REQUIREMENTS:
-------------
It needs libpcap (0.7.2 suggested, some people reported compiling problems with 0.6.2).
GTK interface need GTK 2.0 (with develop libraries ).

IT MUST BE RUN ON ROUTER MACHINE. 

INSTALLING:
-----------
From version 2.0 natmonitor is a multi-component program. It is made by a daemon (natmonitord) and some client
(currently a gtk-based graphical interface and a console application)

You must first create a dir in /var where natmonitord can store last samples, and give it "all users" access
(natmonitord as default runs as NOBODY user for security reason - if you)

$> make /var/natmonitord
$> chmod 777 /var/natmonitord

Then type:

$> make natmonitord

to make daemon and:

$> make natmonitorconsole
$> make natmonitord

to make console version and gtk version

Program from version 1.2 has two configuration file. An example is included.
 
You must copy natmonitord.conf it to /etc/natmonitord.conf (feel free to modify it to suit your need)
GTK version has is own per user config file, copy natmonitor.conf to .natmonitor.conf in your HOME dir.

Ok now you can run daemon:

$> natmonitord &

Then when you want you can run client apps. They will connect to daemon, collect the data and display them.

From v 0.9 there is a popup menu from which you chan change some settings (but they're not saved to conf file).

THE AUTHOR:
-----------
That's me!
I've worked a lot of project before, really too many... but I'll continue anyway.
I am an Electronic Engineering student, and I work as automated production software for industries on my spare time.
I have experiences mainly in C/C++ programming both Linux and Windows, but also Visual Basic and some microcontroller/DSP's assembly language.
This is my second work for Linux. The first was a videocamera realtime image recognition software, for a little robot playing football ;)
(Search google about RoboCUP World Footbal Championship)

Feel free to send any suggestion, piece of useful code, bugs report and "tnx for your work" to

thedayofcondor@users.sourceforge.net
(remember to put NATMonitor into the subject)

Copy any blames to/dev/null

This project is hosted at Sourceforge, at

http://natmonitor.sourceforge.net

My configuration is: A 433mhz Celeron 196 Mb ram 84Gb hd running Mandrake 9.1, with a 640Kbits ADSL connection.
This pc act as a router and fileserver for my home network (currently 4 pc, running Windows XP).

This program was developed completely in a remote session on WindowsXP running XWin32 5.4 and Exceed v8 X servers.
(I've optimized the program so it runs on a remote server even on a dialup 56k connection - X windows IS GREAT)

THE WAY IT WORKS:
-----------------

I will explain with an example
My configuration is:

+---------------+           +------------+
| 192.168.0.100 +--100Mbit--+            |
+---------------+           |            |
                            |            |
+---------------+           |            |               server
| 192.168.0.101 +--100Mbit--+            |           +--------------------+
+---------------+           |  100Mbit   |           | 192.160.0.1        |       +------+
                            |  Switcher  +--100Mbit--+ eth0          ppp0 +--USB--+ ADSL |
+---------------+           |            |           | running natmonitor |       +------+
| 192.168.0.102 +--100Mbit--+            |           +--------------------+
+---------------+           |            |
                            |            |
+---------------+           |            |
| 192.168.0.103 +--100Mbit--+            |
+---------------+           +------------+


natmonitor attach itself on SERVER eth0. It take any IP (TCP, UDP AND ICMP/IGMP) packet that come on or exit from eth0, and get 3 parameters:

source ip, destination ip and packet lenght.

Then it compare ips with subnetmask, and if bot source and dest match, it is an internal packet (for example Samba, X11)
so natmonitor don't care
If DESTINATION ip only match subnet mask, then it's a packet FROM internet for an internal pc
If SOURCE ip only match subnet mask,then it's a packet TO internet for an internal pc
(from v 0.8 this is implemented as a pcap filter).

Add some counter to keep tracks, and job it is done ;)

A timer display the graph, scroll it and reset counters.

From version 0.7, internet interface total bytes sent/received are read from /proc/net/dev

*** WARNING *** 
If you have traffic control enabled, data that natmonitor get from eth0 and ppp0 can differ
(for example, a packet that an host send to router can be DISCARDED from router)
Data displayed as "router" are TRUE in/out traffic on internet interface (as reported from kernel).
Inbound hosts data is also correct, hosts outbound packets CAN be discarded from traffic control!

THANKS TO:
----------
My gf Virna - she is 1300 km far but she keeps supporting me (miss you a lot)
SouceForge - you're GREAT
Etherape author - you've give me the base for this software
GTK tutorial author - this is my first GTK project
My "Computer Network" University teacher - she made me discover libpcap
Mr B.G. and all Winzoz programmer - without your great work I would be never go to linux
All my housemate - without you all I would never asked "who the fuck is stealing all my bandwidth???"

A SIMPLE WARNING:
-----------------
This program is far from perfection.

If this program refuses to work first ask: Do I have a Home network? Do I plugged the power cable? Do I own a computer or it's a toaster?

THIS SOFTWARE may (will?) crash your system, blow up your CPU (intel inside uh?), make your cat disappear forever, and make your microwave
over say "please wait" for hours while you're cooking (uh uh a Windows CE microwave oven???).

Anyway any damage, loss files, reason or of you home keys are COMPLETELY imputable to another software you've installed previously
on your machine or on any one into a 10 miles range.
