GSP
Quick Navigator

Search Site

Unix VPS
A - Starter
B - Basic
C - Preferred
D - Commercial
MPS - Dedicated
Previous VPSs
* Sign Up! *

Support
Contact Us
Online Help
Handbooks
Domain Status
Man Pages

FAQ
Virtual Servers
Pricing
Billing
Technical

Network
Facilities
Connectivity
Topology Map

Miscellaneous
Server Agreement
Year 2038
Credits
 

USA Flag

 

 

Man Pages
TRACESPLIT(1) User Commands TRACESPLIT(1)

tracesplit - split traces

tracesplit [ -f bpf | --filter=bpf] [ -c count | --count=count] [ -b bytes | --bytes=bytes] [ -i seconds | --seconds=seconds] [ -s unixtime | --starttime=unixtime] [ -e unixtime | --endtime=unixtime] [ -m maxfiles | --maxfiles=maxfiles] [ -S snaplen | --snaplen=snaplen] [ -z level | --compress-level=level] [ -Z method | --compress-type=method] inputuri [inputuri ...] outputuri

tracesplit splits the given input traces into multiple tracefiles
-f bpf filter
output only packets that match tcpdump style bpf filter

-c count
output count packets per output file. The output file will be named after the basename given in the outputuri with the packet number of the first packet in this file.

-b bytes
output bytes bytes per file

-i seconds
start a new tracefile after "seconds" seconds

-s unixtime
don't output any packets before unixtime

-e unixtime
don't output any packets after unixtime

-m maxfiles
do not create more than "maxfiles" trace files

-S snaplen
Truncate packets to "snaplen" bytes long. The default is collect the entire packet.

-z level
Compress the data using the specified compression level, ranging from 0 to 9. Higher compression levels tend to result in better compression but require more processing power to compress.

-Z compression-method
Compress the data using the specified compression algorithm. Accepted methods are "gzip", "bzip2", "lzo" or "none". Default value is none unless a compression level is specified, in which case gzip will be used.

create a 1MB erf trace of port 80 traffic.
tracesplit -z 1 -Z gzip -f 'port 80' -b $[ 1024 * 1024 ] 
erf:/traces/bigtrace.gz erf:/traces/port80.gz 

More details about tracesplit (and libtrace) can be found at http://www.wand.net.nz/trac/libtrace/wiki/UserDocumentation

libtrace(3), tracemerge(1), tracefilter(1), traceconvert(1), tracesplit_dir(1), tracereport(1), tracertstats(1), tracestats(1), tracepktdump(1), traceanon(1), tracesummary(1), tracereplay(1), tracediff(1), traceends(1), tracetopends(1)

Perry Lorier <perry@cs.waikato.ac.nz>
January 2011 tracesplit (libtrace)

Search for    or go to Top of page |  Section 1 |  Main Index

Powered by GSP Visit the GSP FreeBSD Man Page Interface.
Output converted with ManDoc.