trafshow ()
  trafshow (1) ( Linux man: Команды и прикладные программы пользовательского уровня )


    trafshow - full screen show network traffic


    trafshow [-eCfknNOpv -c num -i name -r sec -t sec] [-F file | expr]  


    TrafShow continuously display the information regarding packet traffic on the configured network interface that match the boolean expression. It periodically sorts and updates this information.
    In other mode, TrafShow can operate like a simplest Cisco NetFlow collector to visualize network traffic passed through remote router nearly in real-time. Currently NetFlow V1,V5,V7 are supported.
    This funny program may be useful for locating suspicious network traffic on the net or to evaluate current utilization of the network interface. The software tool does not intend to collect and analyse packets content, nor for billing issues.  


    Exit after receiving number of packets.
    Try to force ansi color mode. May be used when description of your current terminal has no color capability in termcap/terminfo data base.
    Show the Ethernet traffic rather than IP. It is possible to switch between them by pressing the ENTER key.
    Print `foreign' internet addresses numerically rather than symbolically.
    Use file as input for the filter expression.
    Listen on network interface name, or UDP port number for Cisco NetFlow. If unspecified, trafshow searches the system interface list for the lowest numbered, configured up interface (excluding loopback).
    Disable input keyboard checking. It is intended to avoid loss of packets.
    Don't convert host addresses and port numbers to names.
    Don't print domain name qualification of local host names.
    Don't run the packet-matching code optimizer. This is useful only if you suspect a bug in the optimizer.
    Don't put the interface into promiscuous mode.
    Set screen refresh interval to seconds.
    Set max timeout in DNS query to seconds.
    Print detailed version information and exit.
    Select which packets will be displayed. If no expression is given, all packets on the net will be displayed. Otherwise, only packets for which expression is `true' will be displayed.
    For more details refer to tcpdump(1) man page.


    trafshow -e
    Display raw Ethernet traffic.
    trafshow -f -i eth0
    Display Internet traffic using device eth0.
    trafshow -n -i 9995
    Listen for NetFlow packets on the UDP port 9995 to display its content.


    The default colors configuration file if any.
    The personal file with the user defined colors.


    If trafshow has been compiled with modern curses libraries such as Slang or Ncurses it been able to show colored traffic on color-capable terminal.

    The syntax of trafshow color configuration file as follow:

    default fcolor:bcolor
    Set the default screen background color-pair
    port[/proto] fcolor:bcolor
    Set color pattern by service port
    from[/mask][:port] to[/mask][:port] proto fcolor:bcolor
    Set color pattern by pair of from-to addresses

    The wildcard `*' do match ANY in pattern. Where fcolor is foreground color and bcolor is background color.
    The fcolor and bcolor may be one of the following:

    black red green yellow blue magenta cyan white
    It posible to indicate color as number from 0 to 7.

    The upper-case Fcolor mean bright *on*. The upper-case Bcolor mean blink *on*.  


    netstat(1), tcpdump(1), bpf(4)  


    Thanks to Van Jacobson <van(at)> and Steven McCanne <mccanne(at)>, all of Lawrence Berkeley Laboratory, University of California, Berkeley. Special thank to Jun-ichiro itojun Hagino <itojun(at)> for IPv6 patches.  


    Vladimir Vorobyev <bob(at)>.  


    The trafshow functions such as resizeing and coloring under xterm mainly depended of curses library.
    It is impossible to use packet matching expressions in the NetFlow collector mode.




