This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

IFTOP for ipv6

Appears iftop used in UTM is quite outdated, from 2002.  Is there an updated version to monitor ipv6 traffic? As this is a home use implementation I have no issue installing something through shell.



This thread was automatically locked due to age.
Parents
  • Sophos has had ipv6 support for some time now. At least a 3-4 years or longer. Why it has failed to update various tools and utilities in the OS is confounding!  Iftop is a simple tool found in majority of linux distributions to monitor real time network traffic.  Clearly an outdated tool for ipv4 won't work for ipv6!  Shame on sophos for not keeping up.

    /rant done

    With that out of the way, I spent a number of hours trying to get a working solution. Compiling something from scratch would probably be ideal, but without knowing the specifics of the underlying OS I ran into library problems. That is it would compile fine in an opensuse vm but fail to work in UTM.

    Came up with two solutions. WARNING BOTH WILL VOID YOUR WARRANTY AND MAY CAUSE DEVICE TO BLOW UP!!! BEWARE

    1) chroot - inspired by this thread https://community.sophos.com/utm-firewall/f/general-discussion/22219/tutorial-chroot-enviroment---running-webserver-or-any-binary-on-sophos-utm

    In essence, the binary and necessary library file structure is recreated under a chroot subfolder. This worked but had limitations. DNS resolution and port resolution became broken. Also more trouble than its worth with all the library files. I used the files from the latest opensuse x86_64 release. I can post a tarball of someone wants it.

    2) Install updated iftop from an older opensuse release. This required symlinking a single existing library file.

    Below are the steps for solution 2

    A) login to console as root and create a temporary directory (ie /root)

    B) Obtain Iftop

    1) Go to software.opensuse.org/.../package
    2) Select SLE
    3) grab binary packages directly
    4) Choose Packages for SLE 11 SP4 - first one at the top

    5) Direct link
    wget https://download.opensuse.org/repositories/network:/utilities/SLE_11_SP4/i586/iftop-0.99.4-7.1.i586.rpm

    C) Extract rpm contents
    rpm2cpio iftop-0.99.4-7.1.i586.rpm | cpio -idmv

    D) Create symlink for libpcap.so.0

    1) cd /usr/lib
    2) ln -s  libpcap.so.1.0.0 libpcap.so.0

    E) Rename old iftop and move new to existing location

    1) mv /usr/sbin/iftop /usr/sbin/iftop.bak
    2) cp usr/sbin/iftop /usr/sbin/iftop

    Result:

    /root # iftop -h
    iftop: display bandwidth usage on an interface by host
    
    Synopsis: iftop -h | [-npblNBP] [-i interface] [-f filter code]
                                   [-F net/mask] [-G net6/mask6]
    
       -h                  display this message
       -n                  don't do hostname lookups
       -N                  don't convert port numbers to services
       -p                  run in promiscuous mode (show traffic between other
                           hosts on the same network segment)
       -b                  don't display a bar graph of traffic
       -B                  Display bandwidth in bytes
       -i interface        listen on named interface
       -f filter code      use filter code to select packets to count
                           (default: none, but only IP packets are counted)
       -F net/mask         show traffic flows in/out of IPv4 network
       -G net6/mask6       show traffic flows in/out of IPv6 network
       -l                  display and count link-local IPv6 traffic (default: off)
       -P                  show ports as well as hosts
       -m limit            sets the upper limit for the bandwidth scale
       -c config file      specifies an alternative configuration file
       -t                  use text interface without ncurses
    
       Sorting orders:
       -o 2s                Sort by first column (2s traffic average)
       -o 10s               Sort by second column (10s traffic average) [default]
       -o 40s               Sort by third column (40s traffic average)
       -o source            Sort by source address
       -o destination       Sort by destination address
    
       The following options are only available in combination with -t
       -s num              print one single text output afer num seconds, then quit
       -L num              number of lines to print
    
    iftop, version 1.0pre4
    copyright (c) 2002 Paul Warren <pdw@ex-parrot.com> and contributors
    

    There may be a more robust way to do this and/or to actually get the rpm to install, but I was unsuccessful due to the library file not existing, even after creating the symlink.

Reply
  • Sophos has had ipv6 support for some time now. At least a 3-4 years or longer. Why it has failed to update various tools and utilities in the OS is confounding!  Iftop is a simple tool found in majority of linux distributions to monitor real time network traffic.  Clearly an outdated tool for ipv4 won't work for ipv6!  Shame on sophos for not keeping up.

    /rant done

    With that out of the way, I spent a number of hours trying to get a working solution. Compiling something from scratch would probably be ideal, but without knowing the specifics of the underlying OS I ran into library problems. That is it would compile fine in an opensuse vm but fail to work in UTM.

    Came up with two solutions. WARNING BOTH WILL VOID YOUR WARRANTY AND MAY CAUSE DEVICE TO BLOW UP!!! BEWARE

    1) chroot - inspired by this thread https://community.sophos.com/utm-firewall/f/general-discussion/22219/tutorial-chroot-enviroment---running-webserver-or-any-binary-on-sophos-utm

    In essence, the binary and necessary library file structure is recreated under a chroot subfolder. This worked but had limitations. DNS resolution and port resolution became broken. Also more trouble than its worth with all the library files. I used the files from the latest opensuse x86_64 release. I can post a tarball of someone wants it.

    2) Install updated iftop from an older opensuse release. This required symlinking a single existing library file.

    Below are the steps for solution 2

    A) login to console as root and create a temporary directory (ie /root)

    B) Obtain Iftop

    1) Go to software.opensuse.org/.../package
    2) Select SLE
    3) grab binary packages directly
    4) Choose Packages for SLE 11 SP4 - first one at the top

    5) Direct link
    wget https://download.opensuse.org/repositories/network:/utilities/SLE_11_SP4/i586/iftop-0.99.4-7.1.i586.rpm

    C) Extract rpm contents
    rpm2cpio iftop-0.99.4-7.1.i586.rpm | cpio -idmv

    D) Create symlink for libpcap.so.0

    1) cd /usr/lib
    2) ln -s  libpcap.so.1.0.0 libpcap.so.0

    E) Rename old iftop and move new to existing location

    1) mv /usr/sbin/iftop /usr/sbin/iftop.bak
    2) cp usr/sbin/iftop /usr/sbin/iftop

    Result:

    /root # iftop -h
    iftop: display bandwidth usage on an interface by host
    
    Synopsis: iftop -h | [-npblNBP] [-i interface] [-f filter code]
                                   [-F net/mask] [-G net6/mask6]
    
       -h                  display this message
       -n                  don't do hostname lookups
       -N                  don't convert port numbers to services
       -p                  run in promiscuous mode (show traffic between other
                           hosts on the same network segment)
       -b                  don't display a bar graph of traffic
       -B                  Display bandwidth in bytes
       -i interface        listen on named interface
       -f filter code      use filter code to select packets to count
                           (default: none, but only IP packets are counted)
       -F net/mask         show traffic flows in/out of IPv4 network
       -G net6/mask6       show traffic flows in/out of IPv6 network
       -l                  display and count link-local IPv6 traffic (default: off)
       -P                  show ports as well as hosts
       -m limit            sets the upper limit for the bandwidth scale
       -c config file      specifies an alternative configuration file
       -t                  use text interface without ncurses
    
       Sorting orders:
       -o 2s                Sort by first column (2s traffic average)
       -o 10s               Sort by second column (10s traffic average) [default]
       -o 40s               Sort by third column (40s traffic average)
       -o source            Sort by source address
       -o destination       Sort by destination address
    
       The following options are only available in combination with -t
       -s num              print one single text output afer num seconds, then quit
       -L num              number of lines to print
    
    iftop, version 1.0pre4
    copyright (c) 2002 Paul Warren <pdw@ex-parrot.com> and contributors
    

    There may be a more robust way to do this and/or to actually get the rpm to install, but I was unsuccessful due to the library file not existing, even after creating the symlink.

Children
No Data