tracepktdump - LibtraceTeam/libtrace GitHub Wiki

tracepktdump is a libtrace tool that can display packets in a human-readable format. It can be considered analogous to the packet parsing functionality of tcpdump, but with a more user-friendly output format.

Usage

tracepktdump [ -f exp | --filter=exp ] [ -c num | --count=num ] inputuri ...

Options

-f, --filter Output only packets that match the bpf filter expression. See the manpage for tcpdump(8) for the syntax of the bpf filter expression.

-c, --count Stop after displaying num packets.

Applications

Examine packets from a particular flow:

    tracepktdump -f "host 192.168.2.110 and host 192.168.2.112 and tcp port 25 and tcp port 5662" erf:trace.erf.gz

Details

tracepktdump uses the libpacketdump library which can parse and neatly display the contents of many common packet headers, including Ethernet, IP, TCP, UDP, ICMP and many others.

Notes

tracepktdump replaces the tracedump tool that was present in older versions of libtrace.