| 1 | .TH TRACETOPENDS "1" "September 2011" "tracetopends (libtrace)" "User Commands" |
|---|
| 2 | .SH NAME |
|---|
| 3 | tracetopends \- reports the endpoints that are responsible for the most traffic |
|---|
| 4 | in a trace |
|---|
| 5 | .SH SYNOPSIS |
|---|
| 6 | .B tracetopends |
|---|
| 7 | [ \fB-f \fRbpf ] |
|---|
| 8 | [ \fB-A \fRaddrtype ] |
|---|
| 9 | [ \fB-s ] |
|---|
| 10 | [ \fB-d ] |
|---|
| 11 | [ \fB-b ] |
|---|
| 12 | [ \fB-a ] |
|---|
| 13 | [ \fB-p ] |
|---|
| 14 | [ \fB-n \fRtopcount ] |
|---|
| 15 | inputuri [inputuri ...] |
|---|
| 16 | .SH DESCRIPTION |
|---|
| 17 | tracetopends reports the number of bytes and packets sent and received by the |
|---|
| 18 | busiest endpoints observed in the input trace(s). |
|---|
| 19 | |
|---|
| 20 | .TP |
|---|
| 21 | \fB\-f\fR bpf filter |
|---|
| 22 | Output only packets that match tcpdump style bpf filter. |
|---|
| 23 | |
|---|
| 24 | .TP |
|---|
| 25 | \fB\-n\fR top count |
|---|
| 26 | Report the top N endpoints (defaults to 10). |
|---|
| 27 | |
|---|
| 28 | .TP |
|---|
| 29 | \fB\-A\fR address type |
|---|
| 30 | Specifies how an endpoint should be defined. Suitable options are "mac", "v4" |
|---|
| 31 | and "v6" which will report endpoint stats for each observed MAC address, IPv4 |
|---|
| 32 | address and IPv6 address respectively. |
|---|
| 33 | |
|---|
| 34 | .TP |
|---|
| 35 | \fB\-s |
|---|
| 36 | Sort endpoints based on the amount of outgoing traffic (will cancel any |
|---|
| 37 | previous \-d option. This is on by default. |
|---|
| 38 | |
|---|
| 39 | .TP |
|---|
| 40 | \fB\-d |
|---|
| 41 | Sort endpoints based on the amount of incoming traffic (will cancel any |
|---|
| 42 | previous \-s option. |
|---|
| 43 | |
|---|
| 44 | .TP |
|---|
| 45 | \fB\-b |
|---|
| 46 | Sort endpoints based on the amount of IP traffic (will cancel any previous |
|---|
| 47 | \-a or \-p options. This is on by default. |
|---|
| 48 | |
|---|
| 49 | .TP |
|---|
| 50 | \fB\-a |
|---|
| 51 | Sort endpoints based on the amount of application layer traffic (will cancel |
|---|
| 52 | any previous \-b or \-p options. |
|---|
| 53 | |
|---|
| 54 | .TP |
|---|
| 55 | \fB\-p |
|---|
| 56 | Sort endpoints based on the amount of packets (will cancel any previous |
|---|
| 57 | \-b or \-a options. |
|---|
| 58 | |
|---|
| 59 | .SH OUTPUT |
|---|
| 60 | Output is written to stdout in columns separated by blank space. |
|---|
| 61 | |
|---|
| 62 | The columns are (in order): |
|---|
| 63 | * Endpoint address |
|---|
| 64 | * Time last observed |
|---|
| 65 | * Packets originating from the endpoint |
|---|
| 66 | * Bytes originating from the endpoint (IP header onwards) |
|---|
| 67 | * Payload originating from the endpoint (post transport header) |
|---|
| 68 | * Packets sent to the endpoint |
|---|
| 69 | * Bytes sent to the endpoint (IP header onwards) |
|---|
| 70 | * Payload sent to the endpoint (post transport header) |
|---|
| 71 | |
|---|
| 72 | .SH EXAMPLES |
|---|
| 73 | Find the IPv4 addresses that are sending the most traffic. |
|---|
| 74 | .nf |
|---|
| 75 | tracetopends -A v4 -b -s erf:trace.erf.gz |
|---|
| 76 | .fi |
|---|
| 77 | |
|---|
| 78 | .SH LINKS |
|---|
| 79 | More details about tracetopends (and libtrace) can be found at |
|---|
| 80 | http://www.wand.net.nz/trac/libtrace/wiki/UserDocumentation |
|---|
| 81 | |
|---|
| 82 | .SH SEE ALSO |
|---|
| 83 | libtrace(3), tracemerge(1), tracefilter(1), traceconvert(1), tracesplit_dir(1), |
|---|
| 84 | tracereport(1), tracertstats(1), tracestats(1), tracepktdump(1), traceanon(1), |
|---|
| 85 | tracesummary(1), tracereplay(1), tracediff(1), traceends(1) |
|---|
| 86 | |
|---|
| 87 | .SH AUTHORS |
|---|
| 88 | Shane Alcock <salcock@cs.waikato.ac.nz> |
|---|
