# ------------------------------------------------------------- # # TRAFAN - Traffic Analysis V 0.2 (2003-07-04) # # Copyright (C) 2003 by Volker Tanger # # ------------------------------------------------------------- # TrafAn is designed to give an overview over network protocol usage - which subnet is using which protocols. Main design criteria was that it should be usable as plain network sniffer - while most other tools require a setup with IPFILTER. While it might be used as network traffic accounting tool, the non-continuous recordig (breaks logging every time when summing up) and dirty direction tagging speak against this usage. Requirements: * Unix system * Perl installed (version 5.something will do) * Output from TCPDUMP For bug reports and suggestions or if you just want to talk to me please contact me at volker.tanger@wyae.de Updates will be available at http://www.wyae.de/software/trafan/ please check there for updates prior to submitting patches! ----------------------------------------------------------------------- Usage: ----------------------------------------------------------------------- The tool is designed as filter. So call e.g. as tcpdump -i eth0 -nlq ip | ./trafan.pl | sort > log.txt ...and kill tcpdump from an different shell window when done. The output table is done to STDIO and can be e.g. redirected into a file for further processing. Runtime messages are printed to STDERR. ----------------------------------------------------------------------- Known bugs: ----------------------------------------------------------------------- The selection of request/answer (up/down) packets is a bit cheesy: the lower of the two packet's ports (source/destination) is assumed to be the one characteristic for the connection (i.e. protocol port), which works fine for standard TCP protocols that run on privileged ports below 1024 (http, smtp, ...), but can fail horribly in the opposite case (e.g. SAP applications). Probably better is iftop http://www.ex-parrot.com/~pdw/iftop/ ----------------------------------------------------------------------- Shortcut: Distributable under GPL ----------------------------------------------------------------------- Copyright (C) 2000-2002 Volker Tanger This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 2 of the License, or (at your option) any later version. This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details. You should have received a copy of the GNU General Public License along with this program; if not, write to the Free Software Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. or on their website http://www.gnu.org/copyleft/gpl.html -----------------------------------------------------------------------