Skip site navigation (1)Skip section navigation (2)

FreeBSD Manual Pages

  
 
  

home | help
TRAFSHOW(1)		    General Commands Manual		   TRAFSHOW(1)

NAME
       trafshow	- full screen show network traffic

SYNOPSIS
       trafshow	 [-vpnb]  [-a  len] [-c	conf] [-i name]	[-s str] [-u port] [-R
       refresh]	[-P purge] [-F file | expr]

DESCRIPTION
       TrafShow	is a simple interactive	program	that gather the	network	 traf-
       fic  from  all  libpcap-capable	interfaces  to accumulate it in	memory
       cache, and then separately display it on	appropriated curses window  in
       line-narrowed  manner  as a list	of network flows sorted	by throughput.
       Display updates occurs nearly in	real  time,  asynchronously  from  the
       data collecting.	It look	like a live show of traffic flows. Any kind of
       network traffic are mixed together in the one live-show screen, an Eth-
       ernet, IP, etc.
       Hint: Please press `H' key inside a show	to get brief help!

       The  IP	traffic	 can  be aggregated by netmask prefix bits and service
       ports to	reorganize a heap of trivial flows into	the  treelike  hierar-
       chies  suitable for human perception. The user can glance over the list
       of resulting flows and select at	their to browse	 detail.  So  you  can
       deepen  into  the traffic inheritance hierarchy and inspect the packets
       of each trivial flow in variety of presentations: raw-hex, ascii, time-
       stamp.
       The  program  make  aggregation automatically when number of flows will
       exceed some reasonable amount. Just a few seconds after launch  may  be
       required	 for  adaptation to your volume	of traffic.  Use -a len	option
       (see below) to overwrite	the default behaviour.

       TrafShow	also listens on	UDP port (9995 by default) for diverse feeders
       of  Cisco Netflow and then separately display the collected data	in the
       same manner as described	above. The following versions of  Netflow  are
       currently  supported:  V1,  V5,	V7.  Use -u port option	(see below) to
       overwrite the default behaviour.

       This program may	be found wonderful at lest to locate suspicious	 traf-
       fic on the net very quickly on demand, or to evaluate real time traffic
       bandwidth utilization, in a simplest and	convenient environment.	But it
       is  not intended	for collecting and analysis of the network traffic for
       a long period of	time, nor for billing!

       The program pretend to be IPv6 compatible and ready to using, but it is
       not tested enough. You can define INET6 to do so.

OPTIONS
       -v     Print detailed version information and exit.

       -p     Do not put interface(s) into promiscuous mode.

       -n     Do  not  convert	numeric	 values	to names (host addresses, port
	      numbers, etc.).  The mode	can be toggled On/Off during a show by
	      pressing the `N' key.

       -b     To  place	 a  backflow  entries  near to the main	streams	in the
	      sorted list of traffic flows.
	      Note: this mode can  raise  the  system  load  dangerously  high
	      because it take a	lot of CPU cycles!

       -a len To  aggregate  traffic  flows  using IP netmask prefix len. This
	      option also turn on service ports	aggregation. The len  expected
	      as  number  of bits in the network portion of IP addresses (like
	      CIDR).  The aggragation len can be  changed  during  a  show  by
	      pressing the `A' key, and	turned Off by empty string.
	      Hint: Please use 0 to reduce output just for network services.

       -c conf
	      Use   alternate	color	config	 file	instead	  of   default
	      /usr/local/etc/trafshow.

       -i name
	      Listen on	the specified network interface	name.  If unspecified,
	      TrafShow collect data from all network interfaces, configured UP
	      in the system. In	the last case the system  must	supply	enough
	      number of	packet capture devices (like /dev/bpf#).

       -s str To search	and follow for list item matched by string, moving the
	      cursor bar. The found item try to	stay highlighted. The mode can
	      be  turned Off by	`Ctrl-/' key press or [re]entered again	by `/'
	      key directly in the live show.

       -u port
	      Listen on	the specified UDP port number for  the	Cisco  Netflow
	      feed.  The default port number is	9995.
	      Hint: Please use 0 to disable this functionality.

       -R refresh
	      Set  the	refresh	 period	 of data show to seconds, 2 seconds by
	      default. This option can be changed during a  show  by  pressing
	      the `R' key.

       -P purge
	      Set  the	expired	 data  purge  period to	seconds, 10 seconds by
	      default. This option can be changed during a  show  by  pressing
	      the `P' key.

       -F file
	      Use file as input	for the	filter expression.

       expr   Select  which  packets  will  be	displayed. If no expression is
	      given, all packets on the	net will be displayed. Otherwise, only
	      packets for which	expression is `true' will be displayed.
	      The  filter  expression can be changed during a show by pressing
	      the `F' key, and turned Off by empty string.
	      Please see tcpdump(1) man	page for syntax	of filter expression.

FILES
       /usr/local/etc/trafshow
	      The default colors configuration file if any.

       $HOME/.trafshow
	      The personal file	with the user defined colors.

COLORS
       If TrafShow has been compiled with  modern  curses  libraries  such  as
       Slang  or  Ncurses  it  been able to show colored traffic on the	color-
       capable terminal. Hopefully, no special	actions	 required  to  install
       them because your system	has it by default (leastwise last years).

       The syntax of TrafShow color configuration file as follow:

       default fcolor:bcolor
	      Set the default screen background	color-pair

       port[/proto] fcolor:bcolor
	      Set color	pattern	by service port

       [proto] src[/mask][,port] dst[/mask][,port] fcolor:bcolor
	      Set color	pattern	by pair	of source and destination addresses

       The  tokens  *, any, or all matchs ANY in the pattern.  Where fcolor is
       foreground color	and bcolor is background color.
       The fcolor and bcolor may be one	of the following:

       black red green yellow blue magenta cyan	white
	      It posible to indicate color as number from 0 to 7.

       The upper-case Fcolor mean bright on.  The upper-case Bcolor mean blink
       on.

SEE ALSO
       pcap(3),	tcpdump(1), bpf(4)

ACKNOWLEDGEMENTS
       Thanks  to  Van	Jacobson <van(at)helios.ee.lbl.gov> and	Steven McCanne
       <mccanne(at)helios.ee.lbl.gov>, all of  Lawrence	 Berkeley  Laboratory,
       University of California, Berkeley.  Special thank to Jun-ichiro	itojun
       Hagino <itojun(at)iijlab.net> for IPv6 patches.

AUTHOR
       Vladimir	Vorobyev <bob(at)turbo.nsk.su>.

BUGS
       Depending of traffic volume, TrafShow can take a	lot of CPU cycles  and
       memory.
       It  is  impossible  to  use  packet matching expressions	in the NetFlow
       mode.

				   May 2004			   TRAFSHOW(1)

NAME | SYNOPSIS | DESCRIPTION | OPTIONS | FILES | COLORS | SEE ALSO | ACKNOWLEDGEMENTS | AUTHOR | BUGS

Want to link to this manual page? Use this URL:
<https://www.freebsd.org/cgi/man.cgi?query=trafshow&manpath=FreeBSD+7.2-RELEASE+and+Ports>

home | help