SYNOPSIS

tracestats [ -f | --filter bpf ]... inputuri...

DESCRPTION

tracestats reads one or more traces and outputs summaries for each trace of how many packets/bytes match each bpf filter, as well as totals. If instead of doing this for the entire trace, but to do it for portions then use tracertstats(1) instead.

-f bpf-filter

--filter bpf-filter Add another bpf filter

EXAMPLES

tracestats --filter 'host sundown' \
        --filter 'port http' \
        --filter 'port ftp or ftp-data' \
        --filter 'port smtp' \
        --filter 'tcp[tcpflags] & tcp-syn!=0' \
        --filter 'not ip' \
        --filter 'ether[0] & 1 == 1' \
        --filter 'icmp[icmptype] == icmp-unreach' \
        erf:/traces/trace1.gz \
        erf:/traces/trace2.gz \

LINKS

More details about tracestats (and libtrace) can be found at http://www.wand.net.nz/trac/libtrace/wiki/UserDocumentation

AUTHORS

Perry Lorier <[email protected]>