Provided by: traffic-vis_0.34-17_i386 bug

NAME

       traffic-vis - Network traffic analysis suite

SYNOPSIS

       traffic-collector
       traffic-resolve
       traffic-exclude
       traffic-sort
       traffic-totext
       traffic-tohtml
       traffic-tops
       traffic-togif

DESCRIPTION

       traffic-vis  is a suite of tools for network analysis. Its main purpose
       is to determine which hosts have been communicating on a network,  with
       whom and the volume of traffic.

       The  collection  and  summarisation  of network packets is performed by
       traffic-collect(8) This program runs as a  daemon,  collecting  packets
       off  the network interface of your choice, optionally applying a bpf(4)
       packet filter prior to collection. These packets are summarised and can
       be dumped to a file at any time. This summary is not intended for human
       consumption, and should be processed using the other tools in the suite
       to produce a report.

       traffic-exclude(8)  will remove specific hosts from a summary, based on
       IP address.

       traffic-resolve(8) is a filter performs the task of resolving hostnames
       in  the summary file. This cannot be done effectivley in the collection
       program as the DNS traffic may pollute the sampling of network traffic.

       traffic-sort(8) will sort a report in one of several ways and can limit
       the size of a report.

       One of the three frontends: traffic-tops(8) traffic-totext(8)  traffic-
       tohtml(8)  can  be  used  to  convert the summary into a human-readable
       form.

       All the processing tools are filters, accepting a summary  on  standard
       input  and  producing  their  results  on  standard  output. It is thus
       possible to combine them for more complex processing.

EXAMPLES

       This is a quick example on how to produce a basic  "10  busiest  hosts"
       report using traffic vis.

       First,  start  traffic-collector  and  let it run for a while. When you
       feel it has collected enough data, send it a SIGUSR1:

              killall -USR1 traffic-collector

       It will (unless  you  have  specified  otherwise)  write  a  report  in
       /var/run/traffic-collector

       This  report  must  be  processed before it is understandable. First we
       will sort the report by bytes transferred and limit the number of hosts
       in the output to ten:

       traffic-sort -Hb -L10 < reportfile > report-sorted.tv

       We then resolve the hostnames in the report:

       traffic-resolve < report-sorted.tv > report-resolved.tv

       Finally we convert the report to a readable form:

       traffic-tohtml < report-resolved.tv > report.html

       These steps could have been combined into a single command-line:

       traffic-sort -Hb -L10 < reportfile | traffic-resolve | traffic-tohtml >
       report.html

SEE ALSO

       traffic-collect(8),  traffic-resolve(8),  traffic-exclude(8),  traffic-
       totext(8), traffic-tohtml(8), traffic-tops(8), traffic-togif(8),

AUTHORS

       Damien Miller <dmiller@ilogic.com.au>

       http://www.ilogic.com.au/~dmiller/traffic-vis.html

BUGS

       Hopefully none, probably legion.

                                  30 Jan 1999                   traffic-vis(8)