Annotation of embedaddon/trafshow/trafshow.1, revision 1.1
1.1 ! misho 1: .TH TRAFSHOW 1 "May 2004"
! 2: .SH NAME
! 3: trafshow - full screen show network traffic
! 4: .SH SYNOPSIS
! 5: .B trafshow
! 6: [\fB-vpnb\fP]
! 7: [\fB-a\fP \fIlen\fP]
! 8: [\fB-c\fP \fIconf\fP]
! 9: [\fB-i\fP \fIname\fP]
! 10: [\fB-s\fP \fIstr\fP]
! 11: [\fB-u\fP \fIport\fP]
! 12: [\fB-R\fP \fIrefresh\fP]
! 13: [\fB-P\fP \fIpurge\fP]
! 14: [\fB-F\fP \fIfile\fP | \fIexpr\fP]
! 15: .SH DESCRIPTION
! 16: .PP
! 17: .B TrafShow
! 18: is a simple interactive program that gather the \fBnetwork traffic\fP from
! 19: all libpcap-capable interfaces to accumulate it in memory cache, and then
! 20: separately display it on appropriated curses window in line-narrowed manner
! 21: as a list of network flows sorted by throughput. Display updates occurs
! 22: nearly in real time, asynchronously from the data collecting. It look like
! 23: a \fBlive show\fP of traffic flows. Any kind of network traffic are mixed
! 24: together in the one live-show screen, an Ethernet, IP, etc.
! 25: .br
! 26: \fBHint\fP: Please press `\fBH\fP' key inside a show to get brief help!
! 27: .PP
! 28: The IP traffic can be \fBaggregated\fP by netmask prefix bits and service
! 29: ports to reorganize a heap of trivial flows into the treelike hierarchies
! 30: suitable for human perception. The user can glance over the list of resulting
! 31: flows and select at their to browse detail. So you can deepen into the traffic
! 32: inheritance hierarchy and inspect the packets of each trivial flow in variety
! 33: of presentations: raw-hex, ascii, time-stamp.
! 34: .br
! 35: The program make aggregation automatically when number of flows will exceed
! 36: some reasonable amount. Just a few seconds after launch may be required for
! 37: adaptation to your volume of traffic.
! 38: Use \fB-a\fP \fIlen\fP option (see below) to overwrite the default behaviour.
! 39: .PP
! 40: .B TrafShow
! 41: also listens on UDP port (9995 by default) for diverse feeders of \fBCisco
! 42: Netflow\fP and then separately display the collected data in the same manner
! 43: as described above. The following versions of Netflow are currently supported:
! 44: V1, V5, V7.
! 45: Use \fB-u\fP \fIport\fP option (see below) to overwrite the default behaviour.
! 46: .PP
! 47: This program may be found wonderful at lest to locate suspicious traffic on
! 48: the net very quickly on demand, or to evaluate real time traffic bandwidth
! 49: utilization, in a simplest and convenient environment. But it is not intended
! 50: for collecting and analysis of the network traffic for a long period of time,
! 51: nor for billing!
! 52: .PP
! 53: The program pretend to be IPv6 compatible and ready to using, but it is not
! 54: tested enough. You can define INET6 to do so.
! 55: .SH OPTIONS
! 56: .TP
! 57: \fB-v\fP
! 58: Print detailed version information and exit.
! 59: .TP
! 60: \fB-p\fP
! 61: Do not put interface(s) into promiscuous mode.
! 62: .TP
! 63: \fB-n\fP
! 64: Do not convert numeric values to names (host addresses, port numbers, etc.).
! 65: The mode can be toggled On/Off during a show by pressing the `\fBN\fP' key.
! 66: .TP
! 67: \fB-b\fP
! 68: To place a backflow entries near to the main streams in the sorted list of
! 69: traffic flows.
! 70: .br
! 71: \fBNote\fP: this mode can raise the system load dangerously high because it
! 72: take a lot of CPU cycles!
! 73: .TP
! 74: \fB-a\fP \fIlen\fP
! 75: To aggregate traffic flows using IP netmask prefix \fIlen\fP. This option
! 76: also turn on service ports aggregation. The \fIlen\fP expected as number of
! 77: \fBbits\fP in the network portion of IP addresses (like CIDR).
! 78: The aggragation \fIlen\fP can be changed during a show by pressing the
! 79: `\fBA\fP' key, and turned Off by empty string.
! 80: .br
! 81: \fBHint\fP: Please use \fI0\fP to reduce output just for network services.
! 82: .TP
! 83: \fB-c\fP \fIconf\fP
! 84: Use alternate color \fIconfig file\fP instead of default \fI/etc/trafshow\fP.
! 85: .TP
! 86: \fB-i\fP \fIname\fP
! 87: Listen on the specified network interface \fIname\fP.
! 88: If unspecified, \fBTrafShow\fP collect data from \fIall\fP network interfaces,
! 89: configured \fBUP\fP in the system. In the last case the system must supply
! 90: enough number of packet capture devices (like /dev/bpf#).
! 91: .TP
! 92: \fB-s\fP \fIstr\fP
! 93: To search and follow for list \fBitem\fP matched by \fIstring\fP, moving the
! 94: cursor bar. The found \fBitem\fP try to stay highlighted. The mode can be
! 95: turned Off by `\fBCtrl\fP-\fB/\fP' key press or [re]entered again by `\fB/\fP'
! 96: key directly in the live show.
! 97: .TP
! 98: \fB-u\fP \fIport\fP
! 99: Listen on the specified UDP \fIport\fP number for the \fBCisco Netflow\fP feed.
! 100: The default port number is \fI9995\fP.
! 101: .br
! 102: \fBHint\fP: Please use \fI0\fP to disable this functionality.
! 103: .TP
! 104: \fB-R\fP \fIrefresh\fP
! 105: Set the \fBrefresh period\fP of data show to \fIseconds\fP, \fI2\fP seconds by
! 106: default. This option can be changed during a show by pressing the `\fBR\fP' key.
! 107: .TP
! 108: \fB-P\fP \fIpurge\fP
! 109: Set the expired data \fBpurge period\fP to \fIseconds\fP, \fI10\fP seconds by
! 110: default. This option can be changed during a show by pressing the `\fBP\fP' key.
! 111: .TP
! 112: \fB-F\fP \fIfile\fP
! 113: Use \fIfile\fP as input for the \fBfilter expression\fP.
! 114: .TP
! 115: \fIexpr\fP
! 116: Select which packets will be displayed. If no \fIexpression\fP is given,
! 117: all packets on the net will be displayed. Otherwise, only packets for
! 118: which \fIexpression\fP is `true' will be displayed.
! 119: .br
! 120: The \fBfilter expression\fP can be changed during a show by pressing the
! 121: `\fBF\fP' key, and turned Off by empty string.
! 122: .br
! 123: Please see \fBtcpdump\fP(1) man page for syntax of \fBfilter expression\fP.
! 124: .SH FILES
! 125: .TP
! 126: .I /etc/trafshow
! 127: The default colors configuration file if any.
! 128: .TP
! 129: .I $HOME/.trafshow
! 130: The personal file with the user defined colors.
! 131: .SH COLORS
! 132: .PP
! 133: If \fBTrafShow\fP has been compiled with modern curses libraries such as
! 134: \fBSlang\fP or \fBNcurses\fP it been able to show colored traffic on the
! 135: color-capable terminal. Hopefully, no special actions required to install
! 136: them because your system has it by default (leastwise last years).
! 137: .PP
! 138: The syntax of \fBTrafShow\fP color configuration file as follow:
! 139: .TP
! 140: \fIdefault\fP \fIfcolor\fP\fB:\fP\fIbcolor\fP
! 141: Set the default screen background color-pair
! 142: .TP
! 143: \fIport\fP[\fB/\fP\fIproto\fP] \fIfcolor\fP\fB:\fP\fIbcolor\fP
! 144: Set color pattern by service port
! 145: .TP
! 146: [\fIproto\fP] \fIsrc\fP[\fB/\fP\fImask\fP][\fB,\fP\fIport\fP] \fIdst\fP[\fB/\fP\fImask\fP][\fB,\fP\fIport\fP] \fIfcolor\fP\fB:\fP\fIbcolor\fP
! 147: Set color pattern by pair of source and destination addresses
! 148: .PP
! 149: The tokens \fI*\fP, \fIany\fP, or \fIall\fP matchs \fBANY\fP in the pattern.
! 150: Where \fIfcolor\fP is foreground color and \fIbcolor\fP is background color.
! 151: .br
! 152: The fcolor and bcolor may be one of the following:
! 153: .TP
! 154: .I black red green yellow blue magenta cyan white
! 155: It posible to indicate color as number from 0 to 7.
! 156: .PP
! 157: The upper-case \fIF\fPcolor mean \fBbright on\fP.
! 158: The upper-case \fIB\fPcolor mean \fBblink on\fP.
! 159: .SH SEE ALSO
! 160: pcap(3), tcpdump(1), bpf(4)
! 161: .SH ACKNOWLEDGEMENTS
! 162: Thanks to Van Jacobson <van(at)helios.ee.lbl.gov> and
! 163: Steven McCanne <mccanne(at)helios.ee.lbl.gov>,
! 164: all of Lawrence Berkeley Laboratory,
! 165: University of California, Berkeley.
! 166: Special thank to Jun-ichiro itojun Hagino <itojun(at)iijlab.net> for IPv6
! 167: patches.
! 168: .SH AUTHOR
! 169: Vladimir Vorobyev <bob(at)turbo.nsk.su>.
! 170: .SH BUGS
! 171: Depending of traffic volume, \fBTrafShow\fP can take a lot of CPU cycles and
! 172: memory.
! 173: .br
! 174: It is impossible to use packet matching \fBexpressions\fP in the NetFlow mode.
! 175:
FreeBSD-CVSweb <freebsd-cvsweb@FreeBSD.org>
![[BACK]](/icons/cvsweb/back.gif){kind=icon}
Return to trafshow.1 CVS log ![[TXT]](/icons/cvsweb/text.gif){kind=icon}
![[DIR]](/icons/cvsweb/dir.gif){kind=icon}
Up to [ELWIX - Embedded LightWeight unIX -] / embedaddon / trafshow