NAME¶
tracestats - perform simple analysis on a trace
SYNOPSIS¶
tracestats [ -f | --filter bpf ]... inputuri...
DESCRPTION¶
tracestats reads one or more traces and outputs summaries for each trace of how
many packets/bytes match each bpf filter, as well as totals. If instead of
doing this for the entire trace, but to do it for portions then use
tracertstats(1) instead.
- -f bpf-filter
- --filter bpf-filter
- Add another bpf filter
EXAMPLES¶
tracestats --filter 'host sundown' \
--filter 'port http' \
--filter 'port ftp or ftp-data' \
--filter 'port smtp' \
--filter 'tcp[tcpflags] & tcp-syn!=0' \
--filter 'not ip' \
--filter 'ether[0] & 1 == 1' \
--filter 'icmp[icmptype] == icmp-unreach' \
erf:/traces/trace1.gz \
erf:/traces/trace2.gz \
LINKS¶
More details about tracestats (and libtrace) can be found at
http://www.wand.net.nz/trac/libtrace/wiki/UserDocumentation
SEE ALSO¶
libtrace(3),
tracemerge(1),
tracefilter(1),
traceconvert(1),
tracesplit(1),
tracesplit_dir(1),
tracereport(1),
tracertstats(1),
tracepktdump(1),
traceanon(1),
tracesummary(1),
tracereplay(1),
tracediff(1),
traceends(1),
tracetopends(1)
AUTHORS¶
Perry Lorier <perry@cs.waikato.ac.nz>