Annotation of embedaddon/trafshow/trafshow.1, revision 1.1

1.1     ! misho       1: .TH TRAFSHOW 1 "May 2004"
        !             2: .SH NAME
        !             3: trafshow - full screen show network traffic
        !             4: .SH SYNOPSIS
        !             5: .B trafshow
        !             6: [\fB-vpnb\fP]
        !             7: [\fB-a\fP \fIlen\fP]
        !             8: [\fB-c\fP \fIconf\fP]
        !             9: [\fB-i\fP \fIname\fP]
        !            10: [\fB-s\fP \fIstr\fP]
        !            11: [\fB-u\fP \fIport\fP]
        !            12: [\fB-R\fP \fIrefresh\fP]
        !            13: [\fB-P\fP \fIpurge\fP]
        !            14: [\fB-F\fP \fIfile\fP | \fIexpr\fP]
        !            15: .SH DESCRIPTION
        !            16: .PP
        !            17: .B TrafShow
        !            18: is a simple interactive program that gather the \fBnetwork traffic\fP from
        !            19: all libpcap-capable interfaces to accumulate it in memory cache, and then
        !            20: separately display it on appropriated curses window in line-narrowed manner
        !            21: as a list of network flows sorted by throughput. Display updates occurs
        !            22: nearly in real time, asynchronously from the data collecting. It look like
        !            23: a \fBlive show\fP of traffic flows. Any kind of network traffic are mixed
        !            24: together in the one live-show screen, an Ethernet, IP, etc.
        !            25: .br
        !            26: \fBHint\fP: Please press `\fBH\fP' key inside a show to get brief help!
        !            27: .PP
        !            28: The IP traffic can be \fBaggregated\fP by netmask prefix bits and service
        !            29: ports to reorganize a heap of trivial flows into the treelike hierarchies
        !            30: suitable for human perception. The user can glance over the list of resulting
        !            31: flows and select at their to browse detail. So you can deepen into the traffic
        !            32: inheritance hierarchy and inspect the packets of each trivial flow in variety
        !            33: of presentations: raw-hex, ascii, time-stamp.
        !            34: .br
        !            35: The program make aggregation automatically when number of flows will exceed
        !            36: some reasonable amount. Just a few seconds after launch may be required for
        !            37: adaptation to your volume of traffic.
        !            38: Use \fB-a\fP \fIlen\fP option (see below) to overwrite the default behaviour.
        !            39: .PP
        !            40: .B TrafShow
        !            41: also listens on UDP port (9995 by default) for diverse feeders of \fBCisco
        !            42: Netflow\fP and then separately display the collected data in the same manner
        !            43: as described above. The following versions of Netflow are currently supported:
        !            44: V1, V5, V7.
        !            45: Use \fB-u\fP \fIport\fP option (see below) to overwrite the default behaviour.
        !            46: .PP
        !            47: This program may be found wonderful at lest to locate suspicious traffic on
        !            48: the net very quickly on demand, or to evaluate real time traffic bandwidth
        !            49: utilization, in a simplest and convenient environment. But it is not intended
        !            50: for collecting and analysis of the network traffic for a long period of time,
        !            51: nor for billing!
        !            52: .PP
        !            53: The program pretend to be IPv6 compatible and ready to using, but it is not
        !            54: tested enough. You can define INET6 to do so.
        !            55: .SH OPTIONS
        !            56: .TP
        !            57: \fB-v\fP
        !            58: Print detailed version information and exit.
        !            59: .TP
        !            60: \fB-p\fP
        !            61: Do not put interface(s) into promiscuous mode.
        !            62: .TP
        !            63: \fB-n\fP
        !            64: Do not convert numeric values to names (host addresses, port numbers, etc.).
        !            65: The mode can be toggled On/Off during a show by pressing the `\fBN\fP' key.
        !            66: .TP
        !            67: \fB-b\fP
        !            68: To place a backflow entries near to the main streams in the sorted list of
        !            69: traffic flows.
        !            70: .br
        !            71: \fBNote\fP: this mode can raise the system load dangerously high because it
        !            72: take a lot of CPU cycles!
        !            73: .TP
        !            74: \fB-a\fP \fIlen\fP
        !            75: To aggregate traffic flows using IP netmask prefix \fIlen\fP. This option
        !            76: also turn on service ports aggregation. The \fIlen\fP expected as number of
        !            77: \fBbits\fP in the network portion of IP addresses (like CIDR).
        !            78: The aggragation \fIlen\fP can be changed during a show by pressing the
        !            79: `\fBA\fP' key, and turned Off by empty string.
        !            80: .br
        !            81: \fBHint\fP: Please use \fI0\fP to reduce output just for network services.
        !            82: .TP
        !            83: \fB-c\fP \fIconf\fP
        !            84: Use alternate color \fIconfig file\fP instead of default \fI/etc/trafshow\fP.
        !            85: .TP
        !            86: \fB-i\fP \fIname\fP
        !            87: Listen on the specified network interface \fIname\fP.
        !            88: If unspecified, \fBTrafShow\fP collect data from \fIall\fP network interfaces,
        !            89: configured \fBUP\fP in the system. In the last case the system must supply
        !            90: enough number of packet capture devices (like /dev/bpf#).
        !            91: .TP
        !            92: \fB-s\fP \fIstr\fP
        !            93: To search and follow for list \fBitem\fP matched by \fIstring\fP, moving the
        !            94: cursor bar. The found \fBitem\fP try to stay highlighted. The mode can be
        !            95: turned Off by `\fBCtrl\fP-\fB/\fP' key press or [re]entered again by `\fB/\fP'
        !            96: key directly in the live show.
        !            97: .TP
        !            98: \fB-u\fP \fIport\fP
        !            99: Listen on the specified UDP \fIport\fP number for the \fBCisco Netflow\fP feed.
        !           100: The default port number is \fI9995\fP.
        !           101: .br
        !           102: \fBHint\fP: Please use \fI0\fP to disable this functionality.
        !           103: .TP
        !           104: \fB-R\fP \fIrefresh\fP
        !           105: Set the \fBrefresh period\fP of data show to \fIseconds\fP, \fI2\fP seconds by
        !           106: default. This option can be changed during a show by pressing the `\fBR\fP' key.
        !           107: .TP
        !           108: \fB-P\fP \fIpurge\fP
        !           109: Set the expired data \fBpurge period\fP to \fIseconds\fP, \fI10\fP seconds by
        !           110: default. This option can be changed during a show by pressing the `\fBP\fP' key.
        !           111: .TP
        !           112: \fB-F\fP \fIfile\fP
        !           113: Use \fIfile\fP as input for the \fBfilter expression\fP.
        !           114: .TP
        !           115: \fIexpr\fP
        !           116: Select which packets will be displayed. If no \fIexpression\fP is given,
        !           117: all packets on the net will be displayed. Otherwise, only packets for
        !           118: which \fIexpression\fP is `true' will be displayed.
        !           119: .br
        !           120: The \fBfilter expression\fP can be changed during a show by pressing the
        !           121: `\fBF\fP' key, and turned Off by empty string.
        !           122: .br
        !           123: Please see \fBtcpdump\fP(1) man page for syntax of \fBfilter expression\fP.
        !           124: .SH FILES
        !           125: .TP
        !           126: .I /etc/trafshow
        !           127: The default colors configuration file if any.
        !           128: .TP
        !           129: .I $HOME/.trafshow
        !           130: The personal file with the user defined colors.
        !           131: .SH COLORS
        !           132: .PP
        !           133: If \fBTrafShow\fP has been compiled with modern curses libraries such as
        !           134: \fBSlang\fP or \fBNcurses\fP it been able to show colored traffic on the
        !           135: color-capable terminal. Hopefully, no special actions required to install
        !           136: them because your system has it by default (leastwise last years).
        !           137: .PP
        !           138: The syntax of \fBTrafShow\fP color configuration file as follow:
        !           139: .TP
        !           140: \fIdefault\fP \fIfcolor\fP\fB:\fP\fIbcolor\fP
        !           141: Set the default screen background color-pair
        !           142: .TP
        !           143: \fIport\fP[\fB/\fP\fIproto\fP] \fIfcolor\fP\fB:\fP\fIbcolor\fP
        !           144: Set color pattern by service port
        !           145: .TP
        !           146: [\fIproto\fP] \fIsrc\fP[\fB/\fP\fImask\fP][\fB,\fP\fIport\fP] \fIdst\fP[\fB/\fP\fImask\fP][\fB,\fP\fIport\fP] \fIfcolor\fP\fB:\fP\fIbcolor\fP
        !           147: Set color pattern by pair of source and destination addresses
        !           148: .PP
        !           149: The tokens \fI*\fP, \fIany\fP, or \fIall\fP matchs \fBANY\fP in the pattern.
        !           150: Where \fIfcolor\fP is foreground color and \fIbcolor\fP is background color.
        !           151: .br
        !           152: The fcolor and bcolor may be one of the following:
        !           153: .TP
        !           154: .I black  red  green  yellow  blue  magenta  cyan  white
        !           155: It posible to indicate color as number from 0 to 7.
        !           156: .PP
        !           157: The upper-case \fIF\fPcolor mean \fBbright on\fP.
        !           158: The upper-case \fIB\fPcolor mean \fBblink on\fP.
        !           159: .SH SEE ALSO
        !           160: pcap(3), tcpdump(1), bpf(4)
        !           161: .SH ACKNOWLEDGEMENTS
        !           162: Thanks to Van Jacobson <van(at)helios.ee.lbl.gov> and
        !           163: Steven McCanne <mccanne(at)helios.ee.lbl.gov>,
        !           164: all of Lawrence Berkeley Laboratory,
        !           165: University of California, Berkeley.
        !           166: Special thank to Jun-ichiro itojun Hagino <itojun(at)iijlab.net> for IPv6
        !           167: patches.
        !           168: .SH AUTHOR
        !           169: Vladimir Vorobyev <bob(at)turbo.nsk.su>.
        !           170: .SH BUGS
        !           171: Depending of traffic volume, \fBTrafShow\fP can take a lot of CPU cycles and
        !           172: memory.
        !           173: .br
        !           174: It is impossible to use packet matching \fBexpressions\fP in the NetFlow mode.
        !           175: 

FreeBSD-CVSweb <freebsd-cvsweb@FreeBSD.org>