traffic-sort(8)

NAME

traffic-sort - Sort a network traffic report

SYNOPSIS

traffic-sort  [-Vh] [-i, --input file] [-o, --output file]
[-H,  --host-sort  key]   [-P,   --peer-sort   key]   [-L,
--limit-hosts num] [-K, --limit-peers num]

DESCRIPTION

traffic-sort is a small program which will sort and limit the length of a network traffic report generated by traf_
fic-collect(8) in various ways. It is designed to be used as a filter, expecting a report on standard input and
writing a processed report to standard output. This way
complex sorting can be achieved by chaining several traf
fic-sort processes together. Alternately, the input and
output files can be specified using the '-i' and '-o' com
mandline options.

OPTIONS

-i, --input file
Read input from file instead of standard input.
-o, --output file
Write output to file instead of standard output.
-H, --host-sort key
Sort hosts by sort-key (see SORTING section for details).
-P, --peer-sort key
Sort peer lists by sort-key (see SORTING section for details).
-L, --limit-hosts num
Limit number of hosts to display
-K, --limit-peers num
Limit number of peers to display per host
-h --help
Prints usage information
-V --version
Prints program version

SORTING

The host and peer lists can be sorted in one of several
ways with the -H and -P options. While several sort keys
can be used for both hosts and peers, some cannot. The
following table documents the function of each sort key
and the context in which it is valid:

N, none Do not sort (hosts + peers).

b, bytes
Total bytes send and received (hosts + peers).
s, bsent
Bytes sent (hosts).
r, breceived
Bytes received (hosts + peers).
p, packets
Total packets sent and received (hosts + peers).
S, psent
Packets sent (hosts).
R, preceived
Packets received (hosts).
C, connects
Total TCP connection requests sent and received
(hosts + peers).
c, csent
TCP connection requests sent (hosts).
l, creceived
TCP connections requests received (hosts).
P, peers
Number of peers (hosts).
h, hostname
Hostname (hosts).
I, ipaddr
IP address (hosts).
F, firstseen
Time of first detected traffic (hosts).
L, lastseen
Time of last recorded traffic (hosts).
X, random
Random (hosts + peers).

EXAMPLES

The simplest example:
traffic-sort -Hn
Will read a report from standard input, perform no sorting
and write the report to standard output.
The following example will limit the number of hosts in a
report to 50:

traffic-vis -L 50
This example will sort the hosts in order of decreasing
traffic volume and limit the report to ten hosts. This
will produce a list of the ten busiest hosts in the origi
nal report:

traffic-vis -H b -L 50
Complex processing can be achieved by chaining multiple
invocations of traffic-sort together:

traffic-vis -Hb -Pb -L50 | traffic-sort -Hc

SEE ALSO

traffic-vis(8), traffic-collect(8), traffic-exclude(8), traffic-resolve(8), traffic-totext(8), traffic-tohtml(8), traffic-tops(8), traffic-togif(8),

AUTHORS

Damien Miller <dmiller@ilogic.com.au>

http://www.ilogic.com.au/~dmiller/traffic-vis.html

BUGS

Hopefully none, probably legion.

28 Jan 1999 traffic-sort(8)

Copyright © 2010-2025 Platon Technologies, s.r.o.           Home | Man pages | tLDP | Documents | Utilities | About
Design by styleshout