traffic-collector(8)

NAME

traffic-collect - Collect and summarise network traffic

SYNOPSIS

traffic-collector  [-tpVh]  [-P, --pid-file filename] [-i,
--interface  interface]  [-f,  --filter  bpf-filter]  [-r,
--read-file tcpdump-file] [-s, --summary-file output-file]

DESCRIPTION

traffic-collect is a network traffic collection and sum mary tool. When executed traffic-collect will detatch from
the terminal, place the specified interface in promiscuous
mode (unless told otherwise) and begin collecting packets.

traffic-collect will execute until interrupted with a
SIGTERM, SIGINTR or SIGHUP whereupon it will gracefully
exit. If traffic-collect is interrupted with a SIGUSR1 it
will write a report to the output file specified. On
recipt of a SIGUSR2 it will write a report and then delete
its state. To facilitate this traffic-collect writes it
process ID to /var/run/traffic-collect.pid, or to a loca
tion specified using the --pid-file option.

The report lists traffic per host, total network traffic
and which hosts communicated and with whom. The report is
not intended for human consumption, rather to be passed
through one or more of the traffic-vis sort tools and a frontend formatter.

traffic-collect can also accept tcpdump style packet fil ter descriptions and read packet dump files generated by
tcpdump

OPTIONS

-P, --pid-file
Write process ID into this file instead of default.
-p, --no-promisc
Do not put the interface into promiscuous mode.
-i, --interface interface
Use interface instead of default.
-f, --filter filter
Use bpf / tcpdump filter to screen packets.
-r, --read-file file
Read a tcpdump packet trace file instead of listen ing on a live interface
-s, --summary-file file
Write report to specified file instead of default.
-t, --timestamp
Append timestamp of '.YYYYMMDD-HHMMSS-XX' to sum
mary filename when writing files.
-V, --version
Display version information and exit
-h, --help
Display version information and exit

EXAMPLES

The simplest example:
traffic-collect
Will listen on the first available interface with no
packet filter and report to the default output file.
This example uses a BPF packet filter to ignore all traf
fic except SMTP:

traffic-vis -f "tcp port 25"
Every option has a corresponding long option, this can
make commandlines much more readable:

traffic-vis --filter "tcp port 80" --summary-file
/tmp/foo.tc

SEE ALSO

tcpdump(8), bpf(4), pcap(3), traffic-vis(8), trafficsort(8), traffic-resolve(8), traffic-exclude(8), traffictotext(8), traffic-tohtml(8), traffic-tops(8) traffictogif(8)

AUTHORS

Damien Miller <dmiller@ilogic.com.au>

http://www.ilogic.com.au/~dmiller/traffic-vis.html

BUGS

Hopefully none, probably legion.

08 Dec 1998 traffic-collector(8)

Copyright © 2010-2025 Platon Technologies, s.r.o.           Home | Man pages | tLDP | Documents | Utilities | About
Design by styleshout