flowtop: man: Add notes about flow duration time

Add short info about timestamping enabling & connection duration time
feature.

Signed-off-by: Vadim Kochan <vadim4j@gmail.com>
[tklauser: Minor rewordings]
Signed-off-by: Tobias Klauser <tklauser@distanz.ch>

1 files changed, 11 insertions, 0 deletions

diff --git a/flowtop.8 b/flowtop.8
index 2debc50..5c39c97 100644
--- a/flowtop.8
+++ b/flowtop.8
@@ -26,6 +26,7 @@ local system, e.g. for debugging purposes or to answer questions like:
     * To which countries am I sending data?
     * Are there any suspicious background connections on my machine?
     * How many active connections does binary Y have?
+    * How long are connections active already?
 .PP
 The following information will be presented in flowtop's output:
 .PP
@@ -36,6 +37,7 @@ The following information will be presented in flowtop's output:
     * Flow port's service name heuristic
     * Transport protocol state machine information
     * Byte/packet counters (if they are enabled)
+    * Connection duration (if timestampinf is enabled)
 .PP
 In order for flowtop to work, netfilter must be active and running
 on your machine, thus kernel-side connection tracking is active. If netfilter
@@ -60,6 +62,15 @@ have these counters be active all the time the parameter should be enabled after
 the system is up. To automatically enable it, sysctl.conf(8) or sysctl.d(8)
 might be used.
 .PP
+To calculate the connection duration flowtop enables the sysctl(8) parameter
+\[lq]net.netfilter.nf_conntrack_timestamp\[rq] via:
+.in +4
+.sp
+echo 1 > /proc/sys/net/netfilter/nf_conntrack_timestamp
+.sp
+.in -4
+and resets it to the previously set value on exit.
+.PP
 flowtop's intention is just to get a quick look over your active connections.
 If you want logging support, have a look at netfilter's conntrack(8) tools
 instead.