A quick tour to pksh available commands
This tutorial gives a brief overview of using pksh. To do so, first download and install pksh.
Hello World!
> sudo ~/bin/pksh
-- pksh 0.2.2 (Sun, Jun 14 2009) --
A hack of the popular 'tcsh' with built-ins extensions for network monitoring.
It allows you to take a look at the traffic on your network without leaving your shell!
(C) Copyright 2003-2009 Rocco Carbone. All rights reserved
This program is open-source software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation; either version 3 of the License, or
(at your option) any later version.
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
included GNU General Public License in file COPYING for more details.
WARNING: YOU ARE SUPERUSER !!!
Type 'pkhelp' for the list of built-ins extensions implemented by this shell
Built-ins extensions
pksh 1> pkhelp
the following built-ins, as extensions to the tcsh commands, are available:
[commands enclosed in '_..._' are not implemented or they are still in alpha stage]
_ip_ _pkcal_ _pknbt_ bytes packets
pkarp pkclose pkdev _pkdisable_ pkenable
pkfilter pkfinger pkhelp pkhosts pklast
pkopen pkstatus pkswap pkuptime pkwho
_throughput_ _protocols_ _services_ _traffic_
Start sniffing
pksh 2> pkenable
started sniffer on interface 'eth0' (no filter enabled)...
A quick view at interface
pksh@eth0 3> pkuptime
1:57:18am up 0 days, 0:01:55, 1 interface
(eth0) -- www.tecsiel.it [82.187.228.118], 827 Pkts / 104.5 Kb, 132 hosts [4 local 128 foreign]
A complete view in term of packets in/out
pksh@eth0 4> packets
Host Id Total Tot Sent Tot Recv Broadcast Multicast IP Broad IP Multi
www.tecsiel.it 276 120 156 0 0 0 0
jabber.tecsiel.it 235 136 99 0 0 0 0
00:04:27:fe:2c:65 41 20 21 0 0 0 0
00:07:85:9c:72:a8 16 16 0 0 16 0 0
srv149.hosteur.com 10 6 4 0 0 0 0
194.69.254.42 5 2 3 0 0 0 0
dns.srce.hr 4 2 2 0 0 0 0
ccm.kangaroot.net 2 1 1 0 0 0 0
i.root-servers.net 2 1 1 0 0 0 0
dns1.t-com.hr 2 1 1 0 0 0 0
dns2.t-com.hr 2 1 1 0 0 0 0
ns-pri.ripe.net 2 1 1 0 0 0 0
ns4.t-com.hr 2 1 1 0 0 0 0
f.nic.de 2 1 1 0 0 0 0
213.92.114.67 2 1 1 0 0 0 0
dill.arin.net 2 1 1 0 0 0 0
ns49.1und1.de 2 1 1 0 0 0 0
161.53.2.70 1 0 1 0 0 0 0
dns.CARNet.hr 1 0 1 0 0 0 0
Show top 20 hosts in terms of bytes in/out
pksh@eth0 5> bytes -n | head -21
Host Id Total Tot Sent Tot Recv Broadcast Multicast IP Broad IP Multi
82.187.228.118 212.5 Kb 149.8 Kb 62.8 Kb 0 0 0 0
00:04:27:fe:2c:65 146.0 Kb 40.5 Kb 105.5 Kb 120 0 0 0
70.153.11.247 83.8 Kb 2.1 Kb 81.7 Kb 0 0 0 0
82.187.228.114 66.6 Kb 22.4 Kb 44.3 Kb 0 0 0 0
00:07:85:9c:72:a8 6.5 Kb 6.5 Kb 0 0 6.5 Kb 0 0
70.84.97.58 6.0 Kb 2.8 Kb 3.2 Kb 0 0 0 0
131.114.21.22 5.3 Kb 3.5 Kb 1.8 Kb 0 0 0 0
213.92.114.67 2.2 Kb 660 1.6 Kb 0 0 0 0
193.171.255.36 2.0 Kb 1.6 Kb 425 0 0 0 0
192.26.92.32 1.6 Kb 1.2 Kb 492 0 0 0 0
89.213.253.189 1.5 Kb 1.0 Kb 448 0 0 0 0
66.35.208.43 1.4 Kb 1.0 Kb 354 0 0 0 0
194.0.0.53 1.2 Kb 860 393 0 0 0 0
62.213.203.188 1.2 Kb 321 921 0 0 0 0
165.87.194.244 1.1 Kb 793 297 0 0 0 0
192.134.0.49 1.0 Kb 725 329 0 0 0 0
193.174.75.166 968 735 233 0 0 0 0
192.36.148.17 945 699 246 0 0 0 0
134.91.1.150 913 667 246 0 0 0 0
192.228.89.19 758 591 167 0 0 0 0
The ARP cache
pksh@eth0 6> pkarp
Host Id MAC Address Vendor Name Link
00:04:27:fe:2c:65 Cisco Systems, Inc. eth0 EN10MB
00:07:85:9c:72:a8 Cisco Systems Inc. eth0 EN10MB
www.tecsiel.it 00:08:c7:8c:00:d8 Hewlett Packard eth0 EN10MB
jabber.tecsiel.it 00:80:5f:a1:8b:39 Hewlett Packard eth0 EN10MB
Finger an interface
pksh@eth0 7> pkstatus
Network interface : eth0 [Ethernet - EN10MB] [00:08:c7:8c:00:d8] [mtu 1500] set to promiscuous mode
Address : www.tecsiel.it [82.187.228.118]
Internet : network [82.187.228.112] netmask [255.255.255.248] broadast [82.187.228.119]
Sampling since : 20:00.200126 [Sun Jun 14 12:52:02 2009]
Packets:
Total counted : 8,939
Packet Size : 42/535/1514 [Min/Avg/Max]
Packet ranges :
Upto75 : 2,827 (31.63%)
Upto150 : 2,113 (23.64%)
Upto225 : 868 (9.71%)
Upto300 : 212 (2.37%)
Upto375 : 105 (1.17%)
Upto450 : 47 (0.53%)
Upto525 : 17 (0.19%)
Upto600 : 17 (0.19%)
Upto675 : 2 (0.02%)
Upto750 : 8 (0.09%)
Upto825 : 3 (0.03%)
Upto900 : 3 (0.03%)
Upto975 : 5 (0.06%)
Upto1050 : 3 (0.03%)
Upto1125 : 17 (0.19%)
Upto1200 : 0
Upto1275 : 7 (0.08%)
Upto1350 : 4 (0.04%)
Upto1425 : 2 (0.02%)
Upto1514 : 2,679 (29.97%)
Above1514 : 0
Unicast : 8,439 (94.41%)
Broadcast : 1 (0.01%)
Multicast : 499 (5.58%)
IP : 8,397 (93.94%)
TCP : 5,378 (64.05%)
UDP : 3,003 (35.76%)
ICMP : 16 (0.19%)
ARP : 43 (0.48%)
Non-IP : 499 (5.58%)
Bytes:
Total counted : 4.0 MB
IP : 4.0 MB (99.36%)
TCP : 3.0 MB (93.26%)
UDP : 292.2 Kb (6.70%)
ICMP : 1.4 Kb (0.03%)
ARP : 1.6 Kb (0.04%)
Non-IP : 27.6 Kb (0.61%)
Finger a host
pksh@eth0 8> pkfinger www.tecsiel.it
Everything you always wanted to know about host 'www.tecsiel.it':
Identity [Local]:
www.tecsiel.it [82.187.228.118] on eth0
Host Type: currently unavailable
Timing:
FirstSeen: Sun Jul 20 15:38:40
LastSeen : Sun Jul 20 15:38:55
Age : 0 day(s) 00:00:15
Idle : 0 day(s) 00:00:23
Bytes Total % Sent % Rcvd %
Processed : 11.5 Kb (96.54%) 6.4 Kb (56.09%) 5.0 Kb (43.91%)
Packets Total % Sent % Recv %
Processed : 98 (93.33%) 41 (41.84%) 57 (58.16%)
Protocols Bytes % Sent % Rcvd % Pkts % Sent % Rcvd %
IP : 10.1 Kb (100%) 5.9 Kb (58.25%) 4.2 Kb (41.75%) 97 (100%) 41 (42.27%) 56 (57.73%)
TCP : 5.8 Kb (71.12%) 3.8 Kb (64.52%) 2.1 Kb (35.48%) 68 (70.10%) 26 (38.24%) 42 (61.76%)
UDP : 2.2 Kb (26.38%) 1.3 Kb (60.91%) 863 (39.09%) 28 (28.87%) 15 (53.57%) 13 (46.43%)
ICMP : 209 (2.50%) 0 209 (100%) 1 (1.03%) 0 1 (100%)
TCP Protocols Bytes % Sent % Rcvd % Pkts % Sent % Rcvd %
Other : 5.8 Kb (100%) 3.8 Kb (64.52%) 2.1 Kb (35.48%) 68 (100%) 26 (38.24%) 42 (61.76%)
