wiki:SupportedTraceFormats

Version 3 (modified by spa1, 13 years ago) (diff)

--

Supported Formats

Libtrace supports the following trace capture and storage formats:

Live Capture

  • Endace DAG cards
  • pcap interfaces
  • Native Linux PF_PACKET interfaces
  • WAG cards (internal WAND project)
  • Native BSD BPF interfaces
  • Receiving packets over a network via the RT protocol

Trace Formats

  • pcap traces
  • ERF (Extensible Record Format) traces
  • Legacy DAG formats, such as those used in various Auckland tracesets
  • WTF (WAG Trace Format) traces

Format URIs

Libtrace input and output sources are specified using URIs which describe both the format and location of the trace, interface or device in question. Below is a definitive list of URIs for all the trace formats supported by libtrace.

Live pcap interface
pcap:<interface>
pcap trace file
pcapfile:<filename>
Live DAG capture
dag:<DAG device location e.g. /dev/dag0>
ERF trace file
erf:<filename>
Native Linux interface
int:<interface>
Native BSD BPF interface
bpf:<interface>
RT protocol
rt:<host>:<port>
Legacy ATM
legacyatm:<filename>
Legacy Ethernet
legacyeth:<filename>
Legacy Packet over Sonet
legacypos:<filename>
Live WAG capture
wag:<WAG device location e.g. /dev/wag>
WTF trace file
wtf:<filename>

URI's that include a filename usually accept '-' to represent stdin, e.g. erf:- will read ERF records from stdin.