NAME

tracertstats - perform simple filter based analysis on a trace

SYNOPSIS

tracertstats -H|--libtrace-help

DESCRPTION

tracertstats takes a list of bpf expressions and outputs the number of packets and bytes that match that expression every interval seconds, or count packets.

-f bpf-filter
--filter bpf-filter: Add another "bpf filter"
-i interval
--interval interval: Output results every interval seconds.
-c count
--count count: Output results every count packets.
-m
--merge-inputs: Treats all inputs as a single input, resulting a single unified output rather than an output for each input. Works best with traces that are consecutive to create a single CSV, for instance.
-o format
--output-format format: Selects the output format.

txt: Human readable text. This is the default output format which provides output easily understood by a human. This format has the disadvantage that it takes up quite a bit of horizontal space.
csv: Comma Seperated Values. This is suitable for further analysis in a spreadsheet, or other program.
png: PNG Graphic. Produces a fairly incomprehensible png graph. This relies on gdc being available at compile time.
html: This produces output suitable for display to a human in a webbrowser.

EXAMPLES

tracertstats --filter 'host sundown' \
	--filter 'port http' \
	--filter 'port ftp or ftp-data' \
	--filter 'port smtp' \
	--filter 'tcp[tcpflags] & tcp-syn!=0' \
	--filter 'not ip' \
	--filter 'ether[0] & 1 == 1' \
	--filter 'icmp[icmptype] == icmp-unreach' \
	--output-format html
	erf:/traces/trace1.gz \
	erf:/traces/trace2.gz

LINKS

More details about tracertstats (and libtrace) can be found at http://www.wand.net.nz/trac/libtrace/wiki/UserDocumentation

AUTHORS

Perry Lorier <perry@cs.waikato.ac.nz>

November 2006

tracertstats (libtrace)