File: README

package info (click to toggle)
traffic-vis 0.34-3
  • links: PTS
  • area: contrib
  • in suites: woody
  • size: 356 kB
  • ctags: 436
  • sloc: ansic: 4,029; makefile: 144; perl: 82; sh: 25
file content (68 lines) | stat: -rw-r--r-- 3,074 bytes parent folder | download | duplicates (3) 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
 
This is traffic-vis, a free network traffic monitor package.
traffic-vis is a suite of tools to help determine which hosts have
been communicating on an IP network, with whom they have been
communicating and the volume of communication taking place on a host
by host basis.

This release (0.3x) breaks the monolithic traffic-vis program into
man pieces. traffic-collector, a daemon which collects (duh) and
summarises network traffic and will produce a report upon receipt of a
SIGUSR1. This report is in text format, but is not designed to be read
by humans. A bunch of tools are provided to process this and convert
it into a human-readable report:

traffic-resolve, a small tool to resolve the hostnames in a
traffic-collect log. traffic-exclude, which excludes hosts from the
summary based on IP address. traffic-sort, which sorts and limits the 
size of a report and three front-ends: traffic-tops, traffic-totext 
and traffic-tohtml which take produce postscript, text and HTML 
reports respectively.

A worked example:

traffic-collector --summary-file /tmp/summary.tv
# (wait 5 minutes while it collects network traffic)
killall -USR1 traffic-collector

traffic-sort -Hb -Pb -L60 < /tmp/summary.tv > /tmp/report-sorted.tv
traffic-resove < /tmp/report-sorted.tv > /tmp/report-resolved.tv
traffic-tohtml < /tmp/report-resolved.tv > /tmp/report.html
traffic-tops < /tmp/report-resolved.tv > /tmp/report.ps
traffic-togif < /tmp/report-resolved.tv > /tmp/report.gif

Of course, several of these steps could be combined onto a single 
commandline.

This approach offers a lot more flexability than the previous "one
program does everything" system. It also allows for the manipulation
of reports by non-root users.

traffic-vis requires libpcap 0.4 to build. This is available from
ftp://ftp.ee.lbl.gov. The collector reads raw network frames, so it
needs to be run as root (I strongly recommend against making it SUID).
The traffic-togif script requires Ghostscript and the PBM utilities
to work. All of these are included with Redhat 5.2, and should be
available for Debian as well.

You will also need glib. I have developed traffic-vis using
glib-1.1.15 but I think older versions should work too. glib is
available from ftp://ftp.gimp.org/pub/gtk/v1.1/ RedHat users will
probably want to use the RPM version, this is included on the RedHat
5.2 CD in the directory "/gnome", otherwise it can be downloaded from
ftp://ftp.gnome.org/pub/GNOME/redhat/latest/i386/

If you are compiling from source, you will probably have to modify the
top-level makefile to match the location of your libraries and include
files. libpcap does not by default install the necessary files, so it
is easiest to add a -I/path/to/libpcap-4.0 to the INCLUDES line in the
makefile. You might also have to edit traffic-togif and tell it the
locations of your Ghostscript and PBMutils.

Traffic-vis has its very own homepage at
http://www.ilogic.com.au/~dmiller/traffic-vis.html

Your ideas, flames, bug-reports and (hopefully) patches greatfully
accepted.

Damien Miller <dmiller@ilogic.com.au>