Netify Netify logo Contact Us
Products Resources Documentation Blog Sign In

Command Line Interface (CLI)

This guide covers common Netify Agent command line (CLI) operations for status checks, data validation, and debug troubleshooting. For CLI options for analyzing packet captures, see our PCAP guide.

Interactions on the command line may require root privileges. Use sudo or switch to the root account in these cases.

Status Information

To view the current status of the Netify agent, execute:

Terminal - Netify
× 
sudo netifyd -s

The following can be helpful during troubleshooting:

Agent is Running / PID
Indicates whether the Netify DPI agent is running. If not stopped by user initiation, this could indicate a configuration problem.
Agent UUID
A unique identifier used during provisioning and API calls.
API Updates
If not enabled, the agent will never communicate to any Netify cloud service. If you are using Network Intelligence, Device Discovery, Signature Updates, or Informatics, this must indicate enabled.
API Application/Category Updates
An indication of whether the agent is able to receive continuous updates
Active Flows
If zero, could indicate an issue with interface configuration.
Maximum Memory Usage
Provides insight into how much RAM is being used during the heaviest load.
Interface [Mode -> Capture Method]
Helps identify issues with your network interface packet capture configuration.
Apps: NNNN, Domains: NNNN
If the number of apps is over 2000 it indicates you are using the commercial lists - otherwise, a sign that the open source signature list is in use.
Persistent State Path
Reminder on where the configuration files and supporting folders are located.
Volatile State Path
Reminder on where runtime data is written to as well as file sockets.

Application, Protocol and Category Lists

Applications and categories are determined using a set of signature and configuration files at run time. In contrast, protocols are compiled during the agent's build time. The number of applications available to the Netify Agent is determined by the type of signature list you are using. OEM integrators and Signature Update subscribers have access to the commercial signature files, and should see well over 2000 application definitions. The open source list is limited to 200 of the top ranking applications.

Applications

Applications in Netify are updated dynamically via signature updates. You can also browse and search applications in the application catalog.

Terminal - Netify
× 
$ netifyd --dump-apps
    48: netify.qq
    68: netify.msn
    70: netify.yahoo
   ...

Protocols

Protocols are built into the Netify agent software release. Changes are available in the protocol release log. You can also browse and search protocols in the protocol catalog.

Terminal - Netify
× 
$ netifyd --dump-protos
    0: Unknown
    1: FTP/C
    2: POP3
    3: SMTP
    ...

Categories

Both applications and categories are grouped together in the command line option. You can also browse the category lists on the website: application categories and protocol categories.

Terminal - Netify
× 
$ netifyd --dump-categories
    1: application: adult
    2: application: advertiser
    3: application: business
    ...
    1: protocol: authentication
    2: protocol: database
    3: protocol: file-server
    ...

Debug Mode

During troubleshooting, it can be helpful to run the Netify agent in debug mode. This is especially true if you are preparing a support email, as this information can be extremely helpful for resolution. To run in debug mode, simply stop any existing agents that may be running, then execute Netify's executable with the -d argument. For additional verbosity, add the -v argument.

Terminal - Netify
× 
sudo systemctl stop netifyd
sudo netifyd -d -vvv

Flow Record Debug

A sample of the flow record output shown in debug mode is shown below.

Terminal - Netify
× 
wlp3s0: i4pcugxXdfnrsFv TCP [OR] 142.250.80.35:443 ← [L] 192.168.2.100:60636
______  ______________  ___  __  _____________ ___ _  _  _____________ _____
1.      2.              3.   4.  5.            6.  7. 8. 9.            10.

1. Capture Source

The name of the capture source, typically a network interface name.

2. Flags

i
internal
e
external
4
IPv4
6
IPv6
p
initial detection
c
detection complete
u
detection updated
g
detection guessed
x
expiring flow
X
expired flow
d
DNS Hint Cache hit
f
Flow Hash Cache hit
n
IP NAT
r
Risks detected (nDPI)
s
Soft dissector used
F
TCP FIN
v
Privacy Mask

3. IP Protocol

The IP protocol in use.

4. Address Classification

First Letter

U
Unknown
L
Local
O
Other

Second Letter

U
Unknown
X
Unsupported
L
Local
M
Multicast
B
Broadcast
R
Remote
E
Error

5. Lower IP Address

The IP address which mathematically translates to the lower of the two IP addresses in the source and destination fields.

6. Lower Port

The port used on the lower IP.

7. Origin Direction

The direction of the flow.

8. Address Classification

See #4.

9. Upper IP Address

The IP address which mathematically translates to the upper of the two IP addresses in the src and dst fields.

10. Upper Port

The port used on the upper IP.