jnettop - View hosts/ports taking up the most network traffic
[options] [-i interface] [-d filename] [-f filename] [-x rule]
This manual page documents briefly the jnettop
command. This manual page
is OBSOLETE. Please use jnettop -h as a main source of information about
captures traffic coming across the host it is running on and
displays streams sorted by bandwidth they use. Result is a nice listing of
communication on network by host and port, how many bytes went through this
transport and the bandwidth it is consuming.
These programs follow the usual GNU command line syntax, with long options
starting with two dashes (`-'). A summary of options is included below.
- -h, --help
- Show summary of options.
- -v, --version
- Show version of program.
- -c, --content-filter
- disable content filtering
- -d, --debug filename
- write debug information into file
- -f, --config-file filename
- reads configuration from filename. defaults to ~/.jnettop.
an example can be found at /usr/share/doc/jnettop/dot.jnettop.
- -i, --interface name
- capture packets on specified interface
- --local-aggr [none|host|port|host+port]
- set local aggregation to specified value
- -n, --no-resolver
- disable resolving of ip addresses
- -p, --promiscuous
- enables promiscuous mode on the sniffed interface
- --remote-aggr [none|host|port|host+port]
- set remote aggregation to specified value
- -s, --select-rule name
- selects one of the rules defined in .jnettop configuration
file (by it's name)
- -x, --filter rule
- allows for specification of custom filtering rule. this
allows for tcpdump(1) style syntax. don't forget to enclolse the
filter into quotes when running from a shell.
Program looks for settings in the file specified by parameter -f
defaults to ~/.jnettop. Configuration file is an ordinary text file with
keywords and their arguments. You HAVE to enclose arguments into double
quotes. Available keywords are:
- interface "<interface_name>"
- The interface keyword specifies network interface on
which to start listening. Example:
- local_aggregation [none|host|port|host+port]
- The local_aggregation keyword specifies initial
active local aggregation. Valid values are none, host,
port, and host+port. Example:
- promisc [on|off]
- The promisc keyword specifies, whether jnettop
captures packets in promiscuous mode. Example:
- remote_aggregation [none|host|port|host+port]
- The remote_aggregation keyword specifies initial
active remote aggregation. Valid values are none, host,
port, and host+port. Example:
- resolve [on|off]
- The resolve keyword specifies, whether resolving is
performed on the IP addresses or not.
- resolve_rule "<network address>"
"<network mask>" [normal|external] (<arguments>
- The resolve_rule keyword adds one resolver into list
of resolvers for specified address. When resolving, jnettop examines all
the rules in the order how they were specified in configuration file. If
the network address matches specified range, declared resolver is used.
Resolver can be normal, which means the standard DNS lookup or
external, which executes specified external program to perform
resolving. This can be used with bundled jnettop-lookup-nmb script, which
looks up IP addresses using nmblookup(1) tool. If a tool returns empty
string or DNS is not found, next rule is examined. If jnettop runs out of
rules, than the standard DNS lookup is executed.
resolve_rule "192.168.0.0" "255.255.255.0" normal
resolve_rule "192.168.0.0" "255.255.255.0" external
- rule "<rule_name>"
- The rule keyword defines a set of predefined
tcpdump(1)-like filters to apply. You can specify various filters as
"show me what 192.168.1.32" sends:
rule "show 192.168.1.32" "src 192.168.1.32"
- select_rule "<rule_name>"
- The select_rule keyword specifies initial active
predefined rule. The rule must be defined before this keyword is used.
select_rule "show 192.168.1.32"
- variable "<variable_name>"
- The variable keyword introduces a string variable
for use in future rule definitions. It can be used to shorten rule
variable "intranet" "net 192.168.0.0/16 or 10.0.0.0/8 or
- For more information, see README file or .jnettop example
configuration file included in distribution.
This manual page was originally written by Ari Pollak <firstname.lastname@example.org>,
for the Debian GNU/Linux system. Small changes were introduced by Jakub Skopal