tracediff(1) [debian man page]
TRACEDIFF(1) User Commands TRACEDIFF(1) NAME
tracediff - find and print differences between two traces SYNOPSIS
tracediff [ -m maxdiff ] firsturi seconduri DESCRIPTION
tracediff compares two trace files and prints the details of packets that differ to standard output. This is useful for finding packets that are present in one trace but not another or for finding conversion or snapping errors. -m maxdiff stop processing after displaying 'maxdiff' differences EXAMPLES
tracediff -m 10 erf:/traces/orig.erf.gz pcapfile:/traces/convert.pcap.gz BUGS
Not exactly a bug, but the contents of the framing headers (i.e. the PCAP or ERF encapsulation) are not compared. LINKS
More details about tracediff (and libtrace) can be found at http://www.wand.net.nz/trac/libtrace/wiki/UserDocumentation SEE ALSO
libtrace(3), tracemerge(1), tracefilter(1), traceconvert(1), tracestats(1), tracesummary(1), tracertstats(1), tracesplit(1), traces- plit_dir(1), tracereport(1), tracepktdump(1), traceanon(1), tracereplay(1), traceends(1), tracetopends(1) AUTHORS
Shane Alcock <salcock@cs.waikato.ac.nz> tracediff (libtrace) January 2010 TRACEDIFF(1)
Check Out this Related Man Page
TRACERTSTATS(1) User Commands TRACERTSTATS(1) NAME
tracertstats - perform simple filter based analysis on a trace SYNOPSIS
tracertstats [ -f | --filter bpf ] [ -i | --interval interval ] [ -c | --count count ] [ -o | --output-format csv,txt,png,html ] [ -m | --merge-inputs ] inputuri... tracertstats -H|--libtrace-help DESCRPTION
tracertstats takes a list of bpf expressions and outputs the number of packets and bytes that match that expression every interval seconds, or count packets. -f bpf-filter --filter bpf-filter Add another "bpf filter" -i interval --interval interval Output results every interval seconds. -c count --count count Output results every count packets. -m --merge-inputs Treats all inputs as a single input, resulting a single unified output rather than an output for each input. Works best with traces that are consecutive to create a single CSV, for instance. -o format --output-format format Selects the output format. txt Human readable text. This is the default output format which provides output easily understood by a human. This format has the disadvantage that it takes up quite a bit of horizontal space. csv Comma Seperated Values. This is suitable for further analysis in a spreadsheet, or other program. png PNG Graphic. Produces a fairly incomprehensible png graph. This relies on gdc being available at compile time. html This produces output suitable for display to a human in a webbrowser. EXAMPLES
tracertstats --filter 'host sundown' --filter 'port http' --filter 'port ftp or ftp-data' --filter 'port smtp' --filter 'tcp[tcpflags] & tcp-syn!=0' --filter 'not ip' --filter 'ether[0] & 1 == 1' --filter 'icmp[icmptype] == icmp-unreach' --output-format html erf:/traces/trace1.gz erf:/traces/trace2.gz LINKS
More details about tracertstats (and libtrace) can be found at http://www.wand.net.nz/trac/libtrace/wiki/UserDocumentation SEE ALSO
libtrace(3), tracemerge(1), tracesplit(1), tracesplit_dir(1), tracefilter(1), traceconvert(1), tracereport(1), tracepktdump(1), traceanon(1), tracesummary(1), traceconvert(1), tracereplay(1), tracediff(1), traceends(1), tracetopends(1) AUTHORS
Perry Lorier <perry@cs.waikato.ac.nz> tracertstats (libtrace) November 2006 TRACERTSTATS(1)