±ªº¤@¯ë²Îp¥\¯à(General Interface
Statistics)¡C¦b¨äÅã¥Üµøµ¡¤¤¡AIPTraf·|Åã¥Ü³QºÊµøºô¸ô¤¶±ªº¤@¯ë²Îp¸ê°T¡A¥]¬A³o¨Çºô¸ô¤¶±¤W³q¹LªºIP¡B«DIP©MÃaIP(®ÕÅç©M¿ù»~)«Ê¥]ªº¼Æ¶q¡C
2.4.ºô¸ô¤¶±ªº²Ó¸`¸ê°T²Îp(Detailed Interface Statistics)
¥D¥\¯àªíªº²Ä¤TÓ¥\¯à¿ï¶µ¬Oºô¸ô¤¶±ªº²Ó¸`²Îp(Detailed Interface Statistics)¥\¯à¡C°£¤FGeneral Interface
Statistics¿ï¶µ´£¨Ñªº²Îp¸ê°T¤§¥~¡ADetailed Interface
Statistics¿ï¶µÁÙ´£¨Ñ¦³Ãöºô¸ô¤¶±ªº¨ä¥L¤@¨Ç§ó¬°¸ÔºÉªº²Îp¸ê°T¡C¥¦´£¨Ñ¦p¤U²Îp¸ê°T¡G
IP«Ê¥]¼Æ©M¦ì¤¸²Õ¼Æ¡C
TCP«Ê¥]¼Æ©M¦ì¤¸²Õ¼Æ
UDP«Ê¥]¼Æ©M¦ì¤¸²Õ¼Æ
ICMP«Ê¥]¼Æ©M¦ì¤¸²Õ¼Æ
«DIPÃþ«¬ªº«Ê¥]¼Æ©M¦ì¤¸²Õ¼Æ
¨ä¥LIPÃþ«¬ªº«Ê¥]¼Æ©M¦ì¤¸²Õ¼Æ
®ÕÅç©M¿ù»~p¼Æ
ºô¸ô¤¶±¬¡°Êª¬ºA
IP«Ê¥](IP¡BTCP¡BUDP¡BICMP¥H¤Î¨ä¥LIP)ªº¦ì¤¸²Õ¼Æ¥]¬AIPªíÀY©Mt¸ü¦ì¤¸²Õ¼Æ
§A¦pªG·Qª½±µ±Ò°Êºô¸ô¤¶±ªº²Ó¸`²Îp¥\¯à¡A¥i¥H¨Ï¥Î¦p¤U©R¥O¡G
#iptraf -d eth0(©ÎªÌ¨ä¥Lªººô¸ô¤¶±)
¥t¥~¡A§A¤]¥i¥H¥´¶}¤é»x¥\¯à¡A§âºô¸ô¤¶±ªº²Ó¸`²Îp¸ê°T°O¿ý¨ì¤é»x¤å¥ó¤¤¡A¹w³]ªº¤é»xÀɮצW¬Oiface_stats_detailed-iface.log¡A¨ä¤¤iface¥H¬ÛÃöªººô¸ô³]³Æ¦W(¨Ò¦p¡Geth0)¥N´À¡C
³oÓ¥\¯à¤]¬O«öx©ÎªÌqÁä¦^¨ì¥D¥\¯àªí¡C
2.5.²Îp¤ÀªR(Statistical Breakdowns)
¨Ï¥ÎIPTrafªº²Îp¤ÀªR(Statistical
Breakdowns)¥\¯à¡A¥i¥HÀ°§U§A³B²zºô¸ô³]¸m©MºÊµøºô¸ôªº¦w¥þ°ÝÃD¡CIPTrafªº²Îp¤ÀªR¥]¬A¡G«Ê¥]¤j¤p¤ÀªR©MTCP/UDP°ð¤ÀªR¡C
2.5.1.«Ê¥]¤j¤p¤ÀªR(Statistical Breakdown: Packet Sizes)
¦b¥D¥\¯àªíªº¿ï¾Ü¡GStatistical Breakdowns->By packet size´N¥i¥H¶i¤J«Ê¥]¤j¤p¤ÀªR¤¶±¡C¦b¦Ñª©¥»ªºIPTraf¤¤¡A³oÓ¥\¯àÄÝ©óºô¸ô¤¶±²Ó¸`²Îp(detailed
interface statistics)¡A«á¨Ó¤~¿W¥ß¥X¨Ó¡CIPTraf®Ú¾Úºô¸ô¤¶±³Ì¤j¶Ç¿é³æ¤¸(Maximum Transmission Unit¡AMTU)ªº¤j¤p¡A¹º¤À¥X20Ó½d³ò¡A²Îp
«Ê¥]¤j¤pªº¤À§G±¡ªp¡C
§A¤]¥i¥H¥´¶}¤é»x¥\¯à¡A§â«Ê¥]¤j¤p¤À§G¸ê°T°O¿ý¨ì¤é»x¤å¥ó¤¤¡A¹w³]ªº¤é»xÀɮצW¬Opacket_size-iface.log¡A¨ä¤¤iface¥H¬ÛÃöªººô¸ô³]³Æ¦W(¨Ò¦p¡Geth0)¥N´À¡C
¥t¥~¡A¨Ï¥Î¥H¤U©R¥O¦æ¥i¥Hª½±µ¶i¤J«Ê¥]¤j¤p¤ÀªR¤¶±¡G
#iptraf -z eth0
«öx©ÎªÌCtrl+XÁä°h¥X¡C
2.5.2.TCP/UDP¬y¶q¤ÀªR
IPTraf¤]¥i¥H¹ï¬y¹L¨CÓ°ð(¤p©ó1024)ªºTCP/UDP«Ê¥]¼Æ¶q¶i¦æ²Îp¡C
ª`·N¡GÅã¥Üµøµ¡Åã¥Üªº¦ì¤¸²Õ¼Æ¥]¬AIPªíÀY©MIPt¸ü¡A¤£¥]¬A¸ê®Æ³sµ²ÀY¡C¬°¤F«K©ó°Ï¤À¡ATCP©MUDPªºÃC¦â¦³©Ò°Ï§O¡ATCP¨Ï¥Î¶À¦â¡AUDP¨Ï¥Îºñ¦â¡C
¤@¨Çºô¸ôµ{¦¡¨Ï¥Î¤j©ó1023ªº°ð¡C¨Ò¦p¡G¦³¨ÇWEB¦øªA¾¹¨Ï¥Î8080°ð¡C¦b¹w³]¤¤¡AIPTraf¤£¹ï³o¨Ç°ðªº¬y¶q¶i¦æ²Îp¡C§A¥i¥H¨Ï¥ÎConfigure->Additional
port...¥\¯àªí¶µ¶ñ¥[¥t¥~ªº°ð¡C
¦pªG§A¥´¶}¤F¤é»x¥\¯à¡ATCP/UDP¬y¶q¤ÀªRªº¹w³]¤é»x¤å¥ó¬O/var/log/iptraf/tcp_udp_services-iface.log¡A¨ä¤¤iface¥H¬ÛÃöªººô¸ô³]³Æ¦W(¨Ò¦p¡Geth0)¥N´À¡C
§A¤]¥i¥H¹ïÅã¥Ü±ø¥Ø¶i¦æ±Æ§Ç¡C«ösÁä¥i¥HÅã¥Ü¤@ӱƧǥ\¯àªí¡F«öpÁä¡A·|¥H«Ê¥]ªº¼Æ¶q¶i¦æ±Æ§Ç¡F«öbÁä¡A·|¥H¦ì¤¸²Õ¼Æ¶i¦æ±Æ§Ç¡F«öTÁä¡A¥H¶i¤Jªº«Ê¥]¼Æ±Æ§Ç¡F«öOÁä¡A¥H¶i¤Jªº¦ì¤¸²Õ¼Æ±Æ§Ç¡F«öFÁä¡A¥H¦V¥~ªº
«Ê¥]¼Æ¶i¦æ±Æ§Ç¡F«öMÁä¡A¥H¦V¥~ªº¦ì¤¸²Õ¼Æ¶i¦æ±Æ§Ç¡F«ö¥ô·NÁä¨ú®ø±Æ§Ç¡C
¥t¥~¡A¨Ï¥Î¦p¤U©R¥O¥i¥Hª½±µ¶i¤JTCP/UDP¬y¶q¤ÀªR¤¶±¡G
#iptraf -s eth0
«öx©ÎªÌCtrl+XÁäªð¦^¥D¥\¯àªí©ÎªÌ°h¥X¡C
2.6.°Ï°ìºô¸ô¤u§@¯¸²Îp(LAN Station Statistics)
¨Ï¥ÎIPTrafªº°Ï°ìºô¸ô¤u§@¯¸²Îp¥\¯à(LAN Station
Statistics)¡A§A¥i¥H±o¨ì°Ï°ìºô¸ô¸`ÂI(¦b²VÂø¼Ò¦¡¤U¯à°÷ºÊÅ¥¨ìªº¸`ÂI¡A¦pªG¬O¥æ´«¾÷³s±µºô¸ô¥i¯àµLªk²Îp¬y¤J¡B¬y¥Xªº«Ê¥]¼Æ¶q¡A³o¶µ¥\¯à¹ï©ó¤A¤Óºô¡BFDDI¡BPLIP¦³®Ä¡A¦ý¬O¤£¯à¥Î©ó¥»¦a¦^
¸ô(lo)¡BISDN©MSLIP/PPPºô¸ô¡C²Îp¸ê°T¥]¬A¡G
¶i¤Jªº«Ê¥]¼Æ¥Ø
¬y¤JIP«Ê¥]¼Æ
¬y¤JÁ`¦ì¤¸²Õ¼Æ
¬y¤J³t²v
¬y¥X«Ê¥]Á`¼Æ
¬y¥X«Ê¥]¼Æ
¬y¥XÁ`¦ì¤¸²Õ¼Æ
¬y¥X³t²v¡C
³oùتº¦ì¤¸²Õ¼Æ¥]¬A¸ê®Æ³sµ²¼hªíÀY¡C³t²vªº³æ¦ì¥i¥H¬Okbits/s©ÎªÌkbytes/s¡A¥ÑActivity mode³]©w¿ï¶µ¨M©w¡C
§A¦pªG¥´¶}¤F¤é»x¥\¯à¡A©Ò¦³ªº²Îp¸ê°T´N·|³Q«O¦s¨ì/var/log/iptraf/lan_statistics-n.log¤å¥ó¤¤¡An¬O¹ê¨Ò¸¹(iptraf¥i¥H¦b¦P¤@¥x¥D¾÷¤W¹B¦æ¦h¦¸¤Á¤¬¤£¤zÂZ)¡C
¬°¤FºÞ²z¤è«K¡AIPTraf°Ï°ìºô¸ô¤u§@¯¸²Îp¥\¯àªºÅã¥Üµøµ¡¤ºªº±ø¥Ø¤]¥i¶i¦æ±Æ§Ç¡C«ös´N¥i¥H¼u¥X¤@ӱƧǹï¸Ü¡C¡AµM«á¡A«öPÁä¡A¥H¬y¤Jªº«Ê¥]¼Æ¶i¦æ±Æ§Ç¡F«öIÁä¡A¥H¬y¤JªºIP«Ê¥]¼Æ±Æ§Ç¡F«öBÁä¡A¥H¬y¤Jªº¦ì¤¸²Õ¼Æ¶i¦æ±Æ§Ç¡F«öKÁä½L¡A¥H¬y¥Xªº
«Ê¥]¼Æ±Æ§Ç¡F«öOÁä¡A¥H¬y¥XªºIP«Ê¥]¼Æ±Æ§Ç¡F«öYÁä¡A¥H¬y¥Xªº¦ì¤¸²Õ¼Æ±Æ§Ç¡C«ö¥ô·NÁä¨ú®ø±Æ§Ç¡C
«öX©ÎªÌQÁä½L¥i¥H±q°Ï°ìºô¸ô¤u§@¯¸²ÎpÅã¥Ü¤¶±°h¥X¨ì¥D¥\¯àªí¡C¨Ï¥Î¥H¤U©R¥O¦æ¥i¥Hª½±µ¶i¤J°Ï°ìºô¸ô¤u§@¯¸²ÎpÅã¥Ü¤¶±¡G
#iptraf -e
3.Åã¥Ü¿zÀ˵{¦¡(Display Filter)
¦b¹ê»Úªº¨Ï¥Î¤¤¡AIP¬y¶qºÊµø¾¹·|§Ö³tÅã¥Ü¤j¶q¸ê°T¡A¦Ó³o¨ä¤¤ªº¤j³¡¤À¸ê°T§A¥i¯à¨Ã¤£Ãö¤ß¡C³o®É¡A§A´N¥i¥H¨Ï¥ÎÅã¥Ü¿zÀ˵{¦¡¨Ó±±¨îIP¬y¶qºÊµø¾¹ªºÅã¥Ü¸ê°T¡C
3.1.TCP¿zÀ˵{¦¡(TCP Filters)
¨Ï¥Î³oÓ¥\¯à¡A§A¥i¥H©w¸q¤@¨Ç°Ñ¼Æ¨M©w¦bIP¬y¶qºÊµø¾¹Åã¥Ü¤¶±¤¤Åã¥ÜªºTCP³s±µ¡C
3.1.1.©w¸q¤@Ó·sªº¿zÀ˵{¦¡(Defining a New Filter)
¹w³]¦w¸ËªºIPTraf¨S¦³¥ô¦óªº¿zÀ˵{¦¡¡A¦]¦¹§A»Ýn©w¸q¦Û¤vªº¿zÀ˵{¦¡¡C¿ï¾ÜTCP Display Filters->Define new
filter...¥\¯àªí¶µ¡A·|¼u¥X¤@Ó¹ï¸Ü¤è¶ôÅý§A¿é¤J¤@Ó²µuªº¿zÀ˵{¦¡´yz¡C¿é¤J§¹¦¨¤§«á¡A«ö¦^¨®¡A·|¼u¥X¥t¥~¤@Ó¹ï¸Ü¤è¶ô¡An¨D§A¿é¤J¨Ó·½¦a§}©M¥Øªº¦a§}¡B¤lºô¸ô¾B¸n©MªA°È°ð¡C
ºô¸ô¦ì§}¥i¥H¬O³æ¤@¥D¾÷¡Bºô¸ô¥H¤Î¾ãÓºô¸ô¦ì§}ªÅ¶¡¡A¥Ñ¤lºô¸ô¾B¸n¨M©w¡C¨Ò¦p¡G
³æ¤@¥D¾÷ 207.0.115.44¡G
IP ¦a§}: 207.0.115.44
¤lºô¸ô¾B¸n: 255.255.255.255
ÄÝ©óºô¸ô202.47.132.xªº©Ò¦³¥D¾÷¡G
IP¦a§}: 202.47.132.0
¤lºô¸ô¾B¸n: 255.255.255.0
©Ò¦³IP¦a§}:
IP ¦a§}: 0.0.0.0
¤lºô¸ô¾B¸n 0.0.0.0
Include(¥]¬A)/Exclude(±Æ°£)°ì¨M©w¬O§_¦bÅã¥Üµøµ¡¤¤Åã¥Ü³oÃþ±ø¥Ø¡C
3.1.2.TCP¿zÀ˵{¦¡À³¥Î¥Ü¨Ò
ºÊµø202.47.132.1©M207.0.115.44¤§¶¡ªºTCP³s±µ
Host name/IP Address 202.47.132.2 207.0.115.44
Wildcard mask 255.255.255.255 255.255.255.255
Port 0 0
Include/Exclude I
ºÊµø¥D¾÷207.0.115.44©Mºô¸ô202.47.32.0¤§¶¡ªºTCP³s±µ¡G
Host name/IP Address 207.0.115.44 202.47.132.0
Wildcard mask 255.255.255.255 255.255.255.0
Port 0 0
Include/Exclude I
ºÊµø©Ò¦³ªºWEB³s±µ¡G
Host name/IP Address 0.0.0.0 0.0.0.0
Wildcard mask 0.0.0.0 0.0.0.0
Port 80 0
Include/Exclude I
ºÊµø±q¥ô·N¦ì§}¨ì¥D¾÷202.47.132.2ªºSMTP°ðªº¬y¶q¡G
Host name/IP Address 202.47.132.2 0.0.0.0
Wildcard mask 255.255.255.255 0.0.0.0
Port 25 0
Include/Exclude I
ºÊµø¥D¾÷sunsite.unc.edu¤§¶¡cebu.mozcom.comªº¬y¶q¡G
Host name/IP Address sunsite.unc.edu cebu.mozcom.com
Wildcard mask 255.255.255.255 255.255.255.255
Port 0 0
Include/Exclude I
©¿²¤ºô¸ô140.66.5.x©M¥ô·N¦a§}¤§¶¡ªº¬y¶q
Host name/IP Address 140.66.5.x 0.0.0.0
Wildcard mask 255.255.255.0 0.0.0.0
Port 0 0
Include/Exclude E
¦pªG©w¸q¤F¿zÀ˵{¦¡¡AIPTrafªºIP¬y¶qºÊµø¾¹±N¥uÅã¥Ü¿zÀ˵{¦¡«ü©w³s±µªº¬y¶q¡A¨ä¥L¤@«ß¤£Åã¥Ü¡C³oÃþ¦ü©ó¨¾¤õÀ𪺹w³]¸T¤îµ¦²¤¡C¦]¦¹¡A¦pªG§A·QºÊµø°£¤F¬YÓ¦ì§}¤§¥~ªº©Ò¦³³s±µ¡A§A¥u¯àº¥ý©w¸q¤@ӱư£Ãþ«¬ªº¿zÀ˵{¦¡¡A³Ì«á©w¸q¤@Ó¥]¬A(include)Ãþ«¬ªº¿zÀ˵{¦¡
¡C
¨Ò¦p¡G§ÚÌ·QÅã¥Ü©Ò¦³TCP³s±µ¤Wªººô¸ô¬y¶q¡A°£¤FSMTP¡BWEB°ð¥H¤Î207.0.115.44ªº³s±µ¡G
Host name/IP address 0.0.0.0 0.0.0.0
Wildcard mask 0.0.0.0 0.0.0.0
Port 25 0
Include/Exclude E
Host name/IP address 0.0.0.0 0.0.0.0
Wildcard mask 0.0.0.0 0.0.0.0
Port 80 0
Include/Exclude E
Host name/IP address 207.0.115.44 0.0.0.0
Wildcard mask 255.255.255.255 0.0.0.0
Port 0 0
Include/Exclude E
Host name/IP address 0.0.0.0 0.0.0.0
Wildcard mask 0.0.0.0 0.0.0.0
Port 0 0
Include/Exclude I
3.1.3.¨ä¥L¥\¯àªí¶µ
¿zÀ˵{¦¡©w¸q§¹¦¨¤§«á¡A§ÚÌ»Ýn¨Ï¥ÎApplying a Filter¥\¯àªí¶µ¨Ï¨ä¥Í®Ä¡F¥i¥H¿ï¾ÜEditing a Defined
Filter¥\¯àªí¶µ¡A½s¿è²{¦³ªº¿zÀ˵{¦¡¡F¿ï¾ÜDeleting a Defined Filter¥\¯àªí¶µ¡A§R°£¤@Ó¿zÀ˵{¦¡¡F¿ï¾ÜDetaching a
Filter¥\¯àªí¶µ¨Ï¤@Ó¿zÀ˵{¦¡¥¢®Ä¡C
3.2.¨ä¥L¨ó©w¿zÀ˵{¦¡
IPTrafÁ٤䴩¨ä¥LÃþ«¬ªº¿zÀ˵{¦¡¡C¤£¹L¡A°£¤FUDP¿zÀ˵{¦¡¤§¥~¡A¨ä¥L¨ó©w¿zÀ˵{¦¡³£¥u¬O¶}Ãö(¬O§_Åã¥Ü³oÃþ¨ó©w)¦Ó¤w¡CUDP¨ó©w¿zÀ˵{¦¡ªº³]¸m©MTCP¿zÀ˵{¦¡ªº³]¸m®t¤£¦h¡A³oùØ´N¤£¦h°µÂØz¤F¡C
4.IPTraf¥\¯à³]©w
§A¥i¥H¨Ï¥ÎConfigure¥\¯àªí¹ïIPTraf¶i¦æ³]©w¡A©Ò¦³ªº³]©w³£·|«O¦s¦b/var/local/iptraf/iptraf.cfg©ÎªÌ/var/iptraf/iptraf.cfg¡C¦pªG§ä¤£¨ì
³]©w¤å¥ó¡AIPTraf´N¨Ï¥Î¹w³]ªº³]©w¡C¦bIPTrafªº¥D¥\¯àªí¤¤¿ï¾ÜConfigure¥\¯àªí¶µ¡A´N¥i¥H¶i¤J³]©w¤¶±¡G
4.1.¶}Ãö¿ï¶µ
4.1.1.¤Ï¦V¬d¸ß(Reverse Lookup)
IPTraf¤ä´©¤Ï¦V¦WºÙ¸ÑªR¡A§âIP¦ì§}Âà´«¬°¥D¾÷¦W¡C¤£¹L¡A¥Ñ©ó¦WºÙ¤Ï¦V¸ÑªR¤ñ¸ûºC¡A¦]¦¹¥i¯à³y¦¨¥á¥]¡C¦b¹w³]±¡ªp¤U¡A³oӿﶵ¬OÃö³¬ªº¡C
4.1.2.TCP/UDPªA°È¦W(TCP/UDP service Names)
IPTraf¥i¥H¨Ï¥Î/etc/services¤å¥ó§â°ð¸¹Âà´«¬°¹ïÀ³ªºªA°È¦W¡A¨Ò¦p¡G80°ð¹ïÀ³WWWªA°È¡C¹w³]±¡ªp¤U¡A³oӿﶵ¤]¬OÃö³¬ªº¡C
4.1.3.±j¨î²VÂø¼Ò¦¡(Force promiscuous)
¥´¶}¤F³oӿﶵ¡A¥i¥H¨Ï§A¦Û¤vªººô¸ô³]³Æ¶i¤J²VÂø¼Ò¦¡¡C³o¼Ë¥i¥H®·Àò§A©Ò¦b°Ï°ìºô¸ôªº©Ò¦³«Ê¥]¡A³oӿﶵ¹ï¤A¤Óºô©MFDDI¦³®Ä¡A
4.1.4.¦â±m(Color)
¨M©w¬O§_±Ä¥Î±m¦âÅã¥Ü¤è¦¡¡C
4.1.5.¤é»x(logging)
¥´¶}¤é»x¥\¯à¡A¥i¥H¨ÏIPTraf§â²Îp©M¤ÀªRµ²ªG«O¦s¨ìºÏ¤ù¡A«K©ó¥H«áªº¤ÀªR¡C
4.1.6.¬¡°Ê¼Ò¦¡(Activity mode)
¤Á´«³t²v³æ¦ì(kbits/s©Mkbytes/s)¡C¹w³]ªº³t²v³æ¦ì¬Okbits/s¡C
4.1.6.Source MAC addrs in traffic monitor
¨M©w¬O§_¦bIP¬y¶qºÊµø¾¹¤¤Åã¥Ü«Ê¥]ªºMAC¨Ó·½¦ì§}¡A¹ï©ó¤A¤Óºô¸ô¡BFDDI©ÎªÌPLIPºô¸ô¤¶±¦³®Ä¡C¹ï©ó«DTCP«Ê¥](IP¬y¶qºÊµø¾¹ªº¤U³¡¤ÀÅã¥Üµøµ¡)«Ê¥]ªºMAC¨Ó·½¦ì§}ª½±µ¦bµøµ¡¤¤Åã¥Ü¡A¹ï©óTCP«Ê¥](IP¬y¶qºÊµø¾¹ªº¤W³¡¤ÀÅã¥Üµ¡)¡A»Ýn«öMÁä¡C
4.2.®ÉÄÁ¿ï¶µ(Timers)
§A¥i¥H¨Ï¥ÎTimers¤l¥\¯àªí³]¸mIPTrafªº¦UºØ®É¶¡¶¡¹j©M¶W®É®É¶¡¡C
4.2.1.TCP¶W®É(TCP Timeout)
³]¸mªÅ¶¢³s±µ±ø¥Ø«O¯dªº®É¶¡¡A¶W¹L³oӮɶ¡´N³Q¤@Ó·sªº³s±µ¥N´À¡C¹w³]ȬO15¤ÀÄÁ¡C
4.2.2.¤é»x§ó·s¶¡¹j(Log Interval)
³oӿﶵ³]¸m¨CÓ¦h¤Ö¤ÀÄÁ«O¦s¤é»x¸ê°T¡A¹w³]ȬO60¤ÀÄÁ¡C
4.2.3.¿Ã¹õ§ó·sÀW²v(Screen Update Interval
³oӿﶵ³]¸m¨C¶¡¹j¦h¤Ö¬íÄÁ§ó·s¿Ã¹õ¡C¹w³]ȬO0¡Aªí¥ÜºÉ¥i¯à§Ö¦a§ó·s¿Ã¹õ¡C
4.2.4.TCPÃö³¬/ªÅ¶¢«O¯d®É¶¡(TCP closed/idle persistence)
³oӰѼƨM©wÃö³¬¡BªÅ¶¢©M¶W®ÉªºTCP³s±µ¦bIP¬y¶qºÊµø¾¹Åã¥Üµøµ¡¤¤«O¯d¦h¤Ö¤ÀÄÁ¡C¹w³]ȬO0¡Aªí¥Ü¤@ª½«O¯d³o¨Ç³s±µ¡Aª½¨ì³Q·sªº³s±µ¥N´À¡C
4.3.°ð¸¹³]©w¿ï¶µ
4.3.1.ÃB¥~ªº°ð(Additional port)
¹w³]±¡ªp¤U¡AIPTraf¥u¹ï¤p©ó1024ªº°ð¸¹¶i¦æ¬y¶q¤ÀªR¡A¨Ï¥Î³oӿﶵ¥i¥H¶ñ¥[§A»Ýn¶i¦æ¬y¶q¤ÀªRªº°ð¡C³oӿﶵÁÙ¥i¥H©w¸q°ð½d³ò¡C
4.3.2.§R°£°ð/°ð½d³ò(Delete port/range)
¦ÛµM¬O©M¤W±ªº¿ï¶µ¬Û¤Ï¤F¡A§R°£¤W¤@ӿﶵ©w¸qªº°ð©ÎªÌ°ð½d³ò¡C
4.4.°Ï°ìºô¸ô¤u§@¯¸ÃѧO¸¹(LAN Station Identifiers)
IPTrafªº°Ï°ìºô¸ô¤u§@¯¸²Îp¬O°ò©óMAC¦ì§}ªº¡C¦ý¬O¤Q¤»¶i¦ìªºMAC¦ì§}«D±`Ãø¥H°O¾Ð¡A¦]¦¹IPTraf¤Þ¤J¤F°Ï°ìºô¸ô¤u§@¯¸
ÃѧO¸¹(LAN Station
Identifiers)¡C¨Ï¥Î°Ï°ìºô¸ô¤u§@¯¸ÃѧO¸¹(LAN Station Identifiers)¥i¥HÀ°§U§A§ó¦n¦a°Ï§O°Ï°ìºô¸ô¤ºªº¤u§@¯¸¡C
¦b¥D¥\¯àªí¤¤¿ï¾ÜEthernet/PLIP host descriptions or FDDI host
descriptions¥\¯àªí¿ï¶µ¡A´N·|¥X²{¤@Ó¤l¥\¯àªí¡A§A¥i¥H³q¹L³oÓ¤l¥\¯àªí¶ñ¥[¡B½s¿è§R°£.°Ï°ìºô¸ô¤u§@¯¸ÃѧO¸¹¡C
5. °Ñ¦Ò¸ê°T
1. http://iptraf.seul.org/ ºô¯¸¡M ¦³³Ì§¹¾ãªºµ{¦¡¤Î¤å¥ó¡C
¡@