-
Notifications
You must be signed in to change notification settings - Fork 51
tracereport
tracereport
is a libtrace tool that is capable of producing a variety of different reports about a trace.
tracereport
[ -f bpf | --filter=bpf ]
[ -e | --error ]
[ -F | --flow ]
[ -P | --protocol ]
[ -p | --port ]
[ -T | --tos ]
[ -t | --ttl ]
[ -O | --tcpoptions ]
[ -o | --synoptions ]
[ -n | --nlp ]
[ -d | --direction ]
[ -C | --ecn ]
[ -s | --tcpsegment ]
inputuri
-f, --filter
Only consider packets that match the bpf filter expression. See tcpdump(1) for the syntax of the bpf filter expression.
-e, --error
Produce a report on the number of packets that contained errors of some sort, e.g. checksum failures or DAG rxerrors.
-F, --flow
Produce a count of the number of flows observed in the trace.
-m, --misc
Produce a report of the time of the first packet and last packet of the trace, the duration of the trace, total packets, and average number of packets per second. (libtrace 3.0.2 and above)
-P, --protocol
Produce a report on the transport layer protocols that are observed in the trace, e.g. TCP, UDP, ICMP.
-p, --port
Produce a report on which port numbers are being used in the trace.
-T, --tos
Produce a report that contains a breakdown of the values observed in the ToS field of the IP header.
-t, --ttl
Produce a report that contains a breakdown of the TTL for packets in the trace.
-O, --tcpoptions
Produce a report that details which TCP options are observed on all packets in the trace.
-o, --synoptions
Produce a report that details which combinations of TCP options are observed on SYN packets in the trace.
-n, --nlp
Produce a report on the network layer protocols that are observed in the trace.
-d, --direction
Produce a report on the amount of traffic observed travelling in each direction in the trace.
-C, --ecn
Produce a report on the usage of the ECN flag by packets in the trace.
-s, --tcpsegment
Produce a report on the tcp segment sizes observed in the trace.
Get a report of TCP option usage:
tracereport -O erf:trace.erf.gz
Get a massive collection of reports, but only for traffic from the host 'grizzly':
tracereport -O -o -T -t -n -C -s -P -f 'grizzly' erf:trace.erf.gz
Each different report will create a separate output file in the directory from which tracereport
is run. At this stage, there is no way to specify the names of output files but this may be added in a future version of libtrace. Each output file is named so that it should be obvious which report is which.
- Unlike most of the other libtrace tools,
tracereport
is still under active development. Previous versions of libtrace may write the report output to stdout rather than to a file. We are also likely to add more reports in the future. - The version of tracereport that was distributed with the libtrace-3.0.0 release is actually quite different to what is described above - see the tracereport(1) manpage that came with your distribution for more details.