|
Unix VPS
Support
FAQ
Network
Miscellaneous
|
| TRACE-SUMMARY(1) | User Commands | TRACE-SUMMARY(1) |
NAME
trace-summary - generate network traffic summaries
SYNOPSIS
trace-summary [options] [input-file]
DESCRIPTION
trace-summary generates break-downs of network traffic, including lists of the top hosts, protocols, ports, etc. Optionally, it can generate output separately for incoming vs. outgoing traffic, per subnet, and per time-interval.
Per default, it assumes the input-file to be a libpcap trace file. However, if it is a Zeek connection log, use -c. If input-file is not given, the script reads from stdin. It writes its output to stdout.
OPTIONS
- --version
- show program's version number and exit
- -h, --help
- show this help message and exit
- -b, --bytes
- count fractions in terms of bytes rather than packets/connections
- -c, --conn-summaries
- input file contains Zeek connection summaries
- --conn-version=CONN_VERSION
- when used with -c, specify '1' for use with Bro version 1.x connection logs, or '2' for use with Bro 2.x format. '0' tries to guess the format
- -C, --chema
- for packets: include only TCP, ignore when seq==0
- -e, --external
- ignore strictly internal traffic
- -E EXCLUDENETS, --exclude-nets=EXCLUDENETS
- excludes CIDRs in file from analysis
- -i ILEN, --intervals=ILEN
- create summaries for time intervals of given length (seconds, or use suffix of 'h' for hours, or 'm' for minutes)
- -l LOCALNETS, --local-nets=LOCALNETS
- differentiate in/out based on CIDRs in file
- -n TOPX, --topn=TOPX
- show top <n>
- -p PORTS, --ports=PORTS
- include only ports listed in file
- -P STOREPORTS, --write-ports=STOREPORTS
- write top total/incoming/outgoing ports into file
- -r, --resolve-host-names
- resolve host names
- -R tag, --R=tag
- write output suitable for R into files <tag.*>
- -s FACTOR, --sample-factor=FACTOR
- sample factor of input
- -S SAMPLE, --do-sample=SAMPLE
- sample input with probability (0.0 < prob < 1.0)
- -m, --save-mem
- do not make memory-expensive statistics
- -t, --tcp
- include only TCP
- -u, --udp
- include only UDP
- -U MINTIME, --min-time=MINTIME
- minimum time in ISO format (e.g. 2005-12-31-23-59-00)
- -v, --verbose
- show top-n for every interval
- -V MAXTIME, --max-time=MAXTIME
- maximum time in ISO format
AUTHOR
trace-summary was written by The Zeek Project <info@zeek.org>.
| November 2014 | trace-summary |
Visit the GSP FreeBSD Man Page Interface.
Output converted with ManDoc.