tracestats(1) [debian man page]
TRACESTATS(1) User Commands TRACESTATS(1) NAME
tracestats - perform simple analysis on a trace SYNOPSIS
tracestats [ -f | --filter bpf ]... inputuri... DESCRPTION
tracestats reads one or more traces and outputs summaries for each trace of how many packets/bytes match each bpf filter, as well as totals. If instead of doing this for the entire trace, but to do it for portions then use tracertstats(1) instead. -f bpf-filter --filter bpf-filter Add another bpf filter EXAMPLES
tracestats --filter 'host sundown' --filter 'port http' --filter 'port ftp or ftp-data' --filter 'port smtp' --filter 'tcp[tcpflags] & tcp-syn!=0' --filter 'not ip' --filter 'ether[0] & 1 == 1' --filter 'icmp[icmptype] == icmp-unreach' erf:/traces/trace1.gz erf:/traces/trace2.gz LINKS
More details about tracestats (and libtrace) can be found at http://www.wand.net.nz/trac/libtrace/wiki/UserDocumentation SEE ALSO
libtrace(3), tracemerge(1), tracefilter(1), traceconvert(1), tracesplit(1), tracesplit_dir(1), tracereport(1), tracertstats(1), tracepkt- dump(1), traceanon(1), tracesummary(1), tracereplay(1), tracediff(1), traceends(1), tracetopends(1) AUTHORS
Perry Lorier <perry@cs.waikato.ac.nz> tracestats (libtrace) October 2005 TRACESTATS(1)
Check Out this Related Man Page
TRACERTSTATS(1) User Commands TRACERTSTATS(1) NAME
tracertstats - perform simple filter based analysis on a trace SYNOPSIS
tracertstats [ -f | --filter bpf ] [ -i | --interval interval ] [ -c | --count count ] [ -o | --output-format csv,txt,png,html ] [ -m | --merge-inputs ] inputuri... tracertstats -H|--libtrace-help DESCRPTION
tracertstats takes a list of bpf expressions and outputs the number of packets and bytes that match that expression every interval seconds, or count packets. -f bpf-filter --filter bpf-filter Add another "bpf filter" -i interval --interval interval Output results every interval seconds. -c count --count count Output results every count packets. -m --merge-inputs Treats all inputs as a single input, resulting a single unified output rather than an output for each input. Works best with traces that are consecutive to create a single CSV, for instance. -o format --output-format format Selects the output format. txt Human readable text. This is the default output format which provides output easily understood by a human. This format has the disadvantage that it takes up quite a bit of horizontal space. csv Comma Seperated Values. This is suitable for further analysis in a spreadsheet, or other program. png PNG Graphic. Produces a fairly incomprehensible png graph. This relies on gdc being available at compile time. html This produces output suitable for display to a human in a webbrowser. EXAMPLES
tracertstats --filter 'host sundown' --filter 'port http' --filter 'port ftp or ftp-data' --filter 'port smtp' --filter 'tcp[tcpflags] & tcp-syn!=0' --filter 'not ip' --filter 'ether[0] & 1 == 1' --filter 'icmp[icmptype] == icmp-unreach' --output-format html erf:/traces/trace1.gz erf:/traces/trace2.gz LINKS
More details about tracertstats (and libtrace) can be found at http://www.wand.net.nz/trac/libtrace/wiki/UserDocumentation SEE ALSO
libtrace(3), tracemerge(1), tracesplit(1), tracesplit_dir(1), tracefilter(1), traceconvert(1), tracereport(1), tracepktdump(1), traceanon(1), tracesummary(1), traceconvert(1), tracereplay(1), tracediff(1), traceends(1), tracetopends(1) AUTHORS
Perry Lorier <perry@cs.waikato.ac.nz> tracertstats (libtrace) November 2006 TRACERTSTATS(1)