-
Notifications
You must be signed in to change notification settings - Fork 51
tracetopends
tracetopends reports the endpoints that are doing the most traffic in a trace. Output is written to stdout.
tracetopends
[ -f exp]
[ -A addrtype ]
[ -n numlines ]
[ -a ]
[ -b ]
[ -s ]
[ -d ]
[ -p ]
[ -t threadcount ]
[ -S ]
[ -D ]
[ -h ]
inputuri ...
-f
Only count packets that match the bpf filter expression. See tcpdump(1) for the syntax of the bpf filter expression.
-A
Specifies which address defines an endpoint - may be "mac", "v4" or "v6".
-n
Output the top N endpoints, where N is the value for this option.
-s
Sort endpoints based on outgoing traffic. This is the default.
-d
Sort endpoints based on incoming traffic.
-a
Sort endpoints based on application payload bytes.
-b
Sort endpoints based on IP traffic. This is the default.
-p
Sort endpoints based on packets.
-h
Print help information.
The following options were added in libtrace 4.0.6:
-t
Use threadcount threads for processing packets.
-S
Ignore all source addresses.
-D
Ignore all destination addresses.
Print the 20 IPv4 addresses that are sending the most traffic:
tracetopends -n20 -A v4 -s -b erf:trace.erf.gz
Print the 5 MAC addresses that are receiving the most packets:
tracetopends -n 5 -A mac -d -p erf:trace.erf.gz
- This can be run against live interfaces or DAG cards, but no output will be displayed until the program is interrupted with CTRL-C.
- You want to specify TWO sort parameters: the direction (using -s or -d) and the traffic measure (-a, -b or -p). The default setting is -s and -b.
- This tool is only available in libtrace 3.0.12 or later.