tracepktdump is a libtrace tool that can display packets in a readable format.

Usage

tracepktdump [ -f exp | --filter=exp ] [ -c num | --count=num ] inputuri ...

Options

-f, --filter

Output only packets that match the bpf filter expression. See tcpdump(1) for the syntax of the bpf filter expression

-c, --count

Stop after displaying num packets

Applications

Examine packets from a particular flow

tracepktdump -f "host 192.168.2.110 and host 192.168.2.112 and tcp port 25 and tcp port 5662" erf:trace.erf.gz

Details

tracepktdump uses the libpacketdump library which can parse and neatly display the contents of many common packet headers, including Ethernet, IP, TCP, UDP, ICMP and many others.

Notes

tracepktdump replaces the tracedump tool that was present in older versions of libtrace.