LINUX.ORG.RU
ФорумAdmin

trafshow — вообще ничего не выводит

 


0

1

Здравствуйте!

Пытаюсь посмотреть трафик в сети с помощью trafshow, ничего не выходит!

trafshow вообще ничего не выводит и блокирует вывод на ttys000:

1-0-4806 15:51:00 ES ~ >
trafshow -i en3
en3: en3: You don't have permission to capture on that device ((cannot open BPF device) /dev/bpf0: Permission denied)
No packet capture device available (no permission?)

2-0-4805 15:51:18 ES ~ >
sudo !!
sudo trafshow -i en3 
Password:
Вторая попытка:
2-0-4807 14:58:25 ES ~ >
sudo trafshow -i en3 -n net 10.0.1.3 mask 255.255.255.0
non-network bits set in "10.0.1.3 mask 255.255.255.0"
Третья попытка:
sudo trafshow -i en3 -n net 10.0.1.1 mask 255.255.255.0
non-network bits set in "10.0.1.1 mask 255.255.255.0"

uname -a

Darwin Air.local 13.4.0 Darwin Kernel Version 13.4.0: Mon Jan 11 18:17:34 PST 2016; root:xnu-2422.115.15~1/RELEASE_X86_64 x86_64

bash --version

GNU bash, версия 4.4.19(1)-release (x86_64-apple-darwin13.4.0)
trafshow -v

trafshow Version 5.2.3

compiled for x86_64-apple-darwin13.4.0 with
 /usr/bin/clang -pipe -Os -I/usr/local/MacPorts/include -arch x86_64 -Wall -I. -DHAVE_CONFIG_H  -lslang -ltermcap -lpcap -lresolv 
	libpcap version 1.8.1
	slcurses version 20204
	colors support
	your current terminal has color capability
system_profiler SPNetworkDataType | head -n 49
Network:

    Thunderbolt Ethernet:

      Type: Ethernet
      Hardware: Ethernet
      BSD Device Name: en3
      IPv4 Addresses: 10.0.1.3
      IPv4:
          Addresses: 10.0.1.3
          ARPResolvedHardwareAddress: **:**:**:**:**:**
          ARPResolvedIPAddress: 10.0.1.1
          Configuration Method: DHCP
          Interface Name: en3
          Network Signature: IPv4.Router=10.0.1.1;IPv4.RouterHardwareAddress=**:**:**:**:**:**
          Router: 10.0.1.1
          Subnet Masks: 255.255.255.0
      DNS:
          Domain Name: xxxxxxx.ru
          Server Addresses: 10.0.1.1
      DHCP Server Responses:
          Domain Name: xxxxx.ru
          Domain Name Servers: 10.0.1.1
          Lease Duration (seconds): 0
          DHCP Message Type: 0x05
          Routers: 10.0.1.1
          Server Identifier: 10.0.1.1
          Subnet Mask: 255.255.255.0
      Ethernet:
          MAC Address: **:**.**:**:**:**
          Media Options: Full Duplex, Flow Control, energy-efficient-ethernet
          Media Subtype: 1000baseT
      Proxies:
          Exceptions List: *.local, 169.254/16
          FTP Passive Mode: Yes
      Sleep Proxies:
        1 TC_OLD:
          Marginal Power: 10
          Metric: 303410
          Portability: 34
          Total Power: 70
          Type: 30
        1 TC_NEW:
          Marginal Power: 10
          Metric: 503410
          Portability: 34
          Total Power: 70
          Type: 50
      Service Order: 0
system_profiler SPThunderboltDataType | grep -A 1 "Port (Upstream):"
          Port (Upstream):
              Status: Device connected
TRAFSHOW(1)                                                        TRAFSHOW(1)



NAME
       trafshow - full screen show network traffic

SYNOPSIS
       trafshow  [-vpnb]  [-a  len] [-c conf] [-i name] [-s str] [-u port] [-R
       refresh] [-P purge] [-F file | expr]

DESCRIPTION
       TrafShow is a simple interactive program that gather the network  traf-
       fic  from  all  libpcap-capable  interfaces  to accumulate it in memory
       cache, and then separately display it on appropriated curses window  in
       line-narrowed  manner  as a list of network flows sorted by throughput.
       Display updates occurs nearly in real  time,  asynchronously  from  the
       data collecting. It look like a live show of traffic flows. Any kind of
       network traffic are mixed together in the one live-show screen, an Eth-
       ernet, IP, etc.
       Hint: Please press `H' key inside a show to get brief help!

       The  IP  traffic  can  be aggregated by netmask prefix bits and service
       ports to reorganize a heap of trivial flows into the  treelike  hierar-
       chies  suitable for human perception. The user can glance over the list
       of resulting flows and select at their to browse  detail.  So  you  can
       deepen  into  the traffic inheritance hierarchy and inspect the packets
       of each trivial flow in variety of presentations: raw-hex, ascii, time-
       stamp.
       The  program  make  aggregation automatically when number of flows will
       exceed some reasonable amount. Just a few seconds after launch  may  be
       required  for  adaptation to your volume of traffic.  Use -a len option
       (see below) to overwrite the default behaviour.

       TrafShow also listens on UDP port (9995 by default) for diverse feeders
       of  Cisco Netflow and then separately display the collected data in the
       same manner as described above. The following versions of  Netflow  are
       currently  supported:  V1,  V5,  V7.  Use -u port option (see below) to
       overwrite the default behaviour.

       This program may be found wonderful at lest to locate suspicious  traf-
       fic on the net very quickly on demand, or to evaluate real time traffic
       bandwidth utilization, in a simplest and convenient environment. But it
       is  not intended for collecting and analysis of the network traffic for
       a long period of time, nor for billing!

       The program pretend to be IPv6 compatible and ready to using, but it is
       not tested enough. You can define INET6 to do so.

OPTIONS
       -v     Print detailed version information and exit.

       -p     Do not put interface(s) into promiscuous mode.

       -n     Do  not  convert  numeric  values to names (host addresses, port
              numbers, etc.).  The mode can be toggled On/Off during a show by
              pressing the `N' key.

       -b     To  place  a  backflow  entries  near to the main streams in the
              sorted list of traffic flows.
              Note: this mode can  raise  the  system  load  dangerously  high
              because it take a lot of CPU cycles!

       -a len To  aggregate  traffic  flows  using IP netmask prefix len. This
              option also turn on service ports aggregation. The len  expected
              as  number  of bits in the network portion of IP addresses (like
              CIDR).  The aggragation len can be  changed  during  a  show  by
              pressing the `A' key, and turned Off by empty string.
              Hint: Please use 0 to reduce output just for network services.

       -c conf
              Use   alternate   color   config   file   instead   of   default
              /usr/local/MacPorts/etc/trafshow.

       -i name
              Listen on the specified network interface name.  If unspecified,
              TrafShow collect data from all network interfaces, configured UP
              in the system. In the last case the system  must  supply  enough
              number of packet capture devices (like /dev/bpf#).

       -s str To search and follow for list item matched by string, moving the
              cursor bar. The found item try to stay highlighted. The mode can
              be  turned Off by `Ctrl-/' key press or [re]entered again by `/'
              key directly in the live show.

       -u port
              Listen on the specified UDP port number for  the  Cisco  Netflow
              feed.  The default port number is 9995.
              Hint: Please use 0 to disable this functionality.

       -R refresh
              Set  the  refresh  period  of data show to seconds, 2 seconds by
              default. This option can be changed during a  show  by  pressing
              the `R' key.

       -P purge
              Set  the  expired  data  purge  period to seconds, 10 seconds by
              default. This option can be changed during a  show  by  pressing
              the `P' key.

       -F file
              Use file as input for the filter expression.

       expr   Select  which  packets  will  be  displayed. If no expression is
              given, all packets on the net will be displayed. Otherwise, only
              packets for which expression is `true' will be displayed.
              The  filter  expression can be changed during a show by pressing
              the `F' key, and turned Off by empty string.
              Please see tcpdump(1) man page for syntax of filter  expression.

FILES
       /usr/local/MacPorts/etc/trafshow
              The default colors configuration file if any.

       $HOME/.trafshow
              The personal file with the user defined colors.

COLORS
       If  TrafShow  has  been  compiled  with modern curses libraries such as
       Slang or Ncurses it been able to show colored  traffic  on  the  color-
       capable  terminal.  Hopefully,  no  special actions required to install
       them because your system has it by default (leastwise last years).

       The syntax of TrafShow color configuration file as follow:

       default fcolor:bcolor
              Set the default screen background color-pair

       port[/proto] fcolor:bcolor
              Set color pattern by service port

       [proto] src[/mask][,port] dst[/mask][,port] fcolor:bcolor
              Set color pattern by pair of source and destination addresses

       The tokens *, any, or all matchs ANY in the pattern.  Where  fcolor  is
       foreground color and bcolor is background color.
       The fcolor and bcolor may be one of the following:

       black red green yellow blue magenta cyan white
              It posible to indicate color as number from 0 to 7.

       The upper-case Fcolor mean bright on.  The upper-case Bcolor mean blink
       on.

SEE ALSO
       pcap(3), tcpdump(1), bpf(4)

ACKNOWLEDGEMENTS
       Thanks to Van Jacobson <van(at)helios.ee.lbl.gov>  and  Steven  McCanne
       <mccanne(at)helios.ee.lbl.gov>,  all  of  Lawrence Berkeley Laboratory,
       University of California, Berkeley.  Special thank to Jun-ichiro itojun
       Hagino <itojun(at)iijlab.net> for IPv6 patches.

AUTHOR
       Vladimir Vorobyev <bob(at)turbo.nsk.su>.

BUGS
       Depending  of traffic volume, TrafShow can take a lot of CPU cycles and
       memory.
       It is impossible to use packet  matching  expressions  in  the  NetFlow
       mode.




                                   May 2004                        TRAFSHOW(1)


Вопрос: ЧЯДНТ, как это исправить?

Заранее благодарен за ответы и помощь!

P.S.

Вопрос не по теме:

Как сделать так, чтобы ответы приходили на почту?



Последнее исправление: Cave-Canem (всего исправлений: 1)

По поводу самого trafshow ничего не скажу, может ему просто ОС не нравится, можно попробовать через dtrace посмотреть, что с ним происходит, получает ли он какие-то данные или ждёт на каком-то системном вызове...

А насчёт:

non-network bits set in «10.0.1.1 mask 255.255.255.0»

там ведь всё понятно написно, адрес сети в данном случае ″net 10.0.1.0 mask 255.255.255.0″

mky ★★★★★
()

sudo trafshow -i en3 -n net 10.0.1.0 mask 255.255.255.0

lnx
()
Вы не можете добавлять комментарии в эту тему. Тема перемещена в архив.