traffic-vis(8)

NAME

traffic-vis - Network traffic analysis suite

SYNOPSIS

traffic-collector
traffic-resolve
traffic-exclude
traffic-sort
traffic-totext
traffic-tohtml
traffic-tops
traffic-togif

DESCRIPTION

traffic-vis is a suite of tools for network analysis. Its main purpose is to determine which hosts have been commu
nicating on a network, with whom and the volume of traf
fic.

The collection and summarisation of network packets is
performed by traffic-collect(8) This program runs as a daemon, collecting packets off the network interface of
your choice, optionally applying a bpf(4) packet filter prior to collection. These packets are summarised and can
be dumped to a file at any time. This summary is not
intended for human consumtion, and should be processed
using the other tools in the suite to produce a report.

traffic-exclude(8) will remove specific hosts from a sum mary, based on IP address.

traffic-resolve(8) is a filter performs the task of resolving hostnames in the summary file. This cannot be
done effectivley in the collection program as the DNS
traffic may pollute the sampling of network traffic.

traffic-sort(8) will sort a report in one of several ways and can limit the size of a report.

One of the three frontends: traffic-tops(8) traffictotext(8) traffic-tohtml(8) can be used to convert the summary into a human-readable form.

All the processing tools are filters, accepting a summary
on standard input and producing their results on standard
output. It is thus possible to combine them for more com
plex processing.

EXAMPLES

This is a quick example on how to produce a basic "10 bus
iest hosts" report using traffic vis.

First, start traffic-collector and let it run for a while. When you feel it has collected enough data, send it a
SIGUSR1:
killall -USR1 traffic-collector
It will (unless you have specified otherwise) write a
report in /var/log/traffic-collector
This report must be processed before it is understandable.
First we will sort the report by bytes transferred and
limit the number of hosts in the output to ten:
traffic-sort -Hb -L10 < reportfile > report-sorted.tv
We then resolve the hostnames in the report:
traffic-resolve < report-sorted.tv > report-resolved.tv
Finally we convert the report to a readable form:
traffic-tohtml < report-resolved.tv > report.html
These steps could have been combined into a single com
mand-line:
traffic-sort -Hb -L10 < reportfile | traffic-resolve
traffic-tohtml > report.html

SEE ALSO

traffic-collect(8), traffic-resolve(8), trafficexclude(8), traffic-totext(8), traffic-tohtml(8), traffictops(8), traffic-togif(8),

AUTHORS

Damien Miller <dmiller@ilogic.com.au>

http://www.ilogic.com.au/~dmiller/traffic-vis.html

BUGS

Hopefully none, probably legion.

30 Jan 1999 traffic-vis(8)

Copyright © 2010-2025 Platon Technologies, s.r.o.           Home | Man pages | tLDP | Documents | Utilities | About
Design by styleshout