traffic-collector

Langue: en

Version: 52086 (openSuse - 09/10/07)

Section: 8 (Commandes administrateur)

NAME

traffic-collect - Collect and summarise network traffic

SYNOPSIS

traffic-collector [-tpVh] [-P, --pid-file filename] [-i, --interface interface] [-f, --filter bpf-filter] [-r, --read-file tcpdump-file] [-s, --summary-file output-file]

DESCRIPTION

traffic-collect is a network traffic collection and summary tool. When executed traffic-collect will detatch from the terminal, place the specified interface in promiscuous mode (unless told otherwise) and begin collecting packets.

traffic-collect will execute until interrupted with a SIGTERM, SIGINTR or SIGHUP whereupon it will gracefully exit. If traffic-collect is interrupted with a SIGUSR1 it will write a report to the output file specified. On recipt of a SIGUSR2 it will write a report and then delete its state. To facilitate this traffic-collect writes it process ID to /var/run/traffic-collect.pid, or to a location specified using the --pid-file option.

The report lists traffic per host, total network traffic and which hosts communicated and with whom. The report is not intended for human consumption, rather to be passed through one or more of the traffic-vis sort tools and a frontend formatter.

traffic-collect can also accept tcpdump style packet filter descriptions and read packet dump files generated by tcpdump

OPTIONS

-P, --pid-file
Write process ID into this file instead of default.
-p, --no-promisc
Do not put the interface into promiscuous mode.
-i, --interface interface
Use interface instead of default.
-f, --filter filter
Use bpf / tcpdump filter to screen packets.
-r, --read-file file
Read a tcpdump packet trace file instead of listening on a live interface
-s, --summary-file file
Write report to specified file instead of default.
-t, --timestamp
Append timestamp of '.YYYYMMDD-HHMMSS-XX' to summary filename when writing files.
-V, --version
Display version information and exit
-h, --help
Display version information and exit

EXAMPLES

The simplest example:
traffic-collect

Will listen on the first available interface with no packet filter and report to the default output file.

This example uses a BPF packet filter to ignore all traffic except SMTP:

traffic-vis -f "tcp port 25"

Every option has a corresponding long option, this can make commandlines much more readable:

traffic-vis --filter "tcp port 80" --summary-file /tmp/foo.tc

SEE ALSO

tcpdump(8), bpf(4), pcap(3), traffic-vis(8), traffic-sort(8), traffic-resolve(8), traffic-exclude(8), traffic-totext(8), traffic-tohtml(8), traffic-tops(8) traffic-togif(8)

AUTHORS

Damien Miller <dmiller@ilogic.com.au>

http://www.ilogic.com.au/~dmiller/traffic-vis.html

BUGS

Hopefully none, probably legion.