tracesummary - LibtraceTeam/libtrace GitHub Wiki

tracesummary is a libtrace tool that provides some general statistics about a trace.

Usage

tracesummary inputuri ...

Applications

Summarise the properties of a trace:

    tracesummary erf:trace.erf.gz

Output

The following filters are applied to the trace:

• Not IPv4 or IPv6
• IPv6
• IPv4
• TCP
• UDP
• ICMP
• Not TCP, UDP or ICMP
• HTTP and HTTPS
• SMTP
• POP3 and POP3S
• IMAP and IMAPS
• Port Domain
• ICMP Echo-Reply

For each filter, a packet and byte count will be displayed along with the overall percentage of packets that matched the filter.

Notes

• Because tracesummary is a wrapper around tracestats, it is subject to the same limitations. See the tracestats page for more details.
• If your trace contains VLAN headers, many of these filters will not work as expected due to BPF requiring an explicit "vlan" filter string.