wiki:TraceFilter

tracefilter copies all packets that match a user-specified bpf filter to an output trace, creating a new filtered sub-trace.

Usage

tracefilter inputuri bpffilter outputuri

Applications

Capturing a trace file using a filter

tracefilter int:eth0 "tcp port 80" erf:http_only.erf.gz

Filtering an existing trace

tracefilter erf:trace.erf.gz "host 192.168.2.110" erf:single_host.erf.gz

Notes

  • tracefilter does not support setting the compression level or method. It will always write gzip level 1 compressed output.
  • tracefilter is a limited version of tracesplit. If you require more flexibility in your filtering, tracesplit may prove to be a better option.
Last modified 10 years ago Last modified on 07/28/10 13:30:34