FreeBSD Manual Pages
PKTSTAT(1) General Commands Manual PKTSTAT(1) NAME pktstat -- display packet activity on a crt SYNOPSIS pktstat [-1BcFlnpPtT] [-a abbrev] [-A file] [-i interface] [-k keeptime] [-m maxbps] [-w waittime] [filter-expr] DESCRIPTION The pktstat program displays a real-time summary of packet activity on an interface. Each line displays the data rate associated with differ- ent classes of packets. pktstat understands the following command line options: -1 Single-shot (batch) mode. pktstat collects data for waittime seconds (see -w option) then emits a line indicat- ing the number of flows detected, and the period of data capture in seconds. Then, each flow line is printed in the form of the number of data link octets associated with the flow, the number of data link frames (packets), and then the flow description. -a abbrev Add abbrev to the list of abbreviation patterns. (See be- low for details.) -A file Read abbreviation patterns from the given file. (See "Abbreviations", below.) If the option -A none is given, then default abbreviation files are not loaded. -B Display data rates in bytes per second (Bps) instead of in bits per second (bps). -c Do not combine some packet classes into one class. For ex- ample, TCP connections are kept as two separate flows. -F Show full hostnames. Normally, hostnames are truncated to the first component of their domain name before display. -i interface Listen on the given interface. If not specified, a suit- able interface is chosen. -k keeptime When no packets have been seen for a particular class, re- tain an entry on the display for this many screen seconds. Defaults to 10. -l Display and sort flows by when they were last seen. (In- compatible with -t) -m maxbps Fix the maximum bit rate for the interface at maxbps in- stead of auto-detecting it. -n Do not try and resolve hostnames or service port numbers. -p Show packet counts instead of bit counts. -P Do not try to put the interface into promiscuous mode. -t "Top" mode. Sorts the display by bit count (or packet count if -p was given) instead of by the name. -T Show totals. -w waittime Refresh the display every waittime seconds. The default is 5 seconds. filter-expr Only consider packets matching the given filter-expr. If no filter is provided, all packets are considered. See tcpdump(8) for information on valid expressions. If the terminal supports it, the display briefly highlights in bold new connections or old connections carrying data after a period of inactiv- ity. Simple statistics about the interface are also displayed such as the current and average bit rates (measured just above the data link layer). Load averages refer to bit rate decayed averages for the last 1, 5 and 15 minutes. During display, the following keystrokes are recognised: q quit Ctrl-L redraw screen t toggle the -t flag (top mode) T toggle the -T flag (totals mode) w allows changing of the -w flag value (wait time) n toggle the -n flag (numeric display) p toggle the -p flag (packets instead of bits) b | B toggle the -B flag (bps or Bps) f | F toggle the -F flag (full hostnames) r reset collected statistics (min, max, etc.), flush flow history and reset DNS/service and fragment caches l show and sort flows by when they were last active ? toggle display of help/status text at the bottom of the display Packet classes All packet classes, or flows, are "tagged" with a descriptive string, such as `tcp ftpserver:20524 <-> cathexis:17771'. In addition to being tagged, some protocol-state information can be as- sociated with a flow. This is displayed immediately below a flow line. Descriptive information for FTP, HTTP, X11 and SUP connections is de- termined from simple decoding of some packets. If the connection is 'open', it is introduced with a right angle shape (+), otherwise it is introduced with a hyphen character. tcp www:80 <-> hamartia:19179 + GET /index.html Abbreviations Abbreviation patterns are a way of further combining flows. As packets are decoded, their flow name is constructed at the various protocol layers. At address combining stage (where arrows such as `->' are in- serted) and at the final display stage, flow names are checked against a list of abbreviation patterns, and the abbreviation's name substi- tuted if a match is found. For example, the pattern `* <-> *:domain' will match DNS packets in both the UDP and TCP layers. Abbreviations take the form [abbrev@]pattern. The pattern part can contain the wildcard character, asterisk `*' which matches zero or more non-space characters. The space character matches one or more white- space characters. Leading and trailing spaces are ignored. If the optional abbrev is not specified, the the pattern text itself is used as the abbreviation. Patterns are checked in the order given on the command line or in the files, i.e. as soon as one of the patterns matches a tag, no further patterns are considered. Recall that patterns can be applied multiple times to a tag. A patterns file can contain blank lines, which are ignored. Comment lines that commence with a `#' character are also ignored. After processing all command line abbreviations and abbreviation files, pktstat looks for and loads the files .pktstatrc, $HOME/.pktstatrc and /usr/local/etc/pktstatrc. This behaviour is suppressed by supplying an -A none option. EXAMPLES Here are the contents of my .pktstatrc file: dns @ udp *:domain <-> * dns @ udp * <-> *:domain irc @ udp 192.168.0.81:6666 <-> * SEE ALSO bpf(4), tcpdump(8) AUTHORS David Leonard, leonard@users.sourceforge.net BUGS DNS lookups can take too much time, possibly leading to missed packets. The data rates do not take into account data link framing overhead or compression savings at the data link layer. The direction of traffic is not taken into account: both ingress and egress data rates are combined. If you want to separate them, you will need to use a filter expression. Descriptive information for X11, FTP, HTTP and SUP flows is derived from the very first packets sent on those protocols. If you start pktstat after any of these flows have commenced, there may be no de- scription available for them. FreeBSD ports 15.0 June 23, 2002 PKTSTAT(1)
NAME | SYNOPSIS | DESCRIPTION | EXAMPLES | SEE ALSO | AUTHORS | BUGS
Want to link to this manual page? Use this URL:
<https://man.freebsd.org/cgi/man.cgi?query=pktstat&sektion=1&manpath=FreeBSD+Ports+15.0>