DragonFly On-Line Manual Pages

Search: Section:  

EHNT(1)                DragonFly General Commands Manual               EHNT(1)


NAME

     ehnt - Extreme Happy Netflow Tool. Client part


SYNOPSIS

     ehnt [-0 ASN] [-a ASN] [-b] [-c count] [-i mins] [-m mode] [-n intidx]
          [-p port] [-P proto] [-r addr] [-s server:port] [-x prefix]


DESCRIPTION

     The ehnt command starts ehnt(1) client which connects to ehntserv(8)
     server and converts raw flow of NetFlow version 5 packets into human-
     readable (or machine-readable) form.

     Ehnt currently has two basic modes of operation, dump and top.  The dump
     modes are used to output details about individual flows.  Top mode is
     used to generate reports which display averages over time for AS numbers,
     IP protocols and TCP/UDP ports.

     The options are as follows:

     -0 ASN      Replace AS number 0 occurences with this AS number

     -a ASN      Only display flows to/from this AS number

     -b          Display big flows (only shows flows with the most bytes or
                 packets received so far)

     -c count    Exit after <count> flows are received

     -h          Display command-line help

     -i mins     How long to wait between report generations (in minutes)

     -m mode     The name of the mode of operation to use: dump displays flow
                 detail; shortdump shows flow details in a more compact
                 fashion; colondump shows flow details in a machine-readable
                 format; top generates reports of top average utilization

     -n intidx   Specify the interface by SNMP ifIndex number

     -p port     Only display flows to/from this tcp or udp port number

     -P proto    Only display flows using this IP protocol number

     -r addr     Only display flows reported by this router IP address

     -s server:port
                 The hostname or IP address and port number of the ehntserv(8)

     -t topmode  The type of report to generate when in top mode.  (The report
                 type can also be changed interactively while the program is
                 running.)  as; Display the AS report proto; Display the IP
                 protocol report tcpport; Display the TCP port report udpport;
                 Display the UDP port report

     -v          Display the ehnt version number.

     -x prefix   Only display flows to/from this IP prefix. The format for
                 <prefix> is 'address/length', for example 1.2.3.4/30 or
                 127.0.0.0/8.


FILES

     /usr/local/etc/asnc.txt
                      Autonomous Systems Number-to-Name Convertion config


SEE ALSO

     ehntserv(8)


AUTHORS

     Nik Weidenbacher <nikw@martnet.com>
     Dmitry Morozovsky <marck@rinet.ru>

                               September 4, 2001

Search: Section: