tracesplit - split traces

       Perry Lorier <perry@cs.waikato.ac.nz>

tracesplit (libtrace)                             January 2011                                     TRACESPLIT(1)

       tracesplit splits the given input traces into multiple tracefiles

       -f bpf filter
              output only packets that match tcpdump style bpf filter

       -c count
              output count packets per output file.  The output file will be named after the basename  given  in
              the outputuri with the packet number of the first packet in this file.

       -b bytes
              output bytes bytes per file

       -i seconds
              start a new tracefile after "seconds" seconds

       -s unixtime
              don't output any packets before unixtime

       -e unixtime
              don't output any packets after unixtime

       -m maxfiles
              do not create more than "maxfiles" trace files

       -S snaplen
              Truncate packets to "snaplen" bytes long.  The default is collect the entire packet.

       -z level
              Compress  the data using the specified compression level, ranging from 0 to 9.  Higher compression
              levels tend to result in better compression but require more processing power to compress.

       -Z compression-method
              Compress the data using the specified compression algorithm. Accepted methods are "gzip", "bzip2",
              "lzo", "xz" or "none". Default value is none unless a compression level  is  specified,  in  which
              case gzip will be used.

       create a 1MB erf trace of port 80 traffic.
       tracesplit -z 1 -Z gzip -f 'port 80' -b $[ 1024 * 1024 ]
       erf:/traces/bigtrace.gz erf:/traces/port80.gz

       More      details      about      tracesplit      (and      libtrace)      can      be      found      at
       http://www.wand.net.nz/trac/libtrace/wiki/UserDocumentation

       tracesplit - split traces

libtrace(3),   tracemerge(1),   tracefilter(1),   traceconvert(1),   tracesplit_dir(1),   tracereport(1),
       tracertstats(1),   tracestats(1),   tracepktdump(1),   traceanon(1),   tracesummary(1),   tracereplay(1),
       tracediff(1), traceends(1), tracetopends(1)

tracesplit  [ -f bpf | --filter=bpf] [ -c count | --count=count] [ -b bytes | --bytes=bytes] [ -i seconds
       | --seconds=seconds] [ -s unixtime | --starttime=unixtime] [  -e  unixtime  |  --endtime=unixtime]  [  -m
       maxfiles  | --maxfiles=maxfiles] [ -S snaplen | --snaplen=snaplen] [ -z level | --compress-level=level] [
       -Z method | --compress-type=method] inputuri [inputuri ...] outputuri