| | 1 | {{{tracestats}}} is a libtrace tool that provides a summary of how many bytes/packets match a series of bpf filters. |
| | 2 | |
| | 3 | === Usage === |
| | 4 | {{{tracestats [ -f | --filter bpf ]... inputuri...}}} |
| | 5 | |
| | 6 | === Options === |
| | 7 | {{{-f, --filter}}}:: |
| | 8 | Specifies a bpf filter to provide statistics for |
| | 9 | |
| | 10 | === Applications === |
| | 11 | ==== Find out how much SMTP traffic is present in a trace ==== |
| | 12 | {{{ |
| | 13 | tracestats -f "tcp port 25" erf:trace.erf.gz |
| | 14 | }}} |
| | 15 | |
| | 16 | ==== Find out how much HTTP traffic is travelling to and from the host 'kodiak' ==== |
| | 17 | {{{ |
| | 18 | tracestats -f "tcp port 80 and host kodiak" erf:trace.erf.gz |
| | 19 | }}} |
| | 20 | |
| | 21 | ==== Compare the amount of traffic the hosts 'yogi' and 'booboo' are doing ==== |
| | 22 | {{{ |
| | 23 | tracestats -f "host yogi" -f "host booboo" erf:trace.erf.gz |
| | 24 | }}} |
