NAME

SYNOPSIS

DESCRIPTION

Ehnt currently has two basic modes of operation, dump and top. The dump modes are used to output details about individual flows. Top mode is used to generate reports which display averages over time for AS numbers, IP protocols and TCP/UDP ports.

The options are as follows:

-0 ASN

Replace AS number 0 occurences with this AS number

-a ASN

Only display flows to/from this AS number

-b

Display big flows (only shows flows with the most bytes or packets received so far)

-c count

Exit after <count> flows are received

-h

Display command-line help

-i mins

How long to wait between report generations (in minutes)

-m mode

The name of the mode of operation to use: dump displays flow detail; shortdump shows flow details in a more compact fashion; colondump shows flow details in a machine-readable format; top generates reports of top average utilization

-n intidx

Specify the interface by SNMP ifIndex number

-p port

Only display flows to/from this tcp or udp port number

-P proto

Only display flows using this IP protocol number

-r addr

Only display flows reported by this router IP address

-s server:port

The hostname or IP address and port number of the ehntserv(8)

-t topmode

The type of report to generate when in top mode. (The report type can also be changed interactively while the program is running.) as; Display the AS report proto; Display the IP protocol report tcpport; Display the TCP port report udpport; Display the UDP port report

-v

Display the ehnt version number.

-x prefix

Only display flows to/from this IP prefix. The format for <prefix> is 'address/length', for example 1.2.3.4/30 or 127.0.0.0/8.

FILES

/usr/local/etc/asnc.txt

Autonomous Systems Number-to-Name Convertion config

SEE ALSO

AUTHORS