Scroll to navigation

TRACE-SUMMARY(1) User Commands TRACE-SUMMARY(1)

NAME

trace-summary - generate network traffic summaries

SYNOPSIS

trace-summary [options] <pcap-file>|<conn-summaries>

DESCRIPTION

This manual page documents briefly the trace-summary program.

trace-summary is a Python script that generates break-downs of network traffic, including lists of the top hosts, protocols, ports, etc. Optionally, it can generate output separately for incoming vs. outgoing traffic, per subnet, and per time-interval.

Per default, it assumes the input-file to be a libpcap trace file. If it is a Bro connection log, use -c. If input-file is not given, the script reads from stdin. It writes its output to stdout.

OPTIONS

show program's version number and exit
show this help message and exit
count fractions in terms of bytes rather than packets/connections
input file contains Bro connection summaries
when used with -c, specify '1' for use with Bro version 1.x connection logs, or '2' for use with Bro 2.x format. '0' tries to guess the format
for packets: include only TCP, ignore when seq==0
ignore strictly internal traffic
excludes CIDRs in file from analysis
create summaries for time intervals of given length
differentiate in/out based on CIDRs in file
show top <n>
include only ports listed in file
write top total/incoming/outgoing ports into files
resolve host names
write output suitable for R into files <tag.*>
sample factor of input
sample input with probability (0.0 < prob < 1.0)
do not make memory-expensive statistics
include only TCP
include only UDP
minimum time in ISO format (e.g. 2005-12-31-23-59-00)
show top-n for every interval
maximum time in ISO format

AUTHOR

trace-summary was written by The Bro Project <info@bro.org>.

This manual page was written by Raúl Benencia <rul@kalgan.cc> for the Debian project (but may be used by others).

November 2014 trace-summary