From: Vadim Kochan <vadi...@gmail.com> Add short info about timestamping enabling & conection dutration time feature.
Signed-off-by: Vadim Kochan <vadi...@gmail.com> --- flowtop.8 | 11 +++++++++++ 1 file changed, 11 insertions(+) diff --git a/flowtop.8 b/flowtop.8 index 2debc50..48edd77 100644 --- a/flowtop.8 +++ b/flowtop.8 @@ -26,6 +26,7 @@ local system, e.g. for debugging purposes or to answer questions like: * To which countries am I sending data? * Are there any suspicious background connections on my machine? * How many active connections does binary Y have? + * How long active conections lives ? .PP The following information will be presented in flowtop's output: .PP @@ -36,6 +37,7 @@ The following information will be presented in flowtop's output: * Flow port's service name heuristic * Transport protocol state machine information * Byte/packet counters (if they are enabled) + * Time duration (if timestamp is enabled) .PP In order for flowtop to work, netfilter must be active and running on your machine, thus kernel-side connection tracking is active. If netfilter @@ -60,6 +62,15 @@ have these counters be active all the time the parameter should be enabled after the system is up. To automatically enable it, sysctl.conf(8) or sysctl.d(8) might be used. .PP +To calculate connection's duration time flowtop enables the sysctl(8) parameter +\[lq]net.netfilter.nf_conntrack_timestamp\[rq] via: +.in +4 +.sp +echo 1 > /proc/sys/net/netfilter/nf_conntrack_timestamp +.sp +.in -4 +and resets it to the previously set value on exit. +.PP flowtop's intention is just to get a quick look over your active connections. If you want logging support, have a look at netfilter's conntrack(8) tools instead. -- 2.4.2 -- You received this message because you are subscribed to the Google Groups "netsniff-ng" group. To unsubscribe from this group and stop receiving emails from it, send an email to netsniff-ng+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.