Login or Register to Ask a Question and Join Our Community

Linux and UNIX Man Pages

Linux & Unix Commands - Search Man Pages

tracertstats(1) [debian man page]

TRACERTSTATS(1) 						   User Commands						   TRACERTSTATS(1)

NAME

       tracertstats - perform simple filter based analysis on a trace

SYNOPSIS

       tracertstats  [	-f  |  --filter bpf ] [ -i | --interval interval ] [ -c | --count count ] [ -o | --output-format csv,txt,png,html ] [ -m |
       --merge-inputs ] inputuri...

       tracertstats -H|--libtrace-help

DESCRPTION

       tracertstats takes a list of bpf expressions and outputs the number of packets and bytes that match that expression every interval seconds,
       or count packets.

       -f bpf-filter
       --filter bpf-filter
	      Add another "bpf filter"

       -i interval
       --interval interval
	      Output results every interval seconds.

       -c count
       --count count
	      Output results every count packets.

       -m
       --merge-inputs
	      Treats  all inputs as a single input, resulting a single unified output rather than an output for each input. Works best with traces
	      that are consecutive to create a single CSV, for instance.

       -o format
       --output-format format
	      Selects the output format.

	      txt    Human readable text.  This is the default output format which provides output easily understood by a human.  This format  has
		     the disadvantage that it takes up quite a bit of horizontal space.

	      csv    Comma Seperated Values. This is suitable for further analysis in a spreadsheet, or other program.

	      png    PNG Graphic.  Produces a fairly incomprehensible png graph.  This relies on gdc being available at compile time.

	      html   This produces output suitable for display to a human in a webbrowser.

EXAMPLES

       tracertstats --filter 'host sundown' 
	    --filter 'port http' 
	    --filter 'port ftp or ftp-data' 
	    --filter 'port smtp' 
	    --filter 'tcp[tcpflags] & tcp-syn!=0' 
	    --filter 'not ip' 
	    --filter 'ether[0] & 1 == 1' 
	    --filter 'icmp[icmptype] == icmp-unreach' 
	    --output-format html
	    erf:/traces/trace1.gz 
	    erf:/traces/trace2.gz

LINKS

       More details about tracertstats (and libtrace) can be found at http://www.wand.net.nz/trac/libtrace/wiki/UserDocumentation

SEE ALSO

       libtrace(3),   tracemerge(1),   tracesplit(1),	tracesplit_dir(1),   tracefilter(1),   traceconvert(1),  tracereport(1),  tracepktdump(1),
       traceanon(1), tracesummary(1), traceconvert(1), tracereplay(1), tracediff(1), traceends(1), tracetopends(1)

AUTHORS

       Perry Lorier <perry@cs.waikato.ac.nz>

tracertstats (libtrace) 					   November 2006						   TRACERTSTATS(1)

Check Out this Related Man Page

TRACEMERGE(1)							   User Commands						     TRACEMERGE(1)

NAME

       tracemerge - Merge one (or more) traces together

SYNOPSIS

       tracemerge  [  -i  [  interfaces_per_input ] | --set-interface [ interfaces_per_input ] ] [ -u | --unique-packets ] [ -z | --compress-level
       <level> ] [ -Z | --compress-type <method> ] outputuri inputuri...

DESCRPTION

       tracemerge merges two or more traces together, keeping packets in order.

       -i[interfaces_per_input]
       --set-interface[interfaces_per_input]
	      set the interface ("direction") for each input to be unique.  The optional inputs_per_interface parameter  is  how  many	inputs	to
	      reserve  for  each  trace, and defaults to 1.  Thus if you have two traces with two interfaces (in/out), and interfaces_per_input is
	      set to 2, then tracemerge will have the first interface of the first input will be 0, the second interface of the first  input  will
	      be 1, the first interface of the second input will be 2, and the second interface of the second input will be 3.

	      Beware  that  erf  only supports 4 interfaces, and pcap only supports 2.	Limitations apply based on the input trace format (not the
	      output trace format)

       -u
       --unique-packets
	      Ignore duplicate packets with identical timestamps.

       -zlevel
       --compress-levellevel
	      Sets the amount of compression performed on the output file. This value can range from 0 (no compression)  to  9	(maximum  compres-
	      sion). Higher compression levels require more CPU to compress data. Defaults to 0.

       -Zmethod
       --compress-typemethod
	      Describes  the  compression  algorithm  to  be  used when writing the output trace.  Possible methods are "gzip", "bzip2", "lzo" and
	      "none". Defaults to "none".

LINKS

       More details about tracemerge (and libtrace) can be found at http://www.wand.net.nz/trac/libtrace/wiki/UserDocumentation

SEE ALSO

       libtrace(3), tracesplit(1), tracesplit_dir(1), tracefilter(1), traceconvert(1), tracereport(1), tracertstats(1),  tracestats(1),  tracepkt-
       dump(1), traceanon(1), tracesummary(1), tracereplay(1), tracediff(1), traceends(1), tracetopends(1)

AUTHORS

       Perry Lorier <perry@cs.waikato.ac.nz>

tracemerge (libtrace)						    March 2006							     TRACEMERGE(1)
Man Page