tracestats(1) [debian man page]
TRACESTATS(1) User Commands TRACESTATS(1) NAME
tracestats - perform simple analysis on a trace SYNOPSIS
tracestats [ -f | --filter bpf ]... inputuri... DESCRPTION
tracestats reads one or more traces and outputs summaries for each trace of how many packets/bytes match each bpf filter, as well as totals. If instead of doing this for the entire trace, but to do it for portions then use tracertstats(1) instead. -f bpf-filter --filter bpf-filter Add another bpf filter EXAMPLES
tracestats --filter 'host sundown' --filter 'port http' --filter 'port ftp or ftp-data' --filter 'port smtp' --filter 'tcp[tcpflags] & tcp-syn!=0' --filter 'not ip' --filter 'ether[0] & 1 == 1' --filter 'icmp[icmptype] == icmp-unreach' erf:/traces/trace1.gz erf:/traces/trace2.gz LINKS
More details about tracestats (and libtrace) can be found at http://www.wand.net.nz/trac/libtrace/wiki/UserDocumentation SEE ALSO
libtrace(3), tracemerge(1), tracefilter(1), traceconvert(1), tracesplit(1), tracesplit_dir(1), tracereport(1), tracertstats(1), tracepkt- dump(1), traceanon(1), tracesummary(1), tracereplay(1), tracediff(1), traceends(1), tracetopends(1) AUTHORS
Perry Lorier <perry@cs.waikato.ac.nz> tracestats (libtrace) October 2005 TRACESTATS(1)
Check Out this Related Man Page
TRACEMERGE(1) User Commands TRACEMERGE(1) NAME
tracemerge - Merge one (or more) traces together SYNOPSIS
tracemerge [ -i [ interfaces_per_input ] | --set-interface [ interfaces_per_input ] ] [ -u | --unique-packets ] [ -z | --compress-level <level> ] [ -Z | --compress-type <method> ] outputuri inputuri... DESCRPTION
tracemerge merges two or more traces together, keeping packets in order. -i[interfaces_per_input] --set-interface[interfaces_per_input] set the interface ("direction") for each input to be unique. The optional inputs_per_interface parameter is how many inputs to reserve for each trace, and defaults to 1. Thus if you have two traces with two interfaces (in/out), and interfaces_per_input is set to 2, then tracemerge will have the first interface of the first input will be 0, the second interface of the first input will be 1, the first interface of the second input will be 2, and the second interface of the second input will be 3. Beware that erf only supports 4 interfaces, and pcap only supports 2. Limitations apply based on the input trace format (not the output trace format) -u --unique-packets Ignore duplicate packets with identical timestamps. -zlevel --compress-levellevel Sets the amount of compression performed on the output file. This value can range from 0 (no compression) to 9 (maximum compres- sion). Higher compression levels require more CPU to compress data. Defaults to 0. -Zmethod --compress-typemethod Describes the compression algorithm to be used when writing the output trace. Possible methods are "gzip", "bzip2", "lzo" and "none". Defaults to "none". LINKS
More details about tracemerge (and libtrace) can be found at http://www.wand.net.nz/trac/libtrace/wiki/UserDocumentation SEE ALSO
libtrace(3), tracesplit(1), tracesplit_dir(1), tracefilter(1), traceconvert(1), tracereport(1), tracertstats(1), tracestats(1), tracepkt- dump(1), traceanon(1), tracesummary(1), tracereplay(1), tracediff(1), traceends(1), tracetopends(1) AUTHORS
Perry Lorier <perry@cs.waikato.ac.nz> tracemerge (libtrace) March 2006 TRACEMERGE(1)