-
Notifications
You must be signed in to change notification settings - Fork 51
tracertstats
tracertstats
is a libtrace program that performs simple filter-based analysis on a trace. For every filter specified, tracertstats
will display packet and byte counts at regular intervals.
tracertstats [ -f | --filter bpf ] [ -i | --interval interval ]
[ -c | --count count ] [ -o | --output-format csv,txt,png,html ]
[ -N | --nobuffer ] [ -m | --merge-inputs ] [ -t | --threads threadcount ]
[ -d | --report-drops ]
inputuri...
-f, --filter
Adds another bpf filter.
-i, --interval
Output statistics every interval seconds of trace time.
-c, --count
Output statistics every count packets.
-o, --output-format
Selects the output format. These formats are described in more detail in a subsequent section.
-N, --nobuffer
Disables packet buffering within libtrace. This will give smoother, less bursty output when monitoring
an input source with a very low packet rate (i.e. < 10 packets per reporting interval).
-m, --merge-inputs
Do not create separate output files for each input source; produce a unified output instead. Works best
with input sources that are chronologically consecutive (e.g. trace files listed in time order).
-t, --threads
Use threadcount processing threads. Defaults to 4 processing threads. Bear in mind that setting this number too high will decrease performance if there is not enough work to keep all the threads occupied.
-d, --report-drops
Include cumulative counts of the number of dropped and missing packets on each line of output. Dropped packets are packets that are dropped by the capture device. Missing packets are packets that were captured successfully but were not processed by tracertstats (occurs with multi-host capture setups like ndag
). Option was added in libtrace 4.0.6.
txt
A regular ASCII text file. This is the default output format which is formatted nicely for human readability. This format can use up a lot of horizontal space, so may not work particularly well in 80 character wide terminals.
csv
Comma separated values. Suitable for future analysis using a spreadsheet or other program.
png
PNG graphic. Produces a png graph which may or may not be comprehensible. This format is dependent on having gdc available at compile time.
html
Self explanatory. Produces output suitable for display as a webpage.
Note: All output formats are written to stdout so they may require re-direction.
Output the number of packets and bytes seen every 5 minutes of trace time:
tracertstats -i 300 erf:trace.erf.gz
Output the number of SMTP and HTTP packets and bytes seen every minute of trace time as an HTML file:
tracertstats -i 60 -f "tcp port 25" -f "tcp port 80" -o html erf:trace.erf.gz > smtp_and_http.html
- If a simple summary of byte and packet counts for the entire trace is required, tracestats is a better tool.