This quickly explains how I created the graphics mentioned on the main tcpstat page using a nice plotting tool called gnuplot. You could do this yourself, say if you want to have a cronjob run every 10 minutes or so to update a graphic on a web page to reflect the current traffic statistics.
First, I gathered the data with tcpdump, and wrote it to a file:
tcpdump -i xl0 -w traffic.dmp
Then, I let tcpstat run over the data and output the data into different files. tcpstat is actually flexible enough to do this in one run (and even collect the data from the interface itself) but I'm doing it in separate steps for you for tutorial purposes:
tcpstat -r traffic.dmp -o "%R\t%A\n" 60 > arp.data tcpstat -r traffic.dmp -o "%R\t%C\n" 60 > icmp.data tcpstat -r traffic.dmp -o "%R\t%T\n" 60 > tcp.data tcpstat -r traffic.dmp -o "%R\t%U\n" 60 > udp.data
Now that I have all the data in different files, it is time to produce the graphics.
All you need to do is tell gnuplot where to get it's data, and how to display it. This is usually done with a special gnuplot script file. This is the one I used (called "gnuplot.script"):
set term png small color set data style lines set grid set yrange [ -10 : ] set title "Protocol breakdown in the last hour" set xlabel "seconds" set ylabel "packets/s" plot "arp.data" using 1:($2/60) smooth csplines title "ARP" \ ,"icmp.data" using 1:($2/60) smooth csplines title "ICMP" \ ,"tcp.data" using 1:($2/60) smooth csplines title "TCP" \ ,"udp.data" using 1:($2/60) smooth csplines title "UDP"
So, all that was left to do was to call gnuplot and output the data into a PNG (Portable Network Graphic) formated file:
gnuplot gnuplot.script > plot1.png
There is, believe it or not, a way to do this whole thing in one long pipeline, i.e. without saving data into temporary files for automatic generation by webserver cgi-scripts, but that requires a good knowledge of presenting "inline" data to gnuplot, which I learned and promptly forgot about a year ago. If one of you out there cooks up a nice cgi-script to do this, email it to me and I'll post it here!