TRACETOPENDS(1) | User Commands | TRACETOPENDS(1) |
NAME¶
tracetopends - reports the endpoints that are responsible for the most traffic in a traceSYNOPSIS¶
tracetopends [ -f bpf ] [ -A addrtype ] [ -s ] [ -d ] [ -b ] [ -a ] [ -p ] [ -n topcount ] inputuri [inputuri ...]DESCRIPTION¶
tracetopends reports the number of bytes and packets sent and received by the busiest endpoints observed in the input trace(s).- -f bpf filter
- Output only packets that match tcpdump style bpf filter.
- -n top count
- Report the top N endpoints (defaults to 10).
- -A address type
- Specifies how an endpoint should be defined. Suitable
options are "mac", "v4" and "v6" which will
report endpoint stats for each observed MAC address, IPv4 address and IPv6
address respectively.
- -s
- Sort endpoints based on the amount of outgoing traffic
(will cancel any previous -d option. This is on by default.
- -d
- Sort endpoints based on the amount of incoming traffic
(will cancel any previous -s option.
- -b
- Sort endpoints based on the amount of IP traffic (will
cancel any previous -a or -p options. This is on by default.
- -a
- Sort endpoints based on the amount of application layer
traffic (will cancel any previous -b or -p options.
- -p
- Sort endpoints based on the amount of packets (will cancel
any previous -b or -a options.
OUTPUT¶
Output is written to stdout in columns separated by blank space.* Endpoint address
* Time last observed
* Packets originating from the endpoint
* Bytes originating from the endpoint (IP header onwards)
* Payload originating from the endpoint (post transport header)
* Packets sent to the endpoint
* Bytes sent to the endpoint (IP header onwards)
* Payload sent to the endpoint (post transport header)
EXAMPLES¶
Find the IPv4 addresses that are sending the most traffic.tracetopends -A v4 -b -s erf:trace.erf.gz
LINKS¶
More details about tracetopends (and libtrace) can be found at http://www.wand.net.nz/trac/libtrace/wiki/UserDocumentationSEE ALSO¶
libtrace(3), tracemerge(1), tracefilter(1), traceconvert(1), tracesplit_dir(1), tracereport(1), tracertstats(1), tracestats(1), tracepktdump(1), traceanon(1), tracesummary(1), tracereplay(1), tracediff(1), traceends(1)AUTHORS¶
Shane Alcock <salcock@cs.waikato.ac.nz>September 2011 | tracetopends (libtrace) |