Интерактивная система просмотра системных руководств (man-ов)
trafshow (1)
>> trafshow (1) ( Linux man: Команды и прикладные программы пользовательского уровня )
NAME
trafshow - full screen show network traffic
SYNOPSIS
trafshow
[-eCfknNOpv -c num -i name -r sec -t sec]
[-F file | expr]
DESCRIPTION
TrafShow
continuously display the information regarding packet traffic on the
configured network interface that match the boolean expression.
It periodically sorts and updates this information.
In other mode,
TrafShow
can operate like a simplest Cisco NetFlow collector to visualize
network traffic passed through remote router nearly in real-time.
Currently NetFlow V1,V5,V7 are supported.
This funny program may be useful for locating suspicious network
traffic on the net or to evaluate current utilization of the network
interface. The software tool does not intend to collect and analyse
packets content, nor for billing issues.
OPTIONS
-c
Exit after receiving number of packets.
-C
Try to force ansi color mode. May be used when description of your
current terminal has no color capability in termcap/terminfo data base.
-e
Show the Ethernet traffic rather than IP. It is possible to
switch between them by pressing the ENTER key.
-f
Print `foreign' internet addresses numerically rather than symbolically.
-F
Use file as input for the filter expression.
-i
Listen on network interface name, or UDP port number for Cisco
NetFlow. If unspecified, trafshow searches the system interface list
for the lowest numbered, configured up interface (excluding loopback).
-k
Disable input keyboard checking. It is intended to avoid loss of packets.
-n
Don't convert host addresses and port numbers to names.
-N
Don't print domain name qualification of local host names.
-O
Don't run the packet-matching code optimizer. This is useful only if you
suspect a bug in the optimizer.
-p
Don't put the interface into promiscuous mode.
-r
Set screen refresh interval to seconds.
-t
Set max timeout in DNS query to seconds.
-v
Print detailed version information and exit.
expr
Select which packets will be displayed. If no expression is given,
all packets on the net will be displayed. Otherwise, only packets for
which expression is `true' will be displayed.
For more details refer to tcpdump(1) man page.
USAGE
trafshow -e
Display raw Ethernet traffic.
trafshow -f -i eth0
Display Internet traffic using device eth0.
trafshow -n -i 9995
Listen for NetFlow packets on the UDP port 9995 to display its content.
FILES
/etc/trafshow
The default colors configuration file if any.
$HOME/.trafshow
The personal file with the user defined colors.
COLORS
If trafshow has been compiled with modern curses libraries such
as Slang or Ncurses it been able to show colored traffic
on color-capable terminal.
The syntax of trafshow color configuration file as follow:
default fcolor:bcolor
Set the default screen background color-pair
port[/proto] fcolor:bcolor
Set color pattern by service port
from[/mask][:port] to[/mask][:port] proto fcolor:bcolor
Set color pattern by pair of from-to addresses
The wildcard `*' do match ANY in pattern.
Where fcolor is foreground color and bcolor is background color.
The fcolor and bcolor may be one of the following:
black red green yellow blue magenta cyan white
It posible to indicate color as number from 0 to 7.
The upper-case Fcolor mean bright *on*.
The upper-case Bcolor mean blink *on*.
Thanks to Van Jacobson <van(at)helios.ee.lbl.gov> and
Steven McCanne <mccanne(at)helios.ee.lbl.gov>,
all of Lawrence Berkeley Laboratory,
University of California, Berkeley.
Special thank to Jun-ichiro itojun Hagino <itojun(at)iijlab.net> for IPv6
patches.
AUTHOR
Vladimir Vorobyev <bob(at)turbo.nsk.su>.
BUGS
The trafshow functions such as resizeing and coloring under xterm
mainly depended of curses library.
It is impossible to use packet matching expressions in the NetFlow
collector mode.
