man traffic-sort (Administration système) - Sort a network traffic report
NAME
traffic-sort - Sort a network traffic report
SYNOPSIS
traffic-sort [-Vh] [-i, --input file] [-o, --output file] [-H, --host-sort key] [-P, --peer-sort key] [-L, --limit-hosts num] [-K, --limit-peers num]
DESCRIPTION
traffic-sort is a small program which will sort and limit the length of a network traffic report generated by traffic-collect(8) in various ways. It is designed to be used as a filter, expecting a report on standard input and writing a processed report to standard output. This way complex sorting can be achieved by chaining several traffic-sort processes together. Alternately, the input and output files can be specified using the '-i' and '-o' commandline options.
OPTIONS
- -i, --input file
- Read input from file instead of standard input.
- -o, --output file
- Write output to file instead of standard output.
- -H, --host-sort key
- Sort hosts by sort-key (see SORTING section for details).
- -P, --peer-sort key
- Sort peer lists by sort-key (see SORTING section for details).
- -L, --limit-hosts num
- Limit number of hosts to display
- -K, --limit-peers num
- Limit number of peers to display per host
- -h --help
- Prints usage information
- -V --version
- Prints program version
SORTING
The host and peer lists can be sorted in one of several ways with the -H and -P options. While several sort keys can be used for both hosts and peers, some cannot. The following table documents the function of each sort key and the context in which it is valid:
N, none Do not sort (hosts + peers).
- b, bytes
- Total bytes send and received (hosts + peers).
- s, bsent
- Bytes sent (hosts).
- r, breceived
- Bytes received (hosts + peers).
- p, packets
- Total packets sent and received (hosts + peers).
- S, psent
- Packets sent (hosts).
- R, preceived
- Packets received (hosts).
- C, connects
- Total TCP connection requests sent and received (hosts + peers).
- c, csent
- TCP connection requests sent (hosts).
- l, creceived
- TCP connections requests received (hosts).
- P, peers
- Number of peers (hosts).
- h, hostname
- Hostname (hosts).
- I, ipaddr
- IP address (hosts).
- F, firstseen
- Time of first detected traffic (hosts).
- L, lastseen
- Time of last recorded traffic (hosts).
- X, random
- Random (hosts + peers).
EXAMPLES
The simplest example:
- traffic-sort -Hn
Will read a report from standard input, perform no sorting and write the report to standard output.
The following example will limit the number of hosts in a report to 50:
- traffic-vis -L 50
This example will sort the hosts in order of decreasing traffic volume and limit the report to ten hosts. This will produce a list of the ten busiest hosts in the original report:
- traffic-vis -H b -L 50
Complex processing can be achieved by chaining multiple invocations of traffic-sort together:
- traffic-vis -Hb -Pb -L50 | traffic-sort -Hc
SEE ALSO
traffic-vis(8), traffic-collect(8), traffic-exclude(8), traffic-resolve(8), traffic-totext(8), traffic-tohtml(8), traffic-tops(8), traffic-togif(8),
AUTHORS
Damien Miller <dmiller@ilogic.com.au>
http://www.ilogic.com.au/~dmiller/traffic-vis.html
BUGS
Hopefully none, probably legion.