tracertstats - perform simple filter based analysis on a trace

       Perry Lorier <perry@cs.waikato.ac.nz>

tracertstats (libtrace)                           November 2006                                  TRACERTSTATS(1)

       tracertstats takes a list of bpf expressions and outputs the number of packets and bytes that match  that
       expression every interval seconds, or count packets.

       -fbpf-filter--filterbpf-filter
              Add another "bpf filter"

       -iinterval--intervalinterval
              Output results every interval seconds.

       -ccount--countcount
              Output results every count packets.

       -m--merge-inputs
              Treats  all  inputs as a single input, resulting a single unified output rather than an output for
              each input. Works best with traces that are consecutive to create a single CSV, for instance.

       -oformat--output-formatformat
              Selects the output format.

              txt    Human readable text.  This is the  default  output  format  which  provides  output  easily
                     understood  by  a  human.  This format has the disadvantage that it takes up quite a bit of
                     horizontal space.

              csv    Comma Seperated Values. This is suitable for further analysis in a  spreadsheet,  or  other
                     program.

              png    PNG  Graphic.   Produces  a  fairly  incomprehensible  png graph.  This relies on gdc being
                     available at compile time.

              html   This produces output suitable for display to a human in a webbrowser.

       tracertstats --filter 'host sundown' \
            --filter 'port http' \
            --filter 'port ftp or ftp-data' \
            --filter 'port smtp' \
            --filter 'tcp[tcpflags] & tcp-syn!=0' \
            --filter 'not ip' \
            --filter 'ether[0] & 1 == 1' \
            --filter 'icmp[icmptype] == icmp-unreach' \
            --output-format html
            erf:/traces/trace1.gz \
            erf:/traces/trace2.gz

       More     details     about      tracertstats      (and      libtrace)      can      be      found      at
       http://www.wand.net.nz/trac/libtrace/wiki/UserDocumentation

       tracertstats - perform simple filter based analysis on a trace

libtrace(3),    tracemerge(1),   tracesplit(1),   tracesplit_dir(1),   tracefilter(1),   traceconvert(1),
       tracereport(1),  tracepktdump(1),   traceanon(1),   tracesummary(1),   traceconvert(1),   tracereplay(1),
       tracediff(1), traceends(1), tracetopends(1)

tracertstats  [  -f | --filter bpf ] [ -i | --interval interval ] [ -c | --count count ] [ -o | --output-
       format csv,txt,png,html ] [ -m | --merge-inputs ] inputuri...

       tracertstats -H|--libtrace-help