DragonFly On-Line Manual Pages

Search: Section:  

TRACE-SUMMARY(1)                 User Commands                TRACE-SUMMARY(1)


NAME

       trace-summary - generate network traffic summaries


SYNOPSIS

       trace-summary [options] [input-file]


DESCRIPTION

       trace-summary generates break-downs of network traffic, including lists
       of the top hosts, protocols, ports, etc. Optionally, it can generate
       output separately for incoming vs. outgoing traffic, per subnet, and
       per time-interval.

       Per default, it assumes the input-file to be a libpcap trace file.
       However, if it is a Bro connection log, use -c. If input-file is not
       given, the script reads from stdin. It writes its output to stdout.


OPTIONS

       --version
              show program's version number and exit

       -h, --help
              show this help message and exit

       -b, --bytes
              count fractions in terms of bytes rather than
              packets/connections

       -c, --conn-summaries
              input file contains Bro connection summaries

       --conn-version=CONN_VERSION
              when used with -c, specify '1' for use with Bro version 1.x
              connection logs, or '2' for use with Bro 2.x format. '0' tries
              to guess the format

       -C, --chema
              for packets: include only TCP, ignore when seq==0

       -e, --external
              ignore strictly internal traffic

       -E EXCLUDENETS, --exclude-nets=EXCLUDENETS
              excludes CIDRs in file from analysis

       -i ILEN, --intervals=ILEN
              create summaries for time intervals of given length (seconds, or
              use suffix of 'h' for hours, or 'm' for minutes)

       -l LOCALNETS, --local-nets=LOCALNETS
              differentiate in/out based on CIDRs in file

       -n TOPX, --topn=TOPX
              show top <n>

       -p PORTS, --ports=PORTS
              include only ports listed in file

       -P STOREPORTS, --write-ports=STOREPORTS
              write top total/incoming/outgoing ports into file

       -r, --resolve-host-names
              resolve host names

       -R tag, --R=tag
              write output suitable for R into files <tag.*>

       -s FACTOR, --sample-factor=FACTOR
              sample factor of input

       -S SAMPLE, --do-sample=SAMPLE
              sample input with probability (0.0 < prob < 1.0)

       -m, --save-mem
              do not make memory-expensive statistics

       -t, --tcp
              include only TCP

       -u, --udp
              include only UDP

       -U MINTIME, --min-time=MINTIME
              minimum time in ISO format (e.g. 2005-12-31-23-59-00)

       -v, --verbose
              show top-n for every interval

       -V MAXTIME, --max-time=MAXTIME
              maximum time in ISO format


AUTHOR

       trace-summary was written by The Bro Project <info@bro.org>.

trace-summary                    November 2014                TRACE-SUMMARY(1)

Search: Section: