This is the command trafshow that can be run in the OnWorks free hosting provider using one of our multiple free online workstations such as Ubuntu Online, Fedora Online, Windows online emulator or MAC OS online emulator
PROGRAM:
NAME
trafshow - full screen show network traffic
SYNOPSIS
trafshow [-vpnb] [-a len] [-c conf] [-i name] [-s str] [-u port] [-R refresh] [-P purge]
[-F file | expr]
DESCRIPTION
TrafShow is a simple interactive program that gather the network traffic from all libpcap-
capable interfaces to accumulate it in memory cache, and then separately display it on
appropriated curses window in line-narrowed manner as a list of network flows sorted by
throughput. Display updates occurs nearly in real time, asynchronously from the data
collecting. It look like a live show of traffic flows. Any kind of network traffic are
mixed together in the one live-show screen, an Ethernet, IP, etc.
Hint: Please press `H' key inside a show to get brief help!
The IP traffic can be aggregated by netmask prefix bits and service ports to reorganize a
heap of trivial flows into the treelike hierarchies suitable for human perception. The
user can glance over the list of resulting flows and select at their to browse detail. So
you can deepen into the traffic inheritance hierarchy and inspect the packets of each
trivial flow in variety of presentations: raw-hex, ascii, time-stamp.
The program make aggregation automatically when number of flows will exceed some
reasonable amount. Just a few seconds after launch may be required for adaptation to your
volume of traffic. Use -a len option (see below) to overwrite the default behaviour.
TrafShow also listens on UDP port (9995 by default) for diverse feeders of Cisco Netflow
and then separately display the collected data in the same manner as described above. The
following versions of Netflow are currently supported: V1, V5, V7. Use -u port option
(see below) to overwrite the default behaviour.
This program may be found wonderful at lest to locate suspicious traffic on the net very
quickly on demand, or to evaluate real time traffic bandwidth utilization, in a simplest
and convenient environment. But it is not intended for collecting and analysis of the
network traffic for a long period of time, nor for billing!
The program pretend to be IPv6 compatible and ready to using, but it is not tested enough.
You can define INET6 to do so.
OPTIONS
-v Print detailed version information and exit.
-p Do not put interface(s) into promiscuous mode.
-n Do not convert numeric values to names (host addresses, port numbers, etc.). The
mode can be toggled On/Off during a show by pressing the `N' key.
-b To place a backflow entries near to the main streams in the sorted list of traffic
flows.
Note: this mode can raise the system load dangerously high because it take a lot of
CPU cycles!
-a len To aggregate traffic flows using IP netmask prefix len. This option also turn on
service ports aggregation. The len expected as number of bits in the network
portion of IP addresses (like CIDR). The aggragation len can be changed during a
show by pressing the `A' key, and turned Off by empty string.
Hint: Please use 0 to reduce output just for network services.
-c conf
Use alternate color config file instead of default /etc/trafshow.
-i name
Listen on the specified network interface name. If unspecified, TrafShow collect
data from all network interfaces, configured UP in the system. In the last case the
system must supply enough number of packet capture devices (like /dev/bpf#).
-s str To search and follow for list item matched by string, moving the cursor bar. The
found item try to stay highlighted. The mode can be turned Off by `Ctrl-/' key
press or [re]entered again by `/' key directly in the live show.
-u port
Listen on the specified UDP port number for the Cisco Netflow feed. The default
port number is 9995.
Hint: Please use 0 to disable this functionality.
-R refresh
Set the refresh period of data show to seconds, 2 seconds by default. This option
can be changed during a show by pressing the `R' key.
-P purge
Set the expired data purge period to seconds, 10 seconds by default. This option
can be changed during a show by pressing the `P' key.
-F file
Use file as input for the filter expression.
expr Select which packets will be displayed. If no expression is given, all packets on
the net will be displayed. Otherwise, only packets for which expression is `true'
will be displayed.
The filter expression can be changed during a show by pressing the `F' key, and
turned Off by empty string.
Please see tcpdump(1) man page for syntax of filter expression.
Use trafshow online using onworks.net services
