From e75b97f1dd6685bda19f188221957d9ad1704539 Mon Sep 17 00:00:00 2001 From: Vadim Kochan Date: Wed, 2 Sep 2015 02:31:18 +0300 Subject: flowtop: man: Add notes about flow duration time Add short info about timestamping enabling & connection duration time feature. Signed-off-by: Vadim Kochan [tklauser: Minor rewordings] Signed-off-by: Tobias Klauser --- flowtop.8 | 11 +++++++++++ 1 file changed, 11 insertions(+) (limited to 'flowtop.8') diff --git a/flowtop.8 b/flowtop.8 index 2debc50..5c39c97 100644 --- a/flowtop.8 +++ b/flowtop.8 @@ -26,6 +26,7 @@ local system, e.g. for debugging purposes or to answer questions like: * To which countries am I sending data? * Are there any suspicious background connections on my machine? * How many active connections does binary Y have? + * How long are connections active already? .PP The following information will be presented in flowtop's output: .PP @@ -36,6 +37,7 @@ The following information will be presented in flowtop's output: * Flow port's service name heuristic * Transport protocol state machine information * Byte/packet counters (if they are enabled) + * Connection duration (if timestampinf is enabled) .PP In order for flowtop to work, netfilter must be active and running on your machine, thus kernel-side connection tracking is active. If netfilter @@ -60,6 +62,15 @@ have these counters be active all the time the parameter should be enabled after the system is up. To automatically enable it, sysctl.conf(8) or sysctl.d(8) might be used. .PP +To calculate the connection duration flowtop enables the sysctl(8) parameter +\[lq]net.netfilter.nf_conntrack_timestamp\[rq] via: +.in +4 +.sp +echo 1 > /proc/sys/net/netfilter/nf_conntrack_timestamp +.sp +.in -4 +and resets it to the previously set value on exit. +.PP flowtop's intention is just to get a quick look over your active connections. If you want logging support, have a look at netfilter's conntrack(8) tools instead. -- cgit v1.2.3-54-g00ecf