traffic-collector(8)traffic-collector(8)NAMEtraffic-collect - Collect and summarise network traffic
SYNOPSIS
traffic-collector [-tpVh] [-P, --pid-file filename] [-i, --interface
interface] [-f, --filter bpf-filter] [-r, --read-file tcpdump-file]
[-s, --summary-file output-file]
DESCRIPTIONtraffic-collect is a network traffic collection and summary tool. When
executed traffic-collect will detatch from the terminal, place the
specified interface in promiscuous mode (unless told otherwise) and
begin collecting packets.
traffic-collect will execute until interrupted with a SIGTERM, SIGINTR
or SIGHUP whereupon it will gracefully exit. If traffic-collect is
interrupted with a SIGUSR1 it will write a report to the output file
specified. On recipt of a SIGUSR2 it will write a report and then
delete its state. To facilitate this traffic-collect writes it process
ID to /var/run/traffic-collect.pid, or to a location specified using
the --pid-file option.
The report lists traffic per host, total network traffic and which
hosts communicated and with whom. The report is not intended for human
consumption, rather to be passed through one or more of the traffic-vis
sort tools and a frontend formatter.
traffic-collect can also accept tcpdump style packet filter descrip‐
tions and read packet dump files generated by tcpdump
OPTIONS-P, --pid-file
Write process ID into this file instead of default.
-p, --no-promisc
Do not put the interface into promiscuous mode.
-i, --interface interface
Use interface instead of default.
-f, --filter filter
Use bpf / tcpdump filter to screen packets.
-r, --read-file file
Read a tcpdump packet trace file instead of listening on a live
interface
-s, --summary-file file
Write report to specified file instead of default.
-t, --timestamp
Append timestamp of '.YYYYMMDD-HHMMSS-XX' to summary filename
when writing files.
-V, --version
Display version information and exit
-h, --help
Display version information and exit
EXAMPLES
The simplest example:
traffic-collect
Will listen on the first available interface with no packet filter and
report to the default output file.
This example uses a BPF packet filter to ignore all traffic except
SMTP:
traffic-vis -f "tcp port 25"
Every option has a corresponding long option, this can make command‐
lines much more readable:
traffic-vis --filter "tcp port 80" --summary-file /tmp/foo.tc
SEE ALSOtcpdump(8), bpf(4), pcap(3), traffic-vis(8), traffic-sort(8), traffic-
resolve(8), traffic-exclude(8), traffic-totext(8), traffic-tohtml(8),
traffic-tops(8)traffic-togif(8)AUTHORS
Damien Miller <dmiller@ilogic.com.au>
http://www.ilogic.com.au/~dmiller/traffic-vis.html
BUGS
Hopefully none, probably legion.
08 Dec 1998 traffic-collector(8)