| 1 | .TH TRACEENDS "1" "December 2018" "traceends (libtrace)" "User Commands" |
|---|
| 2 | .SH NAME |
|---|
| 3 | traceends \- summarise traffic done by every endpoint observed in a trace |
|---|
| 4 | .SH SYNOPSIS |
|---|
| 5 | .B traceends |
|---|
| 6 | [ \fB-t \fRthreads | \fB--threads=\fRthreads ] |
|---|
| 7 | [ \fB-f \fRbpf | \fB--filter=\fRbpf ] |
|---|
| 8 | [ \fB-a \fRaddrtype | \fB--address=\fRaddrtype ] |
|---|
| 9 | [ \fB-S \fR| \fB--ignore-source\fR ] |
|---|
| 10 | [ \fB-D \fR| \fB--ignore-dest\fR ] |
|---|
| 11 | [ \fB-H | \fB--help] |
|---|
| 12 | |
|---|
| 13 | inputuri [inputuri ...] |
|---|
| 14 | .SH DESCRIPTION |
|---|
| 15 | traceends reports the number of bytes and packets sent and received by each |
|---|
| 16 | endpoint observed in the input trace(s). Usually, you don't want to run this |
|---|
| 17 | program directly \-\- see \fBtracetopends\fR instead. |
|---|
| 18 | |
|---|
| 19 | .SH OPTIONS |
|---|
| 20 | .TP |
|---|
| 21 | \fB\-t\fR threads |
|---|
| 22 | Use the given number of threads for packet processing. Defaults to 1 thread. |
|---|
| 23 | |
|---|
| 24 | .TP |
|---|
| 25 | \fB\-f\fR bpf filter |
|---|
| 26 | Ignore packets that do not match this tcpdump style bpf filter. |
|---|
| 27 | |
|---|
| 28 | .TP |
|---|
| 29 | \fB\-A\fR address type |
|---|
| 30 | Specifies how an endpoint should be defined. Suitable options are "mac", "v4" |
|---|
| 31 | and "v6" which will report endpoint stats for each observed MAC address, IPv4 |
|---|
| 32 | address and IPv6 address respectively. |
|---|
| 33 | |
|---|
| 34 | .TP |
|---|
| 35 | \fB\-S, --ignore-source\fR |
|---|
| 36 | Do not track endpoints which are sending traffic. Mutually exclusive with the |
|---|
| 37 | \fBignore-dest\fR option. |
|---|
| 38 | |
|---|
| 39 | .TP |
|---|
| 40 | \fB\-D, --ignore-dest\fR |
|---|
| 41 | Do not track endpoints which are receiving traffic. Mutually exclusive with the |
|---|
| 42 | \fBignore-source\fR option. |
|---|
| 43 | |
|---|
| 44 | .SH OUTPUT |
|---|
| 45 | Output is written to stdout in columns separated by blank space. |
|---|
| 46 | |
|---|
| 47 | The columns are (in order): |
|---|
| 48 | * Endpoint address |
|---|
| 49 | * Time last observed |
|---|
| 50 | * Packets originating from the endpoint |
|---|
| 51 | * Bytes originating from the endpoint (IP header onwards) |
|---|
| 52 | * Payload originating from the endpoint (post transport header) |
|---|
| 53 | * Packets sent to the endpoint |
|---|
| 54 | * Bytes sent to the endpoint (IP header onwards) |
|---|
| 55 | * Payload sent to the endpoint (post transport header) |
|---|
| 56 | |
|---|
| 57 | .SH EXAMPLES |
|---|
| 58 | Get stats for each individual MAC address in a trace: |
|---|
| 59 | .nf |
|---|
| 60 | traceends -a mac erf:trace.erf.gz |
|---|
| 61 | .fi |
|---|
| 62 | |
|---|
| 63 | .SH LINKS |
|---|
| 64 | More details about traceends (and libtrace) can be found at |
|---|
| 65 | http://www.wand.net.nz/trac/libtrace/wiki/UserDocumentation |
|---|
| 66 | |
|---|
| 67 | .SH SEE ALSO |
|---|
| 68 | libtrace(3), tracemerge(1), tracefilter(1), traceconvert(1), tracesplit_dir(1), |
|---|
| 69 | tracereport(1), tracertstats(1), tracestats(1), tracepktdump(1), traceanon(1), |
|---|
| 70 | tracesummary(1), tracereplay(1), tracediff(1), tracetopends(1) |
|---|
| 71 | |
|---|
| 72 | .SH AUTHORS |
|---|
| 73 | Shane Alcock <salcock@cs.waikato.ac.nz> |
|---|
