tracestats is a libtrace tool that provides a summary of how many bytes/packets match a series of bpf filters.

Usage

tracestats [ -f | --filter bpf ]... inputuri...

Options

-f, --filter

Specifies a bpf filter to provide statistics for

Applications

Find out how much SMTP traffic is present in a trace

tracestats -f "tcp port 25" erf:trace.erf.gz

Find out how much HTTP traffic is travelling to and from the host 'kodiak'

tracestats -f "tcp port 80 and host kodiak" erf:trace.erf.gz

Compare the amount of traffic the hosts 'yogi' and 'booboo' are doing

tracestats -f "host yogi" -f "host booboo" erf:trace.erf.gz