.\" DO NOT MODIFY THIS FILE!  It was generated by help2man 1.46.4.
.TH TRACE-SUMMARY "1" "November 2014" "trace-summary" "User Commands"
.SH NAME
trace-summary \- generate network traffic summaries
.SH SYNOPSIS
.B trace-summary
[\fI\,options\/\fR] \fI\,<pcap-file>|<conn-summaries>\/\fR
.SH DESCRIPTION
This manual page documents briefly the
.B trace-summary
program.
.PP
.\" TeX users may be more comfortable with the \fB<whatever>\fP and
.\" \fI<whatever>\fP escape sequences to invode bold face and italics,
.\" respectively.
\fBtrace-summary\fP is a Python script that generates break-downs of
network traffic, including lists of the top hosts, protocols, ports,
etc. Optionally, it can generate output separately for incoming
vs. outgoing traffic, per subnet, and per time-interval.

Per default, it assumes the
.IR input-file
to be a libpcap trace file. If it is a Bro connection log, use \fB\-c\fR. If
.IR input-file
is not given, the script reads from stdin. It writes its output to stdout.
.SH OPTIONS
.TP
\fB\-\-version\fR
show program's version number and exit
.TP
\fB\-h\fR, \fB\-\-help\fR
show this help message and exit
.TP
\fB\-b\fR, \fB\-\-bytes\fR
count fractions in terms of bytes rather than
packets/connections
.TP
\fB\-c\fR, \fB\-\-conn\-summaries\fR
input file contains Bro connection summaries
.TP
\fB\-\-conn\-version\fR=\fI\,CONN_VERSION\/\fR
when used with \fB\-c\fR, specify '1' for use with Bro
version 1.x connection logs, or '2' for use with Bro
2.x format. '0' tries to guess the format
.TP
\fB\-C\fR, \fB\-\-chema\fR
for packets: include only TCP, ignore when seq==0
.TP
\fB\-e\fR, \fB\-\-external\fR
ignore strictly internal traffic
.TP
\fB\-E\fR EXCLUDENETS, \fB\-\-exclude\-nets\fR=\fI\,EXCLUDENETS\/\fR
excludes CIDRs in file from analysis
.TP
\fB\-i\fR ILEN, \fB\-\-intervals\fR=\fI\,ILEN\/\fR
create summaries for time intervals of given length
.TP
\fB\-l\fR LOCALNETS, \fB\-\-local\-nets\fR=\fI\,LOCALNETS\/\fR
differentiate in/out based on CIDRs in file
.TP
\fB\-n\fR TOPX, \fB\-\-topn\fR=\fI\,TOPX\/\fR
show top <n>
.TP
\fB\-p\fR PORTS, \fB\-\-ports\fR=\fI\,PORTS\/\fR
include only ports listed in file
.TP
\fB\-P\fR STOREPORTS, \fB\-\-write\-ports\fR=\fI\,STOREPORTS\/\fR
write top total/incoming/outgoing ports into files
.TP
\fB\-r\fR, \fB\-\-resolve\-host\-names\fR
resolve host names
.TP
\fB\-R\fR tag, \fB\-\-R\fR=\fI\,tag\/\fR
write output suitable for R into files <tag.*>
.TP
\fB\-s\fR FACTOR, \fB\-\-sample\-factor\fR=\fI\,FACTOR\/\fR
sample factor of input
.TP
\fB\-S\fR SAMPLE, \fB\-\-do\-sample\fR=\fI\,SAMPLE\/\fR
sample input with probability (0.0 < prob < 1.0)
.TP
\fB\-m\fR, \fB\-\-save\-mem\fR
do not make memory\-expensive statistics
.TP
\fB\-t\fR, \fB\-\-tcp\fR
include only TCP
.TP
\fB\-u\fR, \fB\-\-udp\fR
include only UDP
.TP
\fB\-U\fR MINTIME, \fB\-\-min\-time\fR=\fI\,MINTIME\/\fR
minimum time in ISO format (e.g. 2005\-12\-31\-23\-59\-00)
.TP
\fB\-v\fR, \fB\-\-verbose\fR
show top\-n for every interval
.TP
\fB\-V\fR MAXTIME, \fB\-\-max\-time\fR=\fI\,MAXTIME\/\fR
maximum time in ISO format
.SH AUTHOR
.B trace-summary
was written by The Bro Project <info@bro.org>.
.PP
This manual page was written by Raúl Benencia <rul@kalgan.cc> for the
Debian project (but may be used by others).