CHANGES File for IPTraf 3.0.0
Changes to IPTraf 2.7.0 and new features in IPTraf 3.0.0
New filter behavior. Except for TCP traffic in the IP traffic
monitor, filters now do not automatically match reverse packets
for TCP and UDP IPTraf-wide. Rather, each filter entry has
a field which tells IPTraf whether to match packets flowing
in the direction opposite that specified.
The filters for non-TCP, non-UDP IP traffic (ICMP, IGRP, OSPF,
etc.) which never automatically matched packets flowing in the
opposite direction, now have that same option field. This way
related packets (like ICMP echo request/echo reply) can be
matched with a single entry.
Because reverse-matching is no longer the default IPTraf-wide,
the labels are now changed to read Source and Destination.
Default value for blank address filter fields is now 0.0.0.0,
rather than 255.255.255.255. Fields are therefore no longer
pre-filled with 0.0.0.0.
Miscellaneous IP filter entries feature a field for other IP
protocols not specifically indicated in the dialog. The user
must enter a comma-separated list of individual protocols or a
range. IP protocols are defined in the /etc/protocols file.
The IP traffic monitor consults the /etc/protocols file for
miscellaneous IP packets for the protocol names. Previously
recognized protocols (ICMP, UDP, OSPF, etc) are still looked up
internally for performance reasons.
The filter rule selection now indicates the mask in CIDR format
(e.g. 10.1.0.0/16) for clarity and to save screen space.
Filter selection list box is now alphabetically sorted.
Likewise, the CIDR notation can be used when entering IP address
data. However the CIDR notation is translated into a mask and
discarded. Subsequent editing of the filter will show the
Changed color coding for unknown IP packets (those looked up
from /etc/services to bright white on blue (instead of yellow on
red, which looked like "errors").
Added internal recognition for L2TP, IPSec AH, and IPSec ESP
Changed size of the IP traffic monitor's TCP hash table to 1033
buckets. Prime number used to improve hash efficiency.
A new function tx_box() has been added to the screen support
library as a solution to the ncurses box() function not accepting
the color set by wattrset(), at least on Red Hat 7.3. All calls
to box() have been replaced with this tx_box() instead. It takes
exactly the same parameters.
Added support for tun and brg (tunneling and bridging) interfaces.
Thanks to Marcio Gomes <tecnica_at_microlink.com.br>.
Modified logging options. The -L parameter now works with any
command-line invocation of a facility, even in foreground mode.
Added -I command-line parameter to override logging interval
(Thanks to the contributors of the -I and -L patches. I lost your
emails when SEUL reinstalled. Please acknowledge. Thanks.
Corrected promiscuous mode control code. It ignored Token Ring
Changes to IPTraf 2.6.1 and new features in IPTraf 2.7.0
Corrected bug wherein the detailed interface statistics
did not filter out the packets based on the selected
interface. Thanks to the members of the mailing list for
Corrected minor interface name comparison bugs in the
general interface statistics and TCP/UDP service statistics.
Corrected stale locks when IPTraf did not start due to an
improper terminal size.
Added support for additional DVB interfaces sm2*, sm3*, penta*.
Added support for wireless LAN interfaces (wlan*, wvlan*).
Fixed segfault that occurs when /proc/net/dev is empty or
contains no active interfaces. Thanks to Chris Armstrong
<wolfwings_at_zana.changa.nu> for actually trying it out.
Added error box to handle the /proc/net/dev error condition
Added error box when tx_operate_listbox is invoked on an empty
Changes to IPTraf 2.6.0
Corrected a segfault in the IP traffic monitor and TCP/UDP service
breakdown when a sort is attempted on an empty screen. Thanks
to <lord_at_elreyforce.org> for the report.
Corrected segfaults in the TCP/UDP service monitor when
scrolling using PgUp and PgDn (or space and '-'). Thanks
to Ross Gibson <windows_at_prefixservice.com>.
Corrected post-sorting PgUp problem in TCP/UDP monitor.
Corrected inaccuracies in the IP traffic monitor's TCP byte
counts and flow rates. *** THE BUG ADDRESSED BY THIS CORRECTION
DEFERS IPTRAF 2.6.0. ***
Adjusted black-and-white color scheme.
Minor adjustments to the printlargenumber() function.
Minor cosmetic adjustments.
New features in IPTraf 2.6.0 and changes to IPTraf 2.5.0
Added support for Token Ring interfaces. Thanks to many people
for help with patches and testing, including J. Kahn Koontz
<csjmk_at_eiu.edu>, Dan Seto <mail_at_seto.org>, and Tomas Dvorak
Added support for sbni long-range modem interfaces (Dmitry
Added support for Free s/WAN IPSec logical interfaces (Doug Nazar
Code cleanup. Got rid of an ugly goto in itrafmon.c. I hate
goto no matter what.
Moved write_timeout_log.c to tcptable.c.
Recoded the PgUp/PgDn routines in the IP traffic monitor,
TCP/UDP service monitor, and LAN station monitor. These
routines now directly manipulate the table pointers instead
of merely calling the single-line scrolling routines repeatedly.
Faster. More efficient.
Added a highlight bar to the IP traffic monitor, allowing better
readability, especially on long-line screens (> 80 characters),
and individual flow rate computation.
Added flow rates for the highlighted TCP flows (IP traffic
monitor) and TCP/UDP ports (TCP/UDP statistical breakdown) I
believe this is the best way to allow viewing of data rates
without excessively sacrificing CPU time for packet capture.
Filters now apply to all facilities except the packet size
breakdown and LAN station monitor. You can now view the loads
and protocol breakdowns on selected packets only using the
No more byte counters in the IP traffic monitor. This line now
just contains a simple packet counter at one end, and the TCP
flow rate information at the other.
Moved menu, selection listbox, and dialog box functions to a
separate support/ directory. These routines are first compiled
into a library and later on linked into iptraf.
Added a confirmation box to the main menu's Exit command. This
is as much for me as it is for a lot of people. I accidentaly
Added broadcast packet and byte counts to the detailed interface
Some cosmetic adjustment.
Added 5-minute timeout for rvnamed child processes.
New features in IPTraf 2.5.0 and changes to IPTraf 2.4.0
Now includes a more specific dialog for non-TCP and non-UDP
filters. Allows specification of packets by source and
destination IP addresses.
Better organized the filter management and manipulation
functions in fltedit.c, fltselect.c, othipflt.c, and utfilter.c.
othfilter.c renamed to fltselect.c, same thing with the .h.
All filters are now unified in a single data structure allowing
handling of TCP, UDP, misc IP, and non-IP toggles with one set
Separate TCP and non-TCP filter menus abolished, everything
is now grouped under a Filters... submenu under the main menu.
Corrected wrong placement of timer in the packet size breakdown.
Corrected scanning code for timed out entries in the IP traffic
monitor sort function. Wrong computation for elapsed time
resulted in active connections being placed in the list of
closed entries. Thanks to Gal Laszlo <slowTCP_at_hotmail.com> for
pointing out the symptom.
Added support for Frame Relay FRAD/DLCI interfaces. Thanks to
Raffaele Gariboldi <lele_at_italynetwork.it> for the information
Sorting is now done with the Quicksort algorithm.
IP Traffic Monitor now adds connection entries to the TCP window
upon the receipt of header-only packets. There are cases in which
we have to check for possible TCP scans which are implemented with
The reverse DNS lookup function revname() now times out after
five seconds, and stops reverse lookups for that session in case
Added some notes to the packet size breakdown window.
Moved rvnamed cache index update code such that updating of the
cache indexes will only be performed once fork() succeeds,
otherwise, the allocated slot will just be reallocated for
the next queries. This is so that should the fork() fail,
future invocations for that IP address won't have the rvnamed
parent thinking its resolving when there actually wasn't a child
performing the resolution. If the fork() problem condition was
temporary, the next invocation can still have rvnamed fork() off
to resolve the address. This of course assumes the IP address
hasn't expired from the cache.
Some cosmetic updates (as always).
The manual features a new format for the sidebars. Corrected
typos and spelling errors.
iptraf-x.y.z.tar.gz no longer comes with precompiled
binaries. However a separate iptraf-x.y.z.i386.bin.tar.gz will
come only with the precompiled x86 executable programs
New features in IPTraf 2.4.0 and changes to IPTraf 2.3.1
This version now allows multiple instances of the same facility
in different processes, but only one instance can monitor an
interface. Please see the RELEASE-NOTES file.
As a consequence of the above changes, the default names of the
logfiles then reflect the instance or interface being
monitored. See the RELEASE-NOTES file.
Implemented a dialog box allowing the user to log to a custom
Implemented -L command-line parameter to allow specification of
the log file name when IPTraf is started with the -B parameter.
Removed hardcoded UNIX-domain socket name bound by IPTraf, instead
a socket name is generated from the current time and pid. Also
removed hardcoded socket name in rvnamed, to which it directs
replies to IPTraf. rvnamed still binds to hardcoded socket names
IP Traffic Monitor can optionally display the source MAC addresses
for LAN-based packets. Added appropriate configuration item.
IPTraf now reads /etc/ethers in addition to its own database of
MAC addresses. Thanks to Frederic Peters <fpeters_at_debian.org> for
Moved time-related configuration items to a Timers... submenu to
save on screen space.
The version.h file no longer exists, rather, a plain version file
is in place containing merely the version number. The Makefile
reads this file, determines the target machine information
and passes this data to the compiler with -D parameters.
Imposed an upper limit of 200 on rvnamed child processes.
rvnamed should really not go runaway with a normally-functioning
DNS server, but I had the good fortune of experiencing a dead DNS
server while monitoring. Took my machine down real fast.
Precompiled executables now require glibc-2.1 dynamic libaries.
Included a Setup installation script to ease somewhat the
installation process (installation can still be done the old way
Reflected changes to manual.
Changes to IPTraf 2.3.0
Fixed segfault bug when sorting is attempted on an empty TCP
window. Thanks to Ramon van Elten <mainwave_at_datura.cx> for the
report and for the assistance in diagnosis.
Fixed cosmetic error (sort progress window doesn't disappear)
when attempt is made to sort a TCP window with only 1 entry.
Thanks again to Ramon for the report.
Updated some comments.
New features in IPTraf 2.3.0 and changes to IPTraf 2.2.2
Implemented sorting in the IP traffic monitor, TCP/UDP statistical
breakdown, and LAN station monitor. Great thanks go to Gal Laszlo
<slowTCP_at_hotmail.com> for the patch. (Note to Gal: I had to do a
heck of a lot of overhaul, and had to implement a clearer screen
design, but your patch provided the basis :) Thanks a lot.)
Implemented better bounds checking in the text input routine.
Added information boxes to TCP/UDP delete and detach filter
Added recognition of GRE packets. Modified non-TCP display filters
Fixed bug in unrecognized IP display and filter code.
Added filter item for unrecognized IP packets.
Removed leftover code from the old warning on IP masquerading.
Reflected changes and corrected typos in manual.
Changes to IPTraf 2.2.1
Fixed recognition problem with DVB interfaces.
Fixed small buffer overrun in TCP timeout log routine, which can
cause a segmentation fault under certain conditions.
Minor cosmetic adjustment in TCP connection window.
Changes to IPTraf 2.2.0
Fixed segfault in IP Traffic Monitor due to packets from an
unsupported link type.
Fixed segfault in promiscuous mode management module in the (rare)
case of a failure to save or load the interface flags from the
temporary storage files. Normally due to a bad installation.
Thanks to Udo A. Steinberg <sorisor_at_Hell.WH8.TU-Dresden.De> for
Added support for Ethernet-emulated FDDI interfaces. Thanks to Udo
A. Steinberg <sorisor_at_Hell.WH8.TU-Dresden.De> for the report and
help with the testing.
Added support for DVB interfaces, thanks to Alex
<vasile_at_keeper.meganet.ro> for the notification and the help.
Replaced inet_addr() references on filter address entries with
inet_aton(). This fixes failure of filters on packets with
255.255.255.255 in their source or destination address fields.
Thanks for Peter Magnusson for the report and the test
Overhauled TCP/UDP editing facility. Fixed bug wherein garbage
entries remain in the filter's parameter list even if an insert/
add dialog is aborted.
Fixed detailed interface statistics logging bug (activity and
packets-per-second figures were the same).
Apologies to Dustin Trammell for my failure to credit him for his
report on the behavior of IPTraf on bridges.
Changes to IPTraf 2.1.1 and new features in IPTraf 2.2.0
Immediate flushing of disk buffers after a log file write to
better accomodate separate logfile parsing scripts.
Addition of a manual and automatic clearing of closed and idle
TCP entries in the IP Traffic Monitor
Added a TCP closed/idle persistence configuration option to
control the TCP closed/idle clearing interval.
Clarified TCP timeout logfile entries.
Saves the state of the interface flags at startup of a facility,
and restores them on exit, allowing interfaces previously set to
promiscuous mode to retain that state. Important on bridges.
Thanks to Dustin D. Trammell <dtrammell_at_cautech.com> and Holger Friese
<evildead_at_bs-pc5.et-inf.fho-emden.de> for the patch. However, I had
to modify it a little more than a bit and had to overhaul quite a
good deal of the rest of the software to better accomodate
Promiscuous mode is set only when a facility is started, and
restored when it exits. Promiscuous mode is no longer forced at
menus. Restoration is not performed though if there is still
another facility running, but the interface state remains saved.
Fixed a minor bug in the LAN station monitor. The raw socket is
now closed when the facility exits. duh.
Fixed rare bug in the packet size distribution. The lock file didn't
get deleted if the raw socket open failed.
Changed the promiscuous mode option to "Force promiscuous".
Added PID's (a la syslog) to daemon log entries.
Minor cosmetic adjustments.
Changes to IPTraf 2.1.0
Fixed bug in the packet size statistical breakdown. The facility
didn't filter packets based on interface name, thus causing
inaccurate counts on systems with multiple network interfaces.
Fixed a few minor cosmetic errors.
Corrected some typographical errors in the manual.
Added a FAQ (or the beginnings thereof).
Added a spec file for RPM generation. Thanks to Dag Wieers
<dag_at_life.be>. I'm not a really good RPM'er beyond RPM
installation and removal. :)
Changes to IPTraf 2.0.2 and new features in IPTraf 2.1.0
Added non-IP to the display/logging filter selections
Added interface selection to the IP Traffic Monitor and LAN
Station Monitor (with an "All Interfaces" option).
Related to the above: now requires an interface name as an
argument to the -i and -l command-line parameters. 'all' may be
specified for monitoring all interfaces.
Added -B command-line parameter to fork program into the
background solely for logging purposes. Several people had
Corrected TCP/UDP filter file placement error. Included cfconv
program to move files to the proper place.
Added program-wide Ctrl+L sequence to redraw the screen if
corrupted by outside factors (write, talk, syslog).
Added TCP/UDP filter editing facility.
Corrected several possible buffer overruns in TCP/UDP filter
Corrected errors and reflected changes to manual and man pages.
Changes to IPTraf 2.0.1
Fixed a rarely-occuring but nevertheless severe segmentation fault
bug when long hostnames are coupled with long service names.
Great thanks go to Ronald Wahl <rwahl_at_gmx.net> for the advice and
the help. Ron, I'm really gonna find the time to do the code the
Right Way :)
Changes to IPTraf 2.0.0
Fixed minor non-IP byte count bug in detailed interface statistics.
Fixed minor cosmetic bug causing elapsed time indicator to appear
in the wrong line on screens not containing 25 lines. Thanks to
Uwe Storbeck <uwe_at_datacomm.ch> for the patch.
New features/changes in IPTraf 2.0 from 1.4.2
Now uses the new PF_PACKET socket family as its packet capture
mechanism. Requires Linux 2.2.
Added target/source IP addresses in ARP packet
request/reply packet entries in the IP traffic monitor. Also
added target/source MAC addresses to RARP request/reply entries.
Reorganized menu structure, see the README file for details.
Moved packet counts by size to a facility of its own. Added
corresponding -z command-line option.
New incoming/outgoing packet and byte counts and activity rates in
the detailed interface statistics facility.
Corrected a bug in the FDDI packet parsing code (wrong link type).
Added a check for the IFF_UP flag when generating interface
lists, to omit inactive interfaces (but still in /proc/net/dev).
This covers the General Interface Statistics and all interface
Now uses the maximum number of columns on the screen. High thanks
to Michael "M." Brown <m2brown_at_waterloo.ca> for the patch. Saved
me a lot of tedious work. :)
Reformatted TCP screen to show only one hostname:port per line,
with connections indicated by the green "brackets". I think
that's clear enough.
Added ARP/RARP opcode and target addresses in the ARP/RARP
Added vertical scrolling to the lower (non-TCP) window in the
IP traffic monitor to allow for long lines (ICMP, OSPF, some UDP).
Allowed for slightly longer host names in the lower IP traffic
Still increased the rvnamed cache size to 2048 entries.
Miscellaneous cosmetic changes.
Manual now includes screen shots and comes in HTML format only.
Changes to IPTraf 1.4.1
Fixed SEGV condition when attempts are made to load a filter list
application or deletion with a zero-length filter list file, which
could be caused by deleting the last filter. Thanks to Daniel
Savard <daniel.savard_at_gespro.com> for the report.
Makefile comes with the -m486 option commented out
Changes to IPTraf 1.4.0
Moved configuration status window to unobscure a long menu option.
Changes to IPTraf 1.3.0 and new features in 1.4.0
Support for PLIP interfaces.
Support for other ISDN encapsulations (specifically raw IP and
Cisco HDLC) high thanks to Gerald Richter <richter_at_ecos.de> for
the information and testing.
Added -q parameter to suppress the 1.3.0 masquerading warning for
users who wish to automate the various facilities from their
inittab and similar non-interactive fashions. Incorporated into
the Debian version of 1.3.0 by Debian maintainer Frederic Peters
(<fpeters_at_debian.org>, carried over to general release 1.4.0.
Added an option to change activity indications between kbits/s and
kbytes/s. On a suggestion by Paul G. Fitzgerald
Incorporated more flexible compile-time control of directories for
configuration, log, and other files. Thanks to Stefan Luethje
<luethje_at_sl-gw.lake.de> for the patch.
Corrected minor flaws in the default screen update delay code
(visually insignificant), that led to occasional skips of the
delays. (Call it nitpicking if you will. :))
Moved signal() calls to after terminal checks in iptraf.c,
allowing standard behavior of signals when error/warning messages
may still be sent to stderr. Allows the user to break out of it
with Ctrl+C at the terminal warning if so desired.
Reformatted IP traffic monitor log entries on Gerald Richter's
<richter_at_ecos.de> suggestions for easier processing with Perl
Included logfile rotation with the USR1 signal. Again on Gerald
Richter's <richter_at_ecos.de> suggestion.
Moved first-instance tag sequence to after the initscr() call.
Indicated IP fragments with no additional information in the lower
traffic monitor window. Datagram size, addresses, and interface
are still indicated.
Changed Non-IP count in IP traffic monitor to byte count
(including data-link header lengths) from packet counts.
Added some extra information for certain non-IP packets. These
may eventually grow, but not in too much detail, since this is an
IP-oriented utility. Thanks to David Harbaugh
<dlh_at_linux.cayuga-cc.edu> for the patch.
Removed bind() operation on raw socket to address a condition in
which the detailed interface statistics and TCP/UDP statistics
stop counting if an interface goes down then up again. This will
be studied further. Symptom report sent in by Roeland Jansen
Changed Ethernet/FDDI/PLIP description file formats from binary to
plain text, allowing database appends. Other files (configuration
and filters) are still binary. On a suggestion by David Harbaugh
Copied IP and upper-layer headers and some data from Ethernet,
PLIP, FDDI, and loopback frames into an aligned buffer. Avoids
SIGBUS on picky systems (like SPARCs) and general alignment
problems. I don't know yet which is worse, the overhead of
a 96-byte transfer or the performance hit with misaligned reads.
Thanks to Jonas Majauskas <jmajau_at_soften.ktu.lt> for reports and
Replaced __-type references with u_int-type references.
Increased cache array size in rvnamed to 1024 entries from the
previous 512, to better handle combinations of busy networks and
slow DNS servers.
Cleared up a few instructions in the Makefile, thanks to Arjan
New features in IPTraf 1.3.0 and changes to IPTraf 1.2.0
Experimental FDDI support. High thanks to Paonia Ezrine
<paonia_at_massart.edu> for the initial tests on the FDDI code. More
feedback is requested on the FDDI functionality. Bugs may still
Reestablished ippp interfaces (synchronous PPP over ISDN) after
reports that the ISDN problem was fixed with Linux 2.0.34.
Fixed fragmentation oversight in TCP/UDP service monitor.
Applied the bind() system call to the raw socket to have the
kernel filter out packets from interfaces we're not interested in.
Makes for better capture times on multiple-interfaced machines.
However, a strncmp() is still performed on the returned interface
name to counter the race condition between the socket() and bind()
Fixed interface statistics print routines to print unsigned
rather than signed numbers.
Added additional option to adjust screen updates. Useful for
IPTraf sessions run on remote terminals (thanks to Lutz Vieweg
<lkv_at_isg.de> for the suggestion and Dean Gaudet
<dgaudet_at_arctic.org> for the base patch. I modified it a bit,
Discovered terrible performance penalty due to screen refresh with
heavily loaded LAN segments. Therefore, with the new screen
update interval option set to 0, all facilities have a 50 ms delay
between refreshes (exception: the LAN station monitor has a delay
of 100 ms). This is still visually fast (although updates
look kinda slower), but this gives more time to packet capture,
therefore increasing accuracy and capture performance. Thanks to
everyone who responded to my request for advice on this matter and
to Ronald Wahl <rwahl_at_gmx.net> for giving me the symptom report.
Modified IP traffic monitor to mark TCP connection entries for reuse
once one side is fully closed and acknowledged ("CLOSED" on the
screen) and the other closed but even if not acknowledged ("DONE"
on the screen. This is because many times, the last ACK gets lost.
Included an additional parameter used together with the other
command-line arguments to specify an amount of time for which the
selected facility would run before automatically terminating (on a
suggestion by Linux HOWTO coordinator Tim Bynum
Supplemented the main data structure for the IP traffic monitor
with an open hash table for increased search efficiency,
especially after the facility has been running for quite some
time (the other facilities, which don't grow as much still use
linearly-searched linked lists. I'll probably hash them depending
Fixed rare bugs in various facilities that caused IPTraf to
attempt to proceed even in the event of a raw socket open failure.
Fixed SEGV condition when IPTraf is invoked with a command-line
parameter that cannot be parsed with getopt().
Added labels to LAN address description selection box.
Fixed unsightly LAN address description dialog scrolling.
Added a separator feature to the menurt.c module, allowing
separation lines within menus.
Added separator lines between related groups of menu items in both
main and configuration menus.
Changed the Options main menu item to Configure.
Added the space bar and the '-' key as "unofficial" alternates to
the PgUp and PgDn keys (it's not in the manual).
Transferred Ethernet description facility option to the Configure
submenu, and added a related facility for FDDI addresses.
Removed Ethernet-specific references where FDDI and (potentially)
other LAN technologies also fit. We'll just use "LAN" as a
Adjusted detailed statistics screen to automatically generate the
appropriate packet size distribution brackets based on interface
MTU. This means the brackets may no longer end on numbers
divisible by 10, but rather on boundaries based on the MTU divided
by 16 (the number of brackets). But at least 1500 is not
hardcoded anymore as the maximum.
Related to the immediately preceeding change: packet size
distribution updates are done one at a time now, no longer as a
whole bunch. In other words, as a frame arrives, only the
appropriate bracket is updated.
Also related to previous two: changed basis for packet size
distribution to the Ethernet frame length from the IP datagram
length (which really doesn't matter except for a few frames).
Fixed bug which causes the existing log interval to multiply by 60
when the dialog is aborted (instead of retaining the current
setting). Thanks to Chris Higgins <chiggins_at_pobox.com> for the
bug report and the patch. (I had to modify it a bit to fit in
with the screen update interval patch sent in by Dean Gaudet.)
Potentially large counts have been changed to type "unsigned long
long" to significantly increase running time on heavily loaded
networks, plus automatic switching of denominations (from exact
counts to K(ilo) to M(ega) to G(iga) to T(era)) to prevent screen
disruption (on a suggestion by Lutz Vieweg <lkv_at_isg.de>).
Separated log file into different logs for each facility.
Moved log files to /var/log/iptraf to avoid mixing them with the
mess in the /var/local/iptraf directory. At least that way,
we humans don't have to look in /var/local/iptraf anymore.
Relaxed multiple-instance restriction from a
no-multiple-instances-of-IPTraf requirement to a
no-multiple-instance-of-the-same-facility. In other words,
several copies of IPTraf can run, but only one instance of each
facility can run at any one time. The -f parameter removes the
tags, overriding the restrictions on that IPTraf instance. This
modification was done to address needs indicated by Chris Panayis
Added a startup warning box if IPTraf detects IP Masquerading
enabled on the computer. IPTraf will continue to work, but its
results may be quite confusing. The detection is done by
Modified additional port facility to accept ranges of ports rather
than several single port numbers (on a suggestion by Lutz Vieweg
Reduced minimum number of lines from 25 to 24 for better VT100
Miscellaneous cosmetic retouches. (I consider user interface an
important factor too, ya know! :)
Distribution binary now comes statically linked with ncurses 4.2.
You may recompile to suit your system.
Included manual pages derived from the Debian GNU/Linux 2.0
distribution. Man pages written by Frederic Peters
<fpeters_at_debian.org> who is now maintaining the Debian IPTraf
Reversed version order (newest first) in the CHANGES file.
New features in IPTraf 1.2.0 and changes to IPTraf 1.1.0
Increased buffer size in ifstats.c for /proc/net/dev lines to 161
to better accomodate the longer lines in the new 2.1.x kernels
(which will be carried over to the new stable kernel series).
Based on bug reports by Dop Ganger <DopG_at_sprint.ca> and Christoph
Lameter <christoph_at_lameter.com> et al.
Fixed rarely occuring high CPU utilization bug occuring whenever
a terminal connection is lost, resulting in a SIGHUP which is
ignored. (This is an example of a software author's temporary
insanity. I mean, what sane programmer would set SIGHUP to
SIG_IGN for a terminal-based program huh? Thought so :) Thanks
to Dop Ganger <DopG_at_sprint.ca> for the symptom report.
Refined Ethernet station monitor rate updates and scrolling code.
Fixed autosave bug for non-TCP filters (this was working before
1.1.0. All of a sudden, the function call disappeared
mysteriously. Must have been sleepy that time :)
Fixed bug in UDP filter default settings.
Added option to display TCP and UDP ports in either name form or
numeric form (on a suggestion by Felix von Leitner
<leitner_at_math.fu-berlin.de> and others).
Added facility to describe Ethernet addresses for the Ethernet
station monitor (to address needs as presented by Erlend Middtun
<erlendbm_at_funcom.com> via James Ullman <james_at_irc.ingok.hitos.no>)
Added an additional field to the TCP/UDP filter dialogs to allow
the user to "exclude" certain addresses from the display allowing
all others. Details on the new behavior are in the manual (on a
suggestion by Sean Hough <seh_at_javanet.com>)
Relaxed screen management code to better adjust to the number of
lines on the screen. As of this release, columns are still based
on a maximum number of 80 though. Also under study is a
SIGWINCH handler, but this will have to come later (on comments and
suggestions by a *lot* of users...thanks guys :-) ).
Fixed a subtle bug in the rvnamed interface IPC code, resulting in
an accurate transfer of data but causing recvfrom() to return an
EINVAL at unpredictable intervals. Bug was an uninitialized address
structure length parameter. Code in both iptraf and rvnamed was
Eliminated unsupported interfaces from interface selection lists.
Included enforced restriction disallowng multiple instances of
IPTraf and an overriding command-line parameter. (This may
just be temporary, in lieu of a more elegant solution).
Included autosave for TCP and UDP filters. Filters now survive
IPTraf exits and restarts without requiring manual reapplication
(on a suggestion by Chad Clark <cclark_at_comstar.net>).
Included upgrade program and makefile rule to convert IPTraf 1.1.0
configuration and filter files to 1.2.0 format.
Clarified TCP/UDP and non-TCP/UDP filter error messages.
Color-coded the TCP and UDP protocol/port indicators in the
TCP/UDP service monitor for better identification.
Revised IP traffic monitor to query rvnamed only once per
invocation of the facility. Less overhead.
Revised IP traffic monitor to open and close the rvnamed
communication socket only once per invocation of the facility.
Added a 2-second delay after the rvnamed invocation to give
the daemon more than enough time to open its sockets.
Fixed SEGV condition which occurs when an attempt is made to
destroy an interface list never loaded (which could only occur
if the /proc system is unreadable, something which shouldn't
happen on any decent Linux system).
Moved filter list load routine to fltmgr.c, for better linking with
the cfconv module.
Makefile now installs rvnamed together with the iptraf executable
in /usr/local/bin by default.
Added table of contents (hyperlinked in the HTML version) to the
Cleaned up the Makefile.
New features in IPTraf 1.1.0 and changes to IPTraf 1.0.3
Added command-line options for direct facility access from the
shell, and an appropriate help screen for IPTraf invocation (on a
suggestion by BJ Goodwin <latency_at_radiolink.net>).
Added separate DNS reverse name lookup program (rvnamed) for
quicker response time on reverse DNS lookups. Subsequently
modified the revname function to use the new functionality.
This also required additions of address resolution state fields
to struct tcptableent in tcptable.h.
Added checkrvnamed() and killrvnamed() to revname.c, used by
itrafmon.c to query and stop the rvnamed daemon.
Added scrolling capability to the general interface statistics.
Interface list will now grow as packets from newly created
interfaces are received (e.g. PPP interfaces). This now makes
IPTraf better suited to monitor Linux machines configured as
Interface selection lists can now be scrolled.
Increased maximum number of entries in for the non-TCP window
in the IP traffic monitor from 256 to 512.
Fixed SEGV condition in itrafmon.c that happens whenever the
Down cursor key is pressed with the lower window active, but
not yet full.
Added elapsed time indicators to each facility, showing the
hours and minutes that have passed since the start of the
monitor (on a suggestion by James Ullman
Changed ncurses include file references from <ncurses.h>
Cleaned up preprocessor code for glibc2 support. Thanks for
help and suggestions from John Labovitz <johnl_at_meer.net>. Thanks
also for a test account on debs.fuller.edu opened by Christoph
Fixed SEGV condition which may occur when trying to close the
log file which may never have opened (thanks to John Labovitz
<johnl_at_meer.net> for the patch).
Adjusted cosmetic code to better indicate the closed status in
the TCP monitor.
TCP and UDP filters now accept host names in in place of IP
addresses. Host names will be resolved and can still be used
with wildcard masks (may be useful for names that resolve to
several IP addresses)
Distribution now includes an HTML-formatted manual.
Changes to IPTraf 1.0.2
Fixed SEGV condition when scrolling commands are applied to
an empty Ethernet station monitor
Distribution executable now comes compiled with -m486 by default.
Binary will still execute on a 386, but a 486 or higher is still
Changes to IPTraf 1.0.1
Fixed conflicting hotkey for non-TCP filter menu items RARP and
IGRP (the "R" key). Changed the shortcut key for RARP to "P".
Modified layer-2 header stripping code to cleanly ignore packets
from unrecognized interfaces (see README).
Fixed "duplicate port" misbehavior for the "Additional port"
dialog's Cancel command
Added error-checking for the port list file open sequence.
Added PgUp/PgDn capability to the facilities that can be scrolled
(IP traffic monitor, TCP/UDP services, and Ethernet station
Cleaned up scrolling code a bit.
Fixed bug in the non-TCP logging facility that caused extraneous
log entries whenever the window is scrolled.
Sent non-fancy messages to standard error rather than standard
Changed a few messages
Changes to IPTraf 1.0.0
Fixed X/Ctrl-X keystroke bug in the General Interface Statistics
module (thanks to BJ Goodwin <latency_at_radiolink.net>). This was
kinda an emergency, so I fixed this and released 1.0.1