Setup guide
Property Description
interface (name) - the name of the interface to monitor
protocol (any | any-ip | icmp | igmp | ipip | ospf | pup | tcp | udp | integer) - the name or number of
the protocol
• any - any ethernet or IP protocol
• any-ip - any IP protocol
port (name | integer) - the name or number of the port
source-address (IP address/mask) - source address and network mask to filter the traffic only with
such an address, any source address: 0.0.0.0/0
destination-address (IP address/mask) - destination address and network mask to filter the traffic
only with such an address, any destination address: 0.0.0.0/0
Notes
If there will be specific port given, then only tcp and udp protocols will be filtered, i.e., the name of
the protocol can be any, any-ip, tcp, udp.
Except TX and RX, there will be only the field you've specified in command line in the command's
output (e.g., you will get PROTOCOL column only in case if protocol property is explicitly
specified).
Example
The following example monitors the traffic that goes through the ether1 interface generated by
telnet protocol:
[admin@Wandy] tool> torch ether1 port=telnet
SRC-PORT DST-PORT TX RX
1439 23 (telnet) 1.7kbps 368bps
[admin@Wandy] tool>
To see what IP protocols are going through the ether1 interface:
[admin@Wandy] tool> torch ether1 protocol=any-ip
PRO.. TX RX
tcp 1.06kbps 608bps
udp 896bps 3.7kbps
icmp 480bps 480bps
ospf 0bps 192bps
[admin@Wandy] tool>
To see what IP protocols are interacting with 10.0.0.144/32 host connected to the ether1 interface:
[admin@Wandy] tool> torch ether1 src-address=10.0.0.144/32 protocol=any
PRO.. SRC-ADDRESS TX RX
tcp 10.0.0.144 1.01kbps 608bps
icmp 10.0.0.144 480bps 480bps
[admin@Wandy] tool>
To see what tcp/udp protocols are going through the ether1 interface:
[admin@Wandy] tool> torch ether1 protocol=any-ip port=any
PRO.. SRC-PORT DST-PORT TX RX
tcp 3430 22 (ssh) 1.06kbps 608bps
udp 2812 1813 (radius-acct) 512bps 2.11kbps
tcp 1059 139 (netbios-ssn) 248bps 360bps
[admin@Wandy] tool>