Justin Killen writes:
listen:ASCII:<interface name>:<data size>:<bpf filter>:<max lines>
interface name required - the name of the interface that we want to attach to.
data size optional - the literal text 'bits' to change the output to bits
instead of bytes (default is bytes).
bpf filter optional - the bpf filter to use (default is all traffic on the interface).
max lines optional - this specifies the maximum number of lines of data you
want returned (in the ncurses view, this is determined by
the terminal size, but there is no terminal here, so we must
specify explicitly)
This will respond in one of two ways:
if there is a problem:
listen:ASCII:NAK:<error>
where <error> is a textual representation of the error that occurred
or
listen:ASCII:<id>:ACK:<device>:<data size>:<bpf filter>:<max lines>
where <id> is the pid of the process (this is used by the proxy to
determine which underlying jnettop session to send commands to)
and <device>, <data size>, <bpf filter>, and <max lines> are the
initial request echoed back.
After initialization, jnettop will attach itself to the interface and
start recording traffic. When the user wants to view the results, type:
get:ASCII:<id>:<max wait>
where <id> is the pid of the proccess
and <max wait> is the max number of uSeconds to wait (in the event of
no data being available yet, wait and check again)
The return data will be something like this (ip's changed for security):
get:ASCII:7007:0:ACK:TOTAL:::::11.8k/s:12.4k/s:24.2k/s
get:ASCII:7007:0:ACK:1.2.3.4:50:IP:1.2.3.5:50:5.67k/s:9.6k/s:15.3k/s
get:ASCII:7007:0:ACK:1.2.3.4:10375:TCP:1.2.3.5:22:3.09k/s:1.95k/s:5.05k/s
get:ASCII:7007:0:ACK:0.0.0.0:0:ARP:0.0.0.0:0:1.12k/s:0b/s:1.12k/s
get:ASCII:7007:0:ACK:1.2.3.4:53:UDP:1.2.3.5:51795:376b/s:168b/s:544b/s
get:ASCII:7007:0:ACK:1.2.3.4:53:UDP:1.2.3.5:56124:376b/s:168b/s:544b/s
get:ASCII:7007:0:ACK:1.2.3.4:53:UDP:1.2.3.5:57578:376b/s:168b/s:544b/s
get:ASCII:7007:0:ACK:1.2.3.4:53:UDP:1.2.3.5:54968:320b/s:168b/s:488b/s
get:ASCII:7007:0:ACK:1.2.3.4:53:UDP:1.2.3.5:60545:320b/s:152b/s:472b/s
get:ASCII:7007:0:ACK:0.0.0.0:0:ETHER:0.0.0.0:0:192b/s:0b/s:192b/s
get:ASCII:7007:0:ACK:1.2.3.4:53:UDP:1.2.3.5:54392:0b/s:0b/s:0b/s
get:ASCII:7007:0:ACK:1.2.3.4:53:UDP:1.2.3.5:57988:0b/s:0b/s:0b/s
get:ASCII:7007:0:ACK:1.2.3.4:53:UDP:1.2.3.5:55681:0b/s:0b/s:0b/s
get:ASCII:7007:0:ACK:1.2.3.4:53:UDP:1.2.3.5:54390:0b/s:0b/s:0b/s
The first line will be the total line, where all others are data
lines. Each entry is separated by a newline, and a double newline at
the end to specify the end of the data set. The fields are as follows:
for the total line
get:ASCII:<id>:<time waited>:ACK:TOTAL:::::<src bps>:<dst bps>:<total bps>
where <id> is the pid of the process
and <time waited> is the length of time (in uSeconds) that the
request waited while looking for data (this happens if the data is an
empty set - see [max wait] above in the get request)
and <src bps> is the RX
and <dst bps> is the TX
and <total bps> is RX + TX
for the other lines:
get:ASCII:<id>:<time waited>:ACK:<src address>:<src
port>:<protocol>:<dst address>:<dst port>:<src bps>:<dst bps>:<total
bps>
where <id>, <time waited>, <src bps>, <dst bps>, and <total bps> are
the same as above
and <src address> is the source address,
and <src port> is the source port
and <dst address> is the destination address
and <dst port> is the destination port
Lastly, to end a session:
end:ASCII:<id>
where <id> is the process id.
