source: tools/traceends/tracetopends.1 @ e78e408

develop
Last change on this file since e78e408 was 384e898, checked in by Shane Alcock <salcock@…>, 2 years ago

Fix incorrect example in tracetopends man page
  • Property mode set to 100644
File size: 2.8 KB
Line 
1.TH TRACETOPENDS "1" "December 2018" "tracetopends (libtrace)" "User Commands"
2.SH NAME
3tracetopends \- reports the endpoints that are responsible for the most traffic
4in a trace
5.SH SYNOPSIS
6.B tracetopends
7[ \fB-t \fRthreads ]
8[ \fB-f \fRbpf ]
9[ \fB-A \fRaddrtype ]
10[ \fB-S ]
11[ \fb-D ]
12[ \fB-s ]
13[ \fB-d ]
14[ \fB-b ]
15[ \fB-a ]
16[ \fB-p ]
17[ \fB-n \fRtopcount ]
18inputuri [inputuri ...]
19.SH DESCRIPTION
20tracetopends reports the number of bytes and packets sent and received by the
21busiest endpoints observed in the input trace(s).
22
23.SH OPTIONS
24
25.TP
26\fB\-t\fR threads
27Use the given number of threads for packet processing. Defaults to 1 thread.
28
29.TP
30\fB\-f\fR bpf filter
31Output only packets that match tcpdump style bpf filter.
32
33.TP
34\fB\-n\fR top count
35Report the top N endpoints (defaults to 10).
36
37.TP
38\fB\-A\fR address type
39Specifies how an endpoint should be defined. Suitable options are "mac", "v4"
40and "v6" which will report endpoint stats for each observed MAC address, IPv4
41address and IPv6 address respectively.
42
43.TP
44\fB\-S
45Do not track endpoints which are sending traffic. Mutually exclusive with the
46\fB\-D \fRoption.
47
48.TP
49\fB\-D
50Do not track endpoints which are receiving traffic. Mutually exclusive with the
51\fB\-S \fRoption.
52
53.TP
54\fB\-s
55Sort endpoints based on the amount of outgoing traffic (will cancel any
56previous \-d option. This is on by default.
57
58.TP
59\fB\-d
60Sort endpoints based on the amount of incoming traffic (will cancel any
61previous \-s option.
62
63.TP
64\fB\-b
65Sort endpoints based on the amount of IP traffic (will cancel any previous
66\-a or \-p options. This is on by default.
67
68.TP
69\fB\-a
70Sort endpoints based on the amount of application layer traffic (will cancel
71any previous \-b or \-p options.
72
73.TP
74\fB\-p
75Sort endpoints based on the amount of packets (will cancel any previous
76\-b or \-a options.
77
78.SH OUTPUT
79Output is written to stdout in columns separated by blank space.
80
81The columns are (in order):
82 * Endpoint address
83 * Time last observed
84 * Packets originating from the endpoint
85 * Bytes originating from the endpoint (IP header onwards)
86 * Payload originating from the endpoint (post transport header)
87 * Packets sent to the endpoint
88 * Bytes sent to the endpoint (IP header onwards)
89 * Payload sent to the endpoint (post transport header)
90
91.SH EXAMPLES
92Find the IPv4 addresses that are sending the most traffic.
93.nf
94tracetopends -A v4 -b -s -D erf:trace.erf.gz
95.fi
96
97.SH LINKS
98More details about tracetopends (and libtrace) can be found at
99http://www.wand.net.nz/trac/libtrace/wiki/UserDocumentation
100
101.SH SEE ALSO
102libtrace(3), tracemerge(1), tracefilter(1), traceconvert(1), tracesplit_dir(1),
103tracereport(1), tracertstats(1), tracestats(1), tracepktdump(1), traceanon(1),
104tracesummary(1), tracereplay(1), tracediff(1), traceends(1)
105
106.SH AUTHORS
107Shane Alcock <salcock@cs.waikato.ac.nz>
Note: See TracBrowser for help on using the repository browser.