Skip to content

tracereport

Jump to bottom
salcock edited this page Dec 19, 2014 · 1 revision

tracereport is a libtrace tool that is capable of producing a variety of different reports about a trace.

Usage

    tracereport
            [ -f bpf | --filter=bpf ]
            [ -e | --error ]
            [ -F | --flow ]
            [ -P | --protocol ]
            [ -p | --port ]
            [ -T | --tos ]
            [ -t | --ttl ]
            [ -O | --tcpoptions ]
            [ -o | --synoptions ]
            [ -n | --nlp ]
            [ -d | --direction ]
            [ -C | --ecn ]
            [ -s | --tcpsegment ]
    inputuri

Options

-f, --filter Only consider packets that match the bpf filter expression. See tcpdump(1) for the syntax of the bpf filter expression.

-e, --error Produce a report on the number of packets that contained errors of some sort, e.g. checksum failures or DAG rxerrors.

-F, --flow Produce a count of the number of flows observed in the trace.

-m, --misc Produce a report of the time of the first packet and last packet of the trace, the duration of the trace, total packets, and average number of packets per second. (libtrace 3.0.2 and above)

-P, --protocol Produce a report on the transport layer protocols that are observed in the trace, e.g. TCP, UDP, ICMP.

-p, --port Produce a report on which port numbers are being used in the trace.

-T, --tos Produce a report that contains a breakdown of the values observed in the ToS field of the IP header.

-t, --ttl Produce a report that contains a breakdown of the TTL for packets in the trace.

-O, --tcpoptions Produce a report that details which TCP options are observed on all packets in the trace.

-o, --synoptions Produce a report that details which combinations of TCP options are observed on SYN packets in the trace.

-n, --nlp Produce a report on the network layer protocols that are observed in the trace.

-d, --direction Produce a report on the amount of traffic observed travelling in each direction in the trace.

-C, --ecn Produce a report on the usage of the ECN flag by packets in the trace.

-s, --tcpsegment Produce a report on the tcp segment sizes observed in the trace.

Applications

Get a report of TCP option usage:

    tracereport -O erf:trace.erf.gz

Get a massive collection of reports, but only for traffic from the host 'grizzly':

    tracereport -O -o -T -t -n -C -s -P -f 'grizzly' erf:trace.erf.gz

Output

Each different report will create a separate output file in the directory from which tracereport is run. At this stage, there is no way to specify the names of output files but this may be added in a future version of libtrace. Each output file is named so that it should be obvious which report is which.

Notes

  • Unlike most of the other libtrace tools, tracereport is still under active development. Previous versions of libtrace may write the report output to stdout rather than to a file. We are also likely to add more reports in the future.
  • The version of tracereport that was distributed with the libtrace-3.0.0 release is actually quite different to what is described above - see the tracereport(1) manpage that came with your distribution for more details.
Clone this wiki locally