-
Notifications
You must be signed in to change notification settings - Fork 51
traceends
Shane Alcock edited this page Dec 7, 2018
·
2 revisions
traceends summarises the traffic sent and received by all the endpoints in a trace. Output is written to stdout.
traceends
[ -f | --filter exp ]
[ -A | --address addrtype ]
[ -h | --help ]
[ -t | --threads threadcount ]
[ -S | --ignore-source ]
[ -D | --ignore-dest ]
inputuri ...
-f, --filter
Only count packets that match the bpf filter expression. See tcpdump(1) for the syntax of the bpf filter expression.
-A, --address
Specifies which address defines an endpoint - may be "mac", "v4" or "v6".
-h, --help
Print help information.
The following options were added in libtrace 4.0.6:
-t, --threads
Use threadcount threads for processing packets.
-S, --ignore-source
Ignore all source addresses.
-D, --ignore-dest
Ignore all destination addresses.
Output is written to stdout in columns separated by blank space.
The columns are (in order from left to right):
- Endpoint address
- Time endpoint was last observed
- Packets originating from the endpoint
- Bytes originating from the endpoint (IP header onwards)
- Payload originating from the endpoint (post transport header)
- Packets sent to the endpoint
- Bytes sent to the endpoint (IP header onwards)
- Payload sent to the endpoint (post transport header)
Print traffic summaries for all IPv6 addresses:
traceends -A v6 erf:trace.erf.gz
-
traceendsis only present in libtrace 3.0.12 or later. - This program will produce a LOT of output for any trace containing a lot of endpoints. In most circumstances, you generally want to use tracetopends instead which will only report the top N endpoints.
- This can be run against live interfaces or DAG cards, but no output will be displayed until the program is interrupted with CTRL-C.