Man page - trace-summary(1)

Packages contains this manual

Package:  trace-summary
apt-get install trace-summary

Manuals in package:
• trace-summary(1)
Documentations in package:
• trace-summary

Manual

TRACE-SUMMARY

NAME
SYNOPSIS
DESCRIPTION
OPTIONS
AUTHOR

---

NAME

trace-summary - generate network traffic summaries

SYNOPSIS

trace-summary [ options ] <pcap-file>|<conn-summaries>

DESCRIPTION

This manual page documents briefly the trace-summary program.

trace-summary is a Python script that generates break-downs of network traffic, including lists of the top hosts, protocols, ports, etc. Optionally, it can generate output separately for incoming vs. outgoing traffic, per subnet, and per time-interval.

Per default, it assumes the input-file to be a libpcap trace file. If it is a Bro connection log, use -c . If input-file is not given, the script reads from stdin. It writes its output to stdout.

OPTIONS

--version

show program’s version number and exit

-h , --help

show this help message and exit

-b , --bytes

count fractions in terms of bytes rather than packets/connections

-c , --conn-summaries

input file contains Bro connection summaries

--conn-version = CONN_VERSION

when used with -c , specify ’1’ for use with Bro version 1.x connection logs, or ’2’ for use with Bro 2.x format. ’0’ tries to guess the format

-C , --chema

for packets: include only TCP, ignore when seq==0

-e , --external

ignore strictly internal traffic

-E EXCLUDENETS, --exclude-nets = EXCLUDENETS

excludes CIDRs in file from analysis

-i ILEN, --intervals = ILEN

create summaries for time intervals of given length

-l LOCALNETS, --local-nets = LOCALNETS

differentiate in/out based on CIDRs in file

-n TOPX, --topn = TOPX

show top <n>

-p PORTS, --ports = PORTS

include only ports listed in file

-P STOREPORTS, --write-ports = STOREPORTS

write top total/incoming/outgoing ports into files

-r , --resolve-host-names

resolve host names

-R tag, --R = tag

write output suitable for R into files <tag.*>

-s FACTOR, --sample-factor = FACTOR

sample factor of input

-S SAMPLE, --do-sample = SAMPLE

sample input with probability (0.0 < prob < 1.0)

-m , --save-mem

do not make memory-expensive statistics

-t , --tcp

include only TCP

-u , --udp

include only UDP

-U MINTIME, --min-time = MINTIME

minimum time in ISO format (e.g. 2005-12-31-23-59-00)

-v , --verbose

show top-n for every interval

-V MAXTIME, --max-time = MAXTIME

maximum time in ISO format

AUTHOR

trace-summary was written by The Bro Project <info@bro.org>.

This manual page was written by Raúl Benencia <rul@kalgan.cc> for the Debian project (but may be used by others).

---