setting svn:exports

[jnettop.git] / jnettop / README.UIA

Justin Killen writes:

listen:ASCII:<interface name>:<data size>:<bpf filter>:<max lines>

interface name  required - the name of the interface that we want to  attach to.
data size       optional - the literal text 'bits' to change the output to bits
                           instead of bytes (default is bytes).
bpf filter      optional - the bpf filter to use (default is all traffic on the interface).
max lines       optional - this specifies the maximum number of lines of data you
                           want returned (in the ncurses view, this is determined by
                           the terminal size, but there is no terminal here, so we must
                           specify explicitly)

This will respond in one of two ways:

if there is a problem:
listen:ASCII:NAK:<error>
where <error> is a textual representation of the error that occurred

or

listen:ASCII:<id>:ACK:<device>:<data size>:<bpf filter>:<max lines>
where <id> is the pid of the process (this is used by the proxy to  
determine which underlying jnettop session to send commands to)
and <device>, <data size>, <bpf filter>, and <max lines> are the  
initial request echoed back.



After initialization, jnettop will attach itself to the interface and  
start recording traffic.  When the user wants to view the results, type:

get:ASCII:<id>:<max wait>
where <id> is the pid of the proccess
and <max wait> is the max number of uSeconds to wait (in the event of  
no data being available yet, wait and check again)

The return data will be something like this (ip's changed for security):

get:ASCII:7007:0:ACK:TOTAL:::::11.8k/s:12.4k/s:24.2k/s
get:ASCII:7007:0:ACK:1.2.3.4:50:IP:1.2.3.5:50:5.67k/s:9.6k/s:15.3k/s
get:ASCII:7007:0:ACK:1.2.3.4:10375:TCP:1.2.3.5:22:3.09k/s:1.95k/s:5.05k/s
get:ASCII:7007:0:ACK:0.0.0.0:0:ARP:0.0.0.0:0:1.12k/s:0b/s:1.12k/s
get:ASCII:7007:0:ACK:1.2.3.4:53:UDP:1.2.3.5:51795:376b/s:168b/s:544b/s
get:ASCII:7007:0:ACK:1.2.3.4:53:UDP:1.2.3.5:56124:376b/s:168b/s:544b/s
get:ASCII:7007:0:ACK:1.2.3.4:53:UDP:1.2.3.5:57578:376b/s:168b/s:544b/s
get:ASCII:7007:0:ACK:1.2.3.4:53:UDP:1.2.3.5:54968:320b/s:168b/s:488b/s
get:ASCII:7007:0:ACK:1.2.3.4:53:UDP:1.2.3.5:60545:320b/s:152b/s:472b/s
get:ASCII:7007:0:ACK:0.0.0.0:0:ETHER:0.0.0.0:0:192b/s:0b/s:192b/s
get:ASCII:7007:0:ACK:1.2.3.4:53:UDP:1.2.3.5:54392:0b/s:0b/s:0b/s
get:ASCII:7007:0:ACK:1.2.3.4:53:UDP:1.2.3.5:57988:0b/s:0b/s:0b/s
get:ASCII:7007:0:ACK:1.2.3.4:53:UDP:1.2.3.5:55681:0b/s:0b/s:0b/s
get:ASCII:7007:0:ACK:1.2.3.4:53:UDP:1.2.3.5:54390:0b/s:0b/s:0b/s

The first line will be the total line, where all others are data  
lines.  Each entry is separated by a newline, and a double newline at  
the end to specify the end of the data set.  The fields are as follows:

for the total line
get:ASCII:<id>:<time waited>:ACK:TOTAL:::::<src bps>:<dst bps>:<total bps>
where <id> is the pid of the process
and <time waited> is the length of time (in uSeconds) that the  
request waited while looking for data (this happens if the data is an  
empty set - see [max wait] above in the get request)
and <src bps> is the RX
and <dst bps> is the TX
and <total bps> is RX + TX

for the other lines:
get:ASCII:<id>:<time waited>:ACK:<src address>:<src  
port>:<protocol>:<dst address>:<dst port>:<src bps>:<dst bps>:<total  
bps>
where <id>, <time waited>, <src bps>, <dst bps>, and <total bps> are  
the same as above
and <src address> is the source address,
and <src port> is the source port
and <dst address> is the destination address
and <dst port> is the destination port


Lastly, to end a session:
end:ASCII:<id>
where <id> is the process id.