traceends summarises the traffic sent and received by all the endpoints in a trace. Output is written to stdout. (Only in version 3.0.12 and later)

Usage

traceends
        [ -f | --filter exp ]
        [ -A | --address addrtype ]
        [ -h | --help ]
        inputuri ...

Options

-f, --filter

Only count packets that match the bpf filter expression. See tcpdump(1) for the syntax of the bpf filter expression.

-A, --address

Specifies which address defines an endpoint - may be "mac", "v4" or "v6".

-h, --help

Print help information.

Output

Output is written to stdout in columns separated by blank space.

The columns are (in order from left to right):

• Endpoint address
• Time endpoint was last observed
• Packets originating from the endpoint
• Bytes originating from the endpoint (IP header onwards)
• Payload originating from the endpoint (post transport header)
• Packets sent to the endpoint
• Bytes sent to the endpoint (IP header onwards)
• Payload sent to the endpoint (post transport header)

Applications

Print traffic summaries for all IPv6 addresses

traceends -A v6 erf:trace.erf.gz

Notes

• This program will produce a LOT of output for any trace containing a lot of endpoints. In most circumstances, you generally want to use tracetopends instead which will only report the top N endpoints.
• This can be run against live interfaces or DAG cards, but no output will be displayed until the program is interrupted with CTRL-C.