TRAFSHOW(1)		    General Commands Manual		   TRAFSHOW(1)

       trafshow	- full screen show network traffic

       trafshow	[-eCfknNOpv -c num -i name -r sec -t sec] [-F file | expr]

       TrafShow	 continuously display the information regarding	packet traffic
       on the configured network interface that	match the boolean  expression.
       It periodically sorts and updates this information.
       This  funny program may be useful for locating suspicious network traf-
       fic on the net or to evaluate current utilization of the	network	inter-

       -c     Exit after receiving number of packets.

       -C     Try  to  force  ansi color mode. May be used when	description of
	      your current terminal has	no color  capability  in  termcap/ter-
	      minfo data base.

       -e     Show  the	 Ethernet  traffic  rather  than IP. It	is possible to
	      switch between them by pressing the ENTER	key.

       -f     Print `foreign' internet addresses numerically rather than  sym-

       -F     Use file as input	for the	filter expression.

       -i     Listen  on  network  interface  name.  If	 unspecified, trafshow
	      searches the system interface list for the lowest	numbered, con-
	      figured up interface (excluding loopback).

       -k     Disable input keyboard checking. It is intended to avoid loss of

       -m     [src-ip M] [dst-ip M] [src-port M] [dst-port M] [proto M]
	      Mask the specified field with mask M (which should be  specified
	      as  an  hex number e.g. 0xffff0000) before further processing of
	      the packet. This allows to aggregate traffic in the  display  to
	      ease analysis.

       -n     Don't convert host addresses and port numbers to names.

       -N     Don't print domain name qualification of host names.

       -O     Don't  run  the  packet-matching	code optimizer.	This is	useful
	      only if you suspect a bug	in the optimizer.

       -p     Don't put	the interface into promiscuous mode.

       -r     Set screen refresh interval to seconds.

       -t     Set max timeout in DNS query to seconds.

       -v     Print detailed version information and exit.

       expr   Select which packets will	be  displayed.	If  no	expression  is
	      given, all packets on the	net will be displayed. Otherwise, only
	      packets for which	expression is `true' will be displayed.
	      For more details refer to	tcpdump(1) man page.

	      The default colors configuration file if any.

	      The personal file	with the user defined colors.

       If trafshow has been compiled with  modern  curses  libraries  such  as
       Slang  or Ncurses it been able to show colored traffic on color-capable

       The syntax of trafshow color configuration file as follow:

       default fcolor:bcolor
	      Set the default screen background	color-pair

       port[/proto] fcolor:bcolor
	      Set color	pattern	by service port

       from[/mask][:port] to[/mask][:port] proto fcolor:bcolor
	      Set color	pattern	by pair	of from-to addresses

       The wildcard `*'	do match ANY in	pattern.  Where	fcolor	is  foreground
       color and bcolor	is background color.
       The fcolor and bcolor may be one	of the following:

       black red green yellow blue magenta cyan	white
	      It posible to indicate color as number from 0 to 7.

       The  upper-case	Fcolor	mean  bright *on*.  The	upper-case Bcolor mean
       blink *on*.

       netstat(1), tcpdump(1), bpf(4)

       Thanks to Van Jacobson <> and Steven McCanne  <mc->,  all of Lawrence Berkeley Laboratory, Univer-
       sity of California, Berkeley, CA.

       Vladimir	Vorobyev <>.

       The trafshow functions such  as	resizeing  and	coloring  under	 xterm
       mainly depended of curses library.

				  August 1998			   TRAFSHOW(1)


