tracepktdump(1) [debian man page]
TRACEPKTDUMP(1) User Commands TRACEPKTDUMP(1) NAME
tracepktdump - output packets in human readable format SYNOPSIS
tracepktdump [ -f exp | --filter=exp ] [ -c num | --count=num ] inputuri ... DESCRPTION
tracepktdump verbosely outputs packets in a human readable form, suitable for diagnosing packets. tracepktdump uses the libpacketdump library. There is an example tracepktdump program in the examples directory that shows how to use lib- packetdump. -f bpf-filter --filter bpf-filter Output only packets that match the bpf-filter expression. See tcpdump(1) for the syntax of the bpf-filter expression. -c num --count num stop after displaying num packets. LINKS
More details about tracepktdump (and libtrace) can be found at http://www.wand.net.nz/trac/libtrace/wiki/UserDocumentation SEE ALSO
libtrace(3), tracemerge(1), tracesplit(1), tracesplit_dir(1), tracefilter(1), tracestats(1), tracesummary(1), traceconvert(1), tracere- port(1), tracertstats(1), traceanon(1), tracereplay(1), tracediff(1), traceends(1), tracetopends(1) AUTHORS
Perry Lorier <perry@cs.waikato.ac.nz>, Daniel Lawson <dlawson@cs.waikato.ac.nz> tracepktdump (libtrace) November 2005 TRACEPKTDUMP(1)
Check Out this Related Man Page
TRACETOPENDS(1) User Commands TRACETOPENDS(1) NAME
tracetopends - reports the endpoints that are responsible for the most traffic in a trace SYNOPSIS
tracetopends [ -f bpf ] [ -A addrtype ] [ -s ] [ -d ] [ -b ] [ -a ] [ -p ] [ -n topcount ] inputuri [inputuri ...] DESCRIPTION
tracetopends reports the number of bytes and packets sent and received by the busiest endpoints observed in the input trace(s). -f bpf filter Output only packets that match tcpdump style bpf filter. -n top count Report the top N endpoints (defaults to 10). -A address type Specifies how an endpoint should be defined. Suitable options are "mac", "v4" and "v6" which will report endpoint stats for each observed MAC address, IPv4 address and IPv6 address respectively. -s Sort endpoints based on the amount of outgoing traffic (will cancel any previous -d option. This is on by default. -d Sort endpoints based on the amount of incoming traffic (will cancel any previous -s option. -b Sort endpoints based on the amount of IP traffic (will cancel any previous -a or -p options. This is on by default. -a Sort endpoints based on the amount of application layer traffic (will cancel any previous -b or -p options. -p Sort endpoints based on the amount of packets (will cancel any previous -b or -a options. OUTPUT
Output is written to stdout in columns separated by blank space. The columns are (in order): * Endpoint address * Time last observed * Packets originating from the endpoint * Bytes originating from the endpoint (IP header onwards) * Payload originating from the endpoint (post transport header) * Packets sent to the endpoint * Bytes sent to the endpoint (IP header onwards) * Payload sent to the endpoint (post transport header) EXAMPLES
Find the IPv4 addresses that are sending the most traffic. tracetopends -A v4 -b -s erf:trace.erf.gz LINKS
More details about tracetopends (and libtrace) can be found at http://www.wand.net.nz/trac/libtrace/wiki/UserDocumentation SEE ALSO
libtrace(3), tracemerge(1), tracefilter(1), traceconvert(1), tracesplit_dir(1), tracereport(1), tracertstats(1), tracestats(1), tracepkt- dump(1), traceanon(1), tracesummary(1), tracereplay(1), tracediff(1), traceends(1) AUTHORS
Shane Alcock <salcock@cs.waikato.ac.nz> tracetopends (libtrace) September 2011 TRACETOPENDS(1)