Man page or keyword search:   man All Sections 1 - General Commands 2 - System Calls 3 - Subroutines, Functions 4 - Special Files 5 - File Formats 6 - Games and Screensavers 7 - Macros and Conventions 8 - Maintenence Commands 9 - Kernel Interface New Commands Server 4.4BSD AIX Alpinelinux Archlinux Aros BSDOS BSDi Bifrost CentOS Cygwin Darwin Debian DigitalUNIX DragonFly ElementaryOS Fedora FreeBSD Gentoo GhostBSD HP-UX Haiku Hurd IRIX Inferno JazzOS Kali Knoppix LinuxMint MacOSX Mageia Mandriva Manjaro Minix MirBSD NeXTSTEP NetBSD OPENSTEP OSF1 OpenBSD OpenDarwin OpenIndiana OpenMandriva OpenServer OpenSuSE OpenVMS Oracle PC-BSD Peanut Pidora Plan9 QNX Raspbian RedHat Scientific Slackware SmartOS Solaris SuSE SunOS Syllable Tru64 UNIXv7 Ubuntu Ultrix UnixWare Xenix YellowDog aLinux   6284 pages apropos Keyword Search (all sections) Output format html ascii pdf view pdf save postscript

IPFWFLOW(8)		  BSD System Manager's Manual		   IPFWFLOW(8)

NAME
     ipfwflow - monitor IP flows

SYNOPSIS
     ipfwflow [filter] [-mnov] [-f flows] [-F maxflows] [-g serial] [-i index]
	      [-s serial] [-t when] [{in|out|both} size]

DESCRIPTION
     The ipfwflow utility is used to insert, maintain, and examine flow moni-
     toring data.  The filter, which may be at any point, but most typically
     is pre-input, the default filter, may be any of:

     pre-input
	     A filter on all IP packets as they first enter IP processing

     input   A filter on IP packets destined for the local machine, after
	     fragment re-assembly.

     forward
	     A filter on IP packets being forwarded through this machine.

     pre-output
	     A filter on all IP packets leaving this machine, prior to rout-
	     ing.

     output  A filter on IP packets generated locally by this machine.

     call    Not an actual filtering point, this chain should contain filters
	     to be called from a BPF based filter.

     A filter is installed by specifying in, out, or both along with the size
     of the hash table that is used to hold the flows.	The size of the hash
     table does not limit the number of flows, however, having 100x more flows
     than hash table entries will certainly impact performance.	 In general
     the hash table should be no more than 5x or 10x the number of expected
     flows.

     With no arguments (options only), statistics about the flows are dis-
     played, and old entries may be timed out (see the -t option below.)

     The following options are available:

     -f flows
	     Specify the number of empty flows that should be pre-allocated
	     upon creation.  If the number of flows exceeds the pre-allocated
	     amount, a call to malloc() will be placed inside of the kernel,
	     impacting performance while it is being processed.

     -F maxflows
	     Specify the maximum number of flows we will allow.	 If more than
	     this number of flows are used, the oldest flow will be removed
	     and reported.

     -g serial
	     Glue this ipfwflow to the already existing flow which has the
	     specified serial number.  This is used to coordinate in and out
	     flows on different interfaces.

     -i index
	     Index number of the interface to limit flow monitoring to.

     -m	     Monitor the IPFW Flow socket for reports of flows that are dis-

	     carded because of too many flows.

     -n	     Do not sort the output when examining flows.

     -o	     Print flows in machine readable format.

     -s serial
	     Specify the serial number of the flow to examine.

     -t when
	     Remove all entries which have not seen a packet in the last when
	     seconds.  Times may be modified with s, m, h, d, w, and y to
	     specify seconds, minutes, hours, days, weeks and years.  For ex-
	     ample: 1m30s is 1 minute and 30 seconds.  A year is always con-
	     sidered to have 365 days.

     -v	     Only display how many flows have been allocated.

HUMAN DISPLAY FORMAT
     The human readable display format displays 11 fields:

	   P	   The protocol number of the flow (6 is TCP)

	   srcaddr
		   One of the 2 address of the flow.

	   port	   The port number of the flow associated with the srcaddr.
		   This value is 0 for protocols other than TCP and UDP.

	   dstaddr
		   One of the 2 address of the flow.

	   port	   The port number of the flow associated with the dstaddr.
		   This value is 0 for protocols other than TCP and UDP.

	   duration
		   The number of seconds this flow saw data.

	   lastuse
		   The number of seconds since this flow last saw data.

	   b-in	   Number of bytes that flowed from srcaddr to dstaddr.

	   b-out   Number of bytes that flowed from dstaddr to srcaddr.

	   p-in	   Number of packets that flowed from srcaddr to dstaddr.

	   p-out   Number of packets that flowed from dstaddr to srcaddr.

MACHINE DISPLAY FORMAT
     The machine readable format displays 13 space seperated values:

	   o	Serial number of the filter this flow belongs to.

	   o	Protocol number of the flow.

	   o	First address associated with the flow.

	   o	Port number (0 if not TCP or UDP) associated with the first
		address of the flow.

	   o	Second address associated with the flow.

	   o	Port number (0 if not TCP or UDP) associated with the second

		address of the flow.

	   o	Time the flow started.	The time is represented in the number
		of seconds since 00:00 01/01/70 GMT (UNIXtm time stamp).

	   o	Time the last packet was seen through the flow.

	   o	Duratation of the flow (last time - start time).

	   o	Number of bytes sent from the first address of the flow.

	   o	Number of bytes sent from the second address of the flow.

	   o	Number of packets sent from the first address of the flow.

	   o	Number of packets sent from the second address of the flow.

SEE ALSO
     ipfw(8)

				 Aug 12, 1999				     3

                             _         _         _ 
                            | |       | |       | |     
                            | |       | |       | |     
                         __ | | __ __ | | __ __ | | __  
                         \ \| |/ / \ \| |/ / \ \| |/ /  
                          \ \ / /   \ \ / /   \ \ / /   
                           \   /     \   /     \   /    
                            \_/       \_/       \_/ 

Vote for polarhome