trafshow – Ncurses based utility showing detailed network traffic
Hint: Please press ‘H' key inside a show to get brief help!
The IP traffic can be aggregated by netmask prefix bits and service ports to reorganize a heap of trivial flows into the treelike hierarchies suitable for human perception. The user can glance over the list of resulting flows and select at their to browse detail. So you can deepen into the traffic inheritance hierarchy and inspect the packets of each trivial flow in variety of presentations: raw-hex, ascii, time-stamp.
The program make aggregation automatically when number of flows will exceed some reasonable amount. Just a few seconds after launch may be required for adaptation to your volume of traffic. Use -a len option (see below) to overwrite the default behaviour.
Install trafshow in ubuntu
Open the terminal and run the following command
sudo apt-get install trafshow
Print detailed version information and exit.
Do not put interface(s) into promiscuous mode.
Do not convert numeric values to names (host addresses, port numbers, etc.). The mode can be toggled On/Off during a show by pressing the ‘N' key.
To place a backflow entries near to the main streams in the sorted list of traffic flows.
Note: this mode can raise the system load dangerously high because it take a lot of CPU cycles!
To aggregate traffic flows using IP netmask prefix len. This option also turn on service ports aggregation. The len expected as number of bits in the network portion of IP addresses (like CIDR). The aggragation len can be changed during a show by pressing the ‘A' key, and turned Off by empty string.
Hint: Please use 0 to reduce output just for network services.
Use alternate color config file instead of default /etc/trafshow.
Listen on the specified network interface name. If unspecified, TrafShow collect data from all network interfaces, configured UP in the system. In the last case the system must supply enough number of packet capture devices (like /dev/bpf#).
To search and follow for list item matched by string, moving the cursor bar. The found item try to stay highlighted. The mode can be turned Off by ‘Ctrl-/' key press or [re]entered again by ‘/' key directly in the live show.
Listen on the specified UDP port number for the Cisco Netflow feed. The default port number is 9995.
Hint: Please use 0 to disable this functionality.
Set the refresh period of data show to seconds, 2 seconds by default. This option can be changed during a show by pressing the ‘R' key.
Set the expired data purge period to seconds, 10 seconds by default. This option can be changed during a show by pressing the ‘P' key.
Use file as input for the filter expression.
Select which packets will be displayed. If no expression is given, all packets on the net will be displayed. Otherwise, only packets for which expression is ‘true' will be displayed.
The filter expression can be changed during a show by pressing the ‘F' key, and turned Off by empty string.
Please see tcpdump man page for syntax of filter expression.
/etc/trafshow -- The default colors configuration file if any.
$HOME/.trafshow -- The personal file with the user defined colors.