wiki:TraceDump

Version 2 (modified by spa1, 14 years ago) (diff)

--

tracedump is a libtrace tool that can display packets in a readable format.

Usage

tracedump [ -f exp | --filter=exp ] [ -c num | --count=num ] inputuri ...

Options

-f, --filter
Output only packets that match the bpf filter expression. See tcpdump(1) for the syntax of the bpf filter expression
-c, --count
Stop after displaying num packets

Applications

Examine packets from a particular flow

tracedump -f "host 192.168.2.110 and host 192.168.2.112 and tcp port 25 and tcp port 5662" erf:trace.erf.gz

Details

tracedump uses the libpacketdump library which can parse and neatly display the contents of many common packet headers, including Ethernet, IP, TCP, UDP, ICMP and many others.