tracestats - perform simple analysis on a trace SYNOPSIS
tracestats [ -f | --filter bpf ]... inputuri... DESCRPTION
tracestats reads one or more traces and outputs summaries for each trace of how many packets/bytes match each bpf filter, as well as totals. If instead of doing this for the entire trace, but to do it for portions then use tracertstats(1) instead. -f bpf-filter --filter bpf-filter Add another bpf filter EXAMPLES
tracestats --filter 'host sundown' --filter 'port http' --filter 'port ftp or ftp-data' --filter 'port smtp' --filter 'tcp[tcpflags] & tcp-syn!=0' --filter 'not ip' --filter 'ether[0] & 1 == 1' --filter 'icmp[icmptype] == icmp-unreach' erf:/traces/trace1.gz erf:/traces/trace2.gz LINKS
More details about tracestats (and libtrace) can be found at SEE ALSO
libtrace(3), tracemerge(1), tracefilter(1), traceconvert(1), tracesplit(1), tracesplit_dir(1), tracereport(1), tracertstats(1), tracepkt- dump(1), traceanon(1), tracesummary(1), tracereplay(1), tracediff(1), traceends(1), tracetopends(1) AUTHORS
