- Continuously displays information regarding the packet traffic on the
configured network interface that matches the boolean expression.
It periodically sorts and updates this information. It may be useful for
locating suspicious network traffic on the net.
Usage
NAME
trafshow - a full screen show of network traffic.SYNOPSIS
trafshow [-eCfknNOpv -c num -i name -r sec -t sec] [-F file | expr]DESCRIPTION
TrafShow continuously displays information regarding packet traffic
on the configured network interface that match the boolean expression.
It periodically sorts and updates this information.
This funny program may be useful for locating suspicious network traffic on the
net or to evaluate current utilization of the network interface.OPTIONS
-c
Exit after receiving number of packets.- -C
Try to force ansi color mode. May be used when description of your current
terminal has no color capability in termcap/terminfo data base.
- -e
Show the Ethernet traffic rather than IP. It is possible to
switch between them by pressing the ENTER key.
- -f
Print `foreign' internet addresses numerically rather than symbolically.
- -F file
Use file as input for the filter expression.
- -i name
Listen on network interface name. If unspecified, trafshow
searches the system interface list for the lowest numbered, configured up
interface (excluding loopback).
- -k
Disable input keyboard checking. It is intended to avoid loss of packets.
- -n
Don't convert host addresses and port numbers to names.
- -N
Don't print domain name qualification of host names.
- -O
Don't run the packet-matching code optimizer. This is useful only if you
suspect a bug in the optimizer.
- -p
Don't put the interface into promiscuous mode.
- -r seconds
Set screen refresh interval to seconds.
- -t seconds
Set max timeout in DNS query to seconds.
- -v
Print detailed version information and exit.
- Expr
Select which packets will be displayed. If no expression is given,
all packets on the net will be displayed. Otherwise, only packets for which
expression is `true' will be displayed. For more details refer to
tcpdump (1) man page.
FILES
/etc/trafshow
The default colors configuration file if any.- $HOME/.trafshow
The personal file with the user defined colors.
COLORS
If trafshow has been compiled with modern curses libraries such as
slang or ncurses it been able to show colored traffic on
color-capable terminal.
The syntax of trafshow color configuration file as follows:
default fcolor:bcolor
Set the default screen background color-pair.- port[/proto] fcolor:bcolor
Set color pattern by service port.
- from[/mask][:port] to[/mask][:port] proto fcolor:bcolor
Set color pattern by pair of from-to addresses.
Where fcolor is foreground color and bcolor is background color.
- black red green yellow blue magenta cyan white
It posible to indicate color as number from 0 to 7.
The upper-case Fcolor mean bright *on*.
The upper-case Bcolor mean blink *on*.
-
The wildcard `*' do match ANY in pattern.
SEE ALSO
netstat (1),
tcpdump (1),
bpf (4).ACKNOWLEDGEMENTS
Thanks to
Van Jacobson É
Steven McCanne,
Lawrence Berkeley Laboratory, University of California, Berkeley, CA.AUTHOR
Vladimir Vorovyev,
© 1994-1998, RINET Software
© 2017-2025 Chris Hutchinson @
BSDforgeKNOWN BUGS
The trafshow functions such as resizing and coloring under xterm
mainly depend upon the curses library.Screenshots
- really?
You know this is a TUI, and not a GUI, right?
Installation
- Using the FreeBSD
ports system:
cd /usr/ports/net/trafshow
make install clean
Using the FreeBSD
pkg system:
pkg install net/trafshow
-