Login or Register to Ask a Question and Join Our Community

Linux and UNIX Man Pages

Linux & Unix Commands - Search Man Pages

tracetopends(1) [debian man page]

TRACETOPENDS(1) 						   User Commands						   TRACETOPENDS(1)

NAME

       tracetopends - reports the endpoints that are responsible for the most traffic in a trace

SYNOPSIS

       tracetopends [ -f bpf ] [ -A addrtype ] [ -s ] [ -d ] [ -b ] [ -a ] [ -p ] [ -n topcount ] inputuri [inputuri ...]

DESCRIPTION

       tracetopends reports the number of bytes and packets sent and received by the busiest endpoints observed in the input trace(s).

       -f bpf filter
	      Output only packets that match tcpdump style bpf filter.

       -n top count
	      Report the top N endpoints (defaults to 10).

       -A address type
	      Specifies  how  an  endpoint  should be defined. Suitable options are "mac", "v4" and "v6" which will report endpoint stats for each
	      observed MAC address, IPv4 address and IPv6 address respectively.

       -s     Sort endpoints based on the amount of outgoing traffic (will cancel any previous -d option. This is on by default.

       -d     Sort endpoints based on the amount of incoming traffic (will cancel any previous -s option.

       -b     Sort endpoints based on the amount of IP traffic (will cancel any previous -a or -p options. This is on by default.

       -a     Sort endpoints based on the amount of application layer traffic (will cancel any previous -b or -p options.

       -p     Sort endpoints based on the amount of packets (will cancel any previous -b or -a options.

OUTPUT

       Output is written to stdout in columns separated by blank space.

       The columns are (in order):
	* Endpoint address
	* Time last observed
	* Packets originating from the endpoint
	* Bytes originating from the endpoint (IP header onwards)
	* Payload originating from the endpoint (post transport header)
	* Packets sent to the endpoint
	* Bytes sent to the endpoint (IP header onwards)
	* Payload sent to the endpoint (post transport header)

EXAMPLES

       Find the IPv4 addresses that are sending the most traffic.
       tracetopends -A v4 -b -s erf:trace.erf.gz

LINKS

       More details about tracetopends (and libtrace) can be found at http://www.wand.net.nz/trac/libtrace/wiki/UserDocumentation

SEE ALSO

       libtrace(3), tracemerge(1), tracefilter(1), traceconvert(1), tracesplit_dir(1), tracereport(1), tracertstats(1),  tracestats(1),  tracepkt-
       dump(1), traceanon(1), tracesummary(1), tracereplay(1), tracediff(1), traceends(1)

AUTHORS

       Shane Alcock <salcock@cs.waikato.ac.nz>

tracetopends (libtrace) 					  September 2011						   TRACETOPENDS(1)

Check Out this Related Man Page

TRACESPLIT(1)							   User Commands						     TRACESPLIT(1)

NAME

       tracesplit - split traces

SYNOPSIS

       tracesplit [ -f bpf | --filter=bpf] [ -c count | --count=count] [ -b bytes | --bytes=bytes] [ -i seconds | --seconds=seconds] [ -s unixtime
       | --starttime=unixtime] [ -e unixtime | --endtime=unixtime] [ -m maxfiles | --maxfiles=maxfiles] [ -S snaplen  |  --snaplen=snaplen]  [	-z
       level | --compress-level=level] [ -Z method | --compress-type=method] inputuri [inputuri ...] outputuri

DESCRIPTION

       tracesplit splits the given input traces into multiple tracefiles

       -f bpf filter
	      output only packets that match tcpdump style bpf filter

       -c count
	      output  count packets per output file.  The output file will be named after the basename given in the outputuri with the packet num-
	      ber of the first packet in this file.

       -b bytes
	      output bytes bytes per file

       -i seconds
	      start a new tracefile after "seconds" seconds

       -s unixtime
	      don't output any packets before unixtime

       -e unixtime
	      don't output any packets after unixtime

       -m maxfiles
	      do not create more than "maxfiles" trace files

       -S snaplen
	      Truncate packets to "snaplen" bytes long.  The default is collect the entire packet.

       -z level
	      Compress the data using the specified compression level, ranging from 0 to 9.  Higher compression levels tend to	result	in  better
	      compression but require more processing power to compress.

       -Z compression-method
	      Compress the data using the specified compression algorithm. Accepted methods are "gzip", "bzip2", "lzo" or "none". Default value is
	      none unless a compression level is specified, in which case gzip will be used.

EXAMPLES

       create a 1MB erf trace of port 80 traffic.
       tracesplit -z 1 -Z gzip -f 'port 80' -b $[ 1024 * 1024 ]
       erf:/traces/bigtrace.gz erf:/traces/port80.gz

LINKS

       More details about tracesplit (and libtrace) can be found at http://www.wand.net.nz/trac/libtrace/wiki/UserDocumentation

SEE ALSO

       libtrace(3), tracemerge(1), tracefilter(1), traceconvert(1), tracesplit_dir(1), tracereport(1), tracertstats(1),  tracestats(1),  tracepkt-
       dump(1), traceanon(1), tracesummary(1), tracereplay(1), tracediff(1), traceends(1), tracetopends(1)

AUTHORS

       Perry Lorier <perry@cs.waikato.ac.nz>

tracesplit (libtrace)						   January 2011 						     TRACESPLIT(1)
Man Page