tracertstats − perform simple filter based analysis on a trace
tracertstats [ -f | --filter bpf ] [ -i | --interval interval ] [ -c | --count count ] [ -o | --output-format csv,txt,png,html ] [ -m | --merge-inputs ] inputuri...
tracertstats -H|--libtrace-help
tracertstats takes a list of bpf expressions and outputs the number of packets and bytes that match that expression every interval seconds, or count packets.
−f bpf-filter
−−filter bpf-filter
Add another "bpf filter"
−i interval
−−interval interval
Output results every interval seconds.
−c count
−−count count
Output results every count packets.
−m |
−−merge-inputs
Treats all inputs as a single input, resulting a single unified output rather than an output for each input. Works best with traces that are consecutive to create a single CSV, for instance.
−o format
−−output−format format
Selects the output format.
txt |
Human readable text. This is the default output format which provides output easily understood by a human. This format has the disadvantage that it takes up quite a bit of horizontal space. |
||
csv |
Comma Seperated Values. This is suitable for further analysis in a spreadsheet, or other program. |
||
png |
PNG Graphic. Produces a fairly incomprehensible png graph. This relies on gdc being available at compile time. |
||
html |
This produces output suitable for display to a human in a webbrowser. |
tracertstats −−filter ’host sundown’ \
−−filter ’port http’ \ |
|
−−filter ’port ftp or ftp-data’ \ |
|
−−filter ’port smtp’ \ |
|
−−filter ’tcp[tcpflags] & tcp-syn!=0’ \ |
|
−−filter ’not ip’ \ |
|
−−filter ’ether[0] & 1 == 1’ \ |
|
−−filter ’icmp[icmptype] == icmp-unreach’ \ |
|
−−output−format html |
|
erf:/traces/trace1.gz \ |
|
erf:/traces/trace2.gz |
More details about tracertstats (and libtrace) can be found at http://www.wand.net.nz/trac/libtrace/wiki/UserDocumentation
libtrace(3), tracemerge(1), tracesplit(1), tracesplit_dir(1), tracefilter(1), traceconvert(1), tracereport(1), tracepktdump(1), traceanon(1), tracesummary(1), traceconvert(1), tracereplay(1), tracediff(1), traceends(1), tracetopends(1)
Perry Lorier <perry AT cs DOT waikato DOT ac DOT nz>