From: Vadim Kochan <vadi...@gmail.com>
Add short info about timestamping enabling & conection
dutration time feature.
Signed-off-by: Vadim Kochan <vadi...@gmail.com>
---
flowtop.8 | 11 +++++++++++
1 file changed, 11 insertions(+)
diff --git a/flowtop.8 b/flowtop.8
index 2debc50..48edd77 100644
--- a/flowtop.8
+++ b/flowtop.8
@@ -26,6 +26,7 @@ local system, e.g. for debugging purposes or to answer
questions like:
* To which countries am I sending data?
* Are there any suspicious background connections on my machine?
* How many active connections does binary Y have?
+ * How long active conections lives ?
.PP
The following information will be presented in flowtop's output:
.PP
@@ -36,6 +37,7 @@ The following information will be presented in flowtop's
output:
* Flow port's service name heuristic
* Transport protocol state machine information
* Byte/packet counters (if they are enabled)
+ * Time duration (if timestamp is enabled)
.PP
In order for flowtop to work, netfilter must be active and running
on your machine, thus kernel-side connection tracking is active. If netfilter
@@ -60,6 +62,15 @@ have these counters be active all the time the parameter
should be enabled after
the system is up. To automatically enable it, sysctl.conf(8) or sysctl.d(8)
might be used.
.PP
+To calculate connection's duration time flowtop enables the sysctl(8) parameter
+\[lq]net.netfilter.nf_conntrack_timestamp\[rq] via:
+.in +4
+.sp
+echo 1 > /proc/sys/net/netfilter/nf_conntrack_timestamp
+.sp
+.in -4
+and resets it to the previously set value on exit.
+.PP
flowtop's intention is just to get a quick look over your active connections.
If you want logging support, have a look at netfilter's conntrack(8) tools
instead.
--
2.4.2
--
You received this message because you are subscribed to the Google Groups
"netsniff-ng" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to netsniff-ng+unsubscr...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
