| Version 2 (modified by spa1, 14 years ago) (diff) |
|---|
tracestats is a libtrace tool that provides a summary of how many bytes/packets match a series of bpf filters.
Usage
tracestats [ -f | --filter bpf ]... inputuri...
Options
- -f, --filter
- Specifies a bpf filter to provide statistics for
Applications
Find out how much SMTP traffic is present in a trace
tracestats -f "tcp port 25" erf:trace.erf.gz
Find out how much HTTP traffic is travelling to and from the host 'kodiak'
tracestats -f "tcp port 80 and host kodiak" erf:trace.erf.gz
Compare the amount of traffic the hosts 'yogi' and 'booboo' are doing
tracestats -f "host yogi" -f "host booboo" erf:trace.erf.gz
Notes
- tracestats only produces stats across the entire trace. If you want to see stats at regular intervals, use tracertstats instead.
- Because tracestats reads the entire trace before printing results, it is not very useful for live capture formats that have no logical end e.g. int:, pcapint:. We hope to correct this in a future release of libtrace. In the interim, tracertstats will prove to be more useful for those formats.
- tracesummary is a tool that runs tracestats with a number of useful filters which may be more useful to people who want some general statistics about a trace without having to write lots of bpf filters.
