Appears iftop used in UTM is quite outdated, from 2002. Is there an updated version to monitor ipv6 traffic? As this is a home use implementation I have no issue installing something through shell.
This thread was automatically locked due to age.
Sophos has had ipv6 support for some time now. At least a 3-4 years or longer. Why it has failed to update various tools and utilities in the OS is confounding! Iftop is a simple tool found in majority of linux distributions to monitor real time network traffic. Clearly an outdated tool for ipv4 won't work for ipv6! Shame on sophos for not keeping up.
/rant done
With that out of the way, I spent a number of hours trying to get a working solution. Compiling something from scratch would probably be ideal, but without knowing the specifics of the underlying OS I ran into library problems. That is it would compile fine in an opensuse vm but fail to work in UTM.
Came up with two solutions. WARNING BOTH WILL VOID YOUR WARRANTY AND MAY CAUSE DEVICE TO BLOW UP!!! BEWARE
1) chroot - inspired by this thread https://community.sophos.com/utm-firewall/f/general-discussion/22219/tutorial-chroot-enviroment---running-webserver-or-any-binary-on-sophos-utm
In essence, the binary and necessary library file structure is recreated under a chroot subfolder. This worked but had limitations. DNS resolution and port resolution became broken. Also more trouble than its worth with all the library files. I used the files from the latest opensuse x86_64 release. I can post a tarball of someone wants it.
2) Install updated iftop from an older opensuse release. This required symlinking a single existing library file.
Below are the steps for solution 2
A) login to console as root and create a temporary directory (ie /root)
B) Obtain Iftop
1) Go to software.opensuse.org/.../package
2) Select SLE
3) grab binary packages directly
4) Choose Packages for SLE 11 SP4 - first one at the top
5) Direct link
wget https://download.opensuse.org/repositories/network:/utilities/SLE_11_SP4/i586/iftop-0.99.4-7.1.i586.rpm
C) Extract rpm contents
rpm2cpio iftop-0.99.4-7.1.i586.rpm | cpio -idmv
D) Create symlink for libpcap.so.0
1) cd /usr/lib
2) ln -s libpcap.so.1.0.0 libpcap.so.0
E) Rename old iftop and move new to existing location
1) mv /usr/sbin/iftop /usr/sbin/iftop.bak
2) cp usr/sbin/iftop /usr/sbin/iftop
Result:
/root # iftop -h
iftop: display bandwidth usage on an interface by host
Synopsis: iftop -h | [-npblNBP] [-i interface] [-f filter code]
[-F net/mask] [-G net6/mask6]
-h display this message
-n don't do hostname lookups
-N don't convert port numbers to services
-p run in promiscuous mode (show traffic between other
hosts on the same network segment)
-b don't display a bar graph of traffic
-B Display bandwidth in bytes
-i interface listen on named interface
-f filter code use filter code to select packets to count
(default: none, but only IP packets are counted)
-F net/mask show traffic flows in/out of IPv4 network
-G net6/mask6 show traffic flows in/out of IPv6 network
-l display and count link-local IPv6 traffic (default: off)
-P show ports as well as hosts
-m limit sets the upper limit for the bandwidth scale
-c config file specifies an alternative configuration file
-t use text interface without ncurses
Sorting orders:
-o 2s Sort by first column (2s traffic average)
-o 10s Sort by second column (10s traffic average) [default]
-o 40s Sort by third column (40s traffic average)
-o source Sort by source address
-o destination Sort by destination address
The following options are only available in combination with -t
-s num print one single text output afer num seconds, then quit
-L num number of lines to print
iftop, version 1.0pre4
copyright (c) 2002 Paul Warren <pdw@ex-parrot.com> and contributors
There may be a more robust way to do this and/or to actually get the rpm to install, but I was unsuccessful due to the library file not existing, even after creating the symlink.
Sophos has had ipv6 support for some time now. At least a 3-4 years or longer. Why it has failed to update various tools and utilities in the OS is confounding! Iftop is a simple tool found in majority of linux distributions to monitor real time network traffic. Clearly an outdated tool for ipv4 won't work for ipv6! Shame on sophos for not keeping up.
/rant done
With that out of the way, I spent a number of hours trying to get a working solution. Compiling something from scratch would probably be ideal, but without knowing the specifics of the underlying OS I ran into library problems. That is it would compile fine in an opensuse vm but fail to work in UTM.
Came up with two solutions. WARNING BOTH WILL VOID YOUR WARRANTY AND MAY CAUSE DEVICE TO BLOW UP!!! BEWARE
1) chroot - inspired by this thread https://community.sophos.com/utm-firewall/f/general-discussion/22219/tutorial-chroot-enviroment---running-webserver-or-any-binary-on-sophos-utm
In essence, the binary and necessary library file structure is recreated under a chroot subfolder. This worked but had limitations. DNS resolution and port resolution became broken. Also more trouble than its worth with all the library files. I used the files from the latest opensuse x86_64 release. I can post a tarball of someone wants it.
2) Install updated iftop from an older opensuse release. This required symlinking a single existing library file.
Below are the steps for solution 2
A) login to console as root and create a temporary directory (ie /root)
B) Obtain Iftop
1) Go to software.opensuse.org/.../package
2) Select SLE
3) grab binary packages directly
4) Choose Packages for SLE 11 SP4 - first one at the top
5) Direct link
wget https://download.opensuse.org/repositories/network:/utilities/SLE_11_SP4/i586/iftop-0.99.4-7.1.i586.rpm
C) Extract rpm contents
rpm2cpio iftop-0.99.4-7.1.i586.rpm | cpio -idmv
D) Create symlink for libpcap.so.0
1) cd /usr/lib
2) ln -s libpcap.so.1.0.0 libpcap.so.0
E) Rename old iftop and move new to existing location
1) mv /usr/sbin/iftop /usr/sbin/iftop.bak
2) cp usr/sbin/iftop /usr/sbin/iftop
Result:
/root # iftop -h
iftop: display bandwidth usage on an interface by host
Synopsis: iftop -h | [-npblNBP] [-i interface] [-f filter code]
[-F net/mask] [-G net6/mask6]
-h display this message
-n don't do hostname lookups
-N don't convert port numbers to services
-p run in promiscuous mode (show traffic between other
hosts on the same network segment)
-b don't display a bar graph of traffic
-B Display bandwidth in bytes
-i interface listen on named interface
-f filter code use filter code to select packets to count
(default: none, but only IP packets are counted)
-F net/mask show traffic flows in/out of IPv4 network
-G net6/mask6 show traffic flows in/out of IPv6 network
-l display and count link-local IPv6 traffic (default: off)
-P show ports as well as hosts
-m limit sets the upper limit for the bandwidth scale
-c config file specifies an alternative configuration file
-t use text interface without ncurses
Sorting orders:
-o 2s Sort by first column (2s traffic average)
-o 10s Sort by second column (10s traffic average) [default]
-o 40s Sort by third column (40s traffic average)
-o source Sort by source address
-o destination Sort by destination address
The following options are only available in combination with -t
-s num print one single text output afer num seconds, then quit
-L num number of lines to print
iftop, version 1.0pre4
copyright (c) 2002 Paul Warren <pdw@ex-parrot.com> and contributors
There may be a more robust way to do this and/or to actually get the rpm to install, but I was unsuccessful due to the library file not existing, even after creating the symlink.