traffic - count network traffic on individual ports.
A record stream containing af field of packet type.
A record stream with fields determined by selected properties.
This tool calculates traffic volume for any combination of protocol, source IP, destination IP, and if appropriate source port, and destination port. The tool repetitiously calculates the volume over a configurable period and outputs a record for every observed combination of the before mentioned kind.
The tool can be configured to regard certain IP addresses as belonging to the internal net. This will allow the tool to output the direction of the calculated traffic volume, relative to the internal network. If the direction is into the internal network, direction will be 1. If the direction is out of the internal network, direction will be 2. If the traffic is internal, direction will be 3.
If the direction is undecided, direction will be 0.This is a comma separated list of network in CIDR block notation, fx. 192.168.1.0/24, 10.0.0.0/8. If an IP address is in one of the listed blocks it will be regarded as internal.
This decides the measure of traffic volume.
The number of seconds between output from this tool. The traffic volume is summed up in each period (aggregated). The value of this field is appended to the record in the field period_length.