Login or Register to Ask a Question and Join Our Community

Linux and UNIX Man Pages

Linux & Unix Commands - Search Man Pages

tracertstats(1) [debian man page]

TRACERTSTATS(1) 						   User Commands						   TRACERTSTATS(1)

NAME

       tracertstats - perform simple filter based analysis on a trace

SYNOPSIS

       tracertstats  [	-f  |  --filter bpf ] [ -i | --interval interval ] [ -c | --count count ] [ -o | --output-format csv,txt,png,html ] [ -m |
       --merge-inputs ] inputuri...

       tracertstats -H|--libtrace-help

DESCRPTION

       tracertstats takes a list of bpf expressions and outputs the number of packets and bytes that match that expression every interval seconds,
       or count packets.

       -f bpf-filter
       --filter bpf-filter
	      Add another "bpf filter"

       -i interval
       --interval interval
	      Output results every interval seconds.

       -c count
       --count count
	      Output results every count packets.

       -m
       --merge-inputs
	      Treats  all inputs as a single input, resulting a single unified output rather than an output for each input. Works best with traces
	      that are consecutive to create a single CSV, for instance.

       -o format
       --output-format format
	      Selects the output format.

	      txt    Human readable text.  This is the default output format which provides output easily understood by a human.  This format  has
		     the disadvantage that it takes up quite a bit of horizontal space.

	      csv    Comma Seperated Values. This is suitable for further analysis in a spreadsheet, or other program.

	      png    PNG Graphic.  Produces a fairly incomprehensible png graph.  This relies on gdc being available at compile time.

	      html   This produces output suitable for display to a human in a webbrowser.

EXAMPLES

       tracertstats --filter 'host sundown' 
	    --filter 'port http' 
	    --filter 'port ftp or ftp-data' 
	    --filter 'port smtp' 
	    --filter 'tcp[tcpflags] & tcp-syn!=0' 
	    --filter 'not ip' 
	    --filter 'ether[0] & 1 == 1' 
	    --filter 'icmp[icmptype] == icmp-unreach' 
	    --output-format html
	    erf:/traces/trace1.gz 
	    erf:/traces/trace2.gz

LINKS

       More details about tracertstats (and libtrace) can be found at http://www.wand.net.nz/trac/libtrace/wiki/UserDocumentation

SEE ALSO

       libtrace(3),   tracemerge(1),   tracesplit(1),	tracesplit_dir(1),   tracefilter(1),   traceconvert(1),  tracereport(1),  tracepktdump(1),
       traceanon(1), tracesummary(1), traceconvert(1), tracereplay(1), tracediff(1), traceends(1), tracetopends(1)

AUTHORS

       Perry Lorier <perry@cs.waikato.ac.nz>

tracertstats (libtrace) 					   November 2006						   TRACERTSTATS(1)

Check Out this Related Man Page

TRACEANON(1)							   User Commands						      TRACEANON(1)

NAME

       traceanon - anonymise ip addresses of traces

SYNOPSIS

       traceanon  [  -s  | --encrypt-source ] [ -d | --encrypt-dest ] [ -p prefix | --prefix=prefix ] [ -c key | --cryptopan=key ] [ -f key-file |
       --keyfile=file ] [ -z level | --compress-level=level ] [ -Z method | --compress-type=method ] sourceuri desturi

DESCRPTION

       traceanon anonymises a trace by replacing IP addresses found in the IP header, and any embedded packets inside an  ICMP	packet.   It  also
       fixes the checksums inside TCP and UDP headers.

       Two  anonymisation  schemes are supported, the first replaces a prefix with another prefix.  This can be used for instance to replace a /16
       with the equivilent prefix from RFC1918.  The other scheme is cryptopan which is a prefix preserving encryption scheme based on AES.

       -s
       --encrypt-source
	      encrypt only source ip addresses.

       -d
       --encrypt-dest
	      encrypt only destination ip addresses.

       -p
       --prefix=prefix
	      substitute the high bits of the IP addresses with the provided prefix.

       -c
       --cryptopan=key
	      encrypt the IP addresses using the prefix-preserving cryptopan method using the key "key".  The key can be up to 32 bytes long,  and
	      will be padded with NULL characters.

       -f
       --keyfile=file
	      encrypt  the  IP addresses using the prefix-preserving cryptopan method using the key specified in the file "file".  The key must be
	      32 bytes long. A suitable method of generating a key is by using the command dd to read from /dev/urandom.

       -z
       --compress-level=level
	      compress the output trace using a compression level of "level". Compression level can range from 0 (no compression)  through  to	9.
	      Higher compression levels require more CPU to compress data. Defaults to no compression.

       -Z
       --compress-type=method
	      compress	the  output  trace  using  the	compression algorithm "method". Possible algorithms are "gzip", "bzip2", "lzo" and "none".
	      Default is "none".

EXAMPLES

       traceanon --cryptopan="fish go moo, oh yes they do" 
	    --encrypt-source 
	    --encrypt-dest 
	    --compress-level=1 
	    --compress-type=gzip 
	    erf:/traces/unenc.gz 
	    erf:/traces/enc.gz 

BUGS

       This software should support encrypting based on the direction/interface flag.

       IP addresses inside ARP's are not encrypted.

LINKS

       More details about traceanon (and libtrace) can be found at http://www.wand.net.nz/trac/libtrace/wiki/UserDocumentation

SEE ALSO

       libtrace(3), tracemerge(1),  tracefilter(1),  traceconvert(1),  tracestats(1),  tracesummary(1),  tracertstats(1),  tracesplit(1),  traces-
       plit_dir(1), tracereport(1), tracepktdump(1), tracediff(1), tracereplay(1), traceends(1), tracetopends(1)

AUTHORS

       Perry Lorier <perry@cs.waikato.ac.nz>

traceanon (libtrace)						   October 2005 						      TRACEANON(1)
Man Page