traffic-vis(8)traffic-vis(8)NAMEtraffic-vis - Network traffic analysis suite
SYNOPSIS
traffic-collector
traffic-resolve
traffic-exclude
traffic-sort
traffic-totext
traffic-tohtml
traffic-tops
traffic-togif
DESCRIPTIONtraffic-vis is a suite of tools for network analysis. Its main purpose
is to determine which hosts have been communicating on a network, with
whom and the volume of traffic.
The collection and summarisation of network packets is performed by
traffic-collect(8) This program runs as a daemon, collecting packets
off the network interface of your choice, optionally applying a bpf(4)
packet filter prior to collection. These packets are summarised and can
be dumped to a file at any time. This summary is not intended for human
consumtion, and should be processed using the other tools in the suite
to produce a report.
traffic-exclude(8) will remove specific hosts from a summary, based on
IP address.
traffic-resolve(8) is a filter performs the task of resolving hostnames
in the summary file. This cannot be done effectivley in the collection
program as the DNS traffic may pollute the sampling of network traffic.
traffic-sort(8) will sort a report in one of several ways and can limit
the size of a report.
One of the three frontends: traffic-tops(8)traffic-totext(8) traffic-
tohtml(8) can be used to convert the summary into a human-readable
form.
All the processing tools are filters, accepting a summary on standard
input and producing their results on standard output. It is thus possiā
ble to combine them for more complex processing.
EXAMPLES
This is a quick example on how to produce a basic "10 busiest hosts"
report using traffic vis.
First, start traffic-collector and let it run for a while. When you
feel it has collected enough data, send it a SIGUSR1:
killall -USR1 traffic-collector
It will (unless you have specified otherwise) write a report in
/var/log/traffic-collector
This report must be processed before it is understandable. First we
will sort the report by bytes transferred and limit the number of hosts
in the output to ten:
traffic-sort -Hb -L10 < reportfile > report-sorted.tv
We then resolve the hostnames in the report:
traffic-resolve < report-sorted.tv > report-resolved.tv
Finally we convert the report to a readable form:
traffic-tohtml < report-resolved.tv > report.html
These steps could have been combined into a single command-line:
traffic-sort -Hb -L10 < reportfile | traffic-resolve | traffic-tohtml >
report.html
SEE ALSOtraffic-collect(8), traffic-resolve(8), traffic-exclude(8), traffic-
totext(8), traffic-tohtml(8), traffic-tops(8), traffic-togif(8),
AUTHORS
Damien Miller <dmiller@ilogic.com.au>
http://www.ilogic.com.au/~dmiller/traffic-vis.html
BUGS
Hopefully none, probably legion.
30 Jan 1999 traffic-vis(8)
