Skip site navigation (1)Skip section navigation (2)

FreeBSD Manual Pages

  
 
  

home | help
tcptrace(1)		    General Commands Manual		   tcptrace(1)

NAME
       tcptrace	- a TCP	connection analysis tool

SYNOPSIS
       tcptrace	[options] filename

DESCRIPTION
       tcptrace	 takes	a  tcpdump file	specified on the command line (or from
       standard	input) and produces a summarization of the connections.

OPTIONS
       Output format options

       -b   brief output format

       -l   long output	format

       -r   print rtt statistics (slower for large files)

       -W   report on estimated	congestion window (not generally useful)

       -q   no output (if you just want	modules	output)

       Graphing	options

       -T   create throughput graph[s],	(average over 10 segments, see -A)

       -R   create rtt sample graph[s]

       -S   create time	sequence graph[s]

       -N   create owin	graph[s] (_o_utstanding	data on	_N_etwork)

       -F   create segsize graph[s]

       -G   create ALL graphs

       Output format detail options

       -D   print in decimal

       -X   print in hexadecimal

       -n   don't resolve host or service names	(much faster)

       -s   use	short names (list "picard.cs.ohiou.edu"	as just	"picard")

       Connection filtering options

       -iN  ignore connection N	(can use multiple times)

       -oN[-M]
	    only connection N (or N through M).	 Arg can be used  many	times.
	    In N is a file rather than a number, read list from	file instead.

       -c   ignore non-complete	connections (didn't see	syn's and fin's)

       -BN  first segment number to analyze (default 1)

       -EN  last segment number	to analyze (default last in file)

       Graphing	detail options

       -C   produce color plot[s]

       -M   produce monochrome (b/w) plot[s]

       -AN  Average N segments for throughput graphs, default is 10

       -z   zero axis options:

       -z   plot  time	axis from 0 rather than	wall clock time	(backward com-
	    pat)

       -zx  plot time axis from	0 rather than wall clock time

       -zy  plot sequence numbers from 0 (time sequence	graphs only)

       -zxy plot both axes from	0

       -y   omit the (yellow) instantaneous throughput points in tput graph

       Misc options

       -Z   dump raw rtt sample	times to file[s]

       -p   print all packet contents (can be very long)

       -P   print packet contents for selected connections

       -t   'tick' off the packet numbers as a progress	indication

       -v   print version information and exit

       -w   print various warning messages

       -d   whistle while you work (enable debug, use -d -d for	more output)

       -e   extract contents of	each TCP stream	into file

       -h   print help messages

       -u   print minimal UDP information too

       -Ofile
	    dump matched packets to tcpdump file 'file'

       +[v] reverse the	setting	of the -[v] flag (for booleans)

       Extended	boolean	options	(unambiguous prefixes also work)

       --showsacks
	    show SACK blocks on	time sequence graphs (default)

       --noshowsacks
	    DON'T show SACK blocks on time sequence graphs

       --showrexmit
	    mark retransmits on	time sequence graphs (default)

       --noshowrexmit
	    DON'T mark retransmits on time sequence graphs

       --showoutorder
	    mark out-of-order on time sequence graphs (default)

       --noshowoutorder
	    DON'T mark out-of-order on time sequence graphs

       --showzerowindow
	    mark zero windows on time sequence graphs (default)

       --noshowzerowindow
	    DON'T mark zero windows on time sequence graphs

       --showurg
	    mark packets with URGENT bit set on	the time sequence graphs  (de-
	    fault)

       --noshowurg
	    DON'T mark packets with URGENT bit set on the time sequence	graphs

       --showrttdongles
	    mark non-RTT-generating ACKs with special symbols

       --noshowrttdongles
	    DON'T mark non-RTT-generating ACKs with special symbols (default)

       --showdupack3
	    mark triple	dupacks	on time	sequence graphs	(default)

       --noshowdupack3
	    DON'T mark triple dupacks on time sequence graphs

       --showzerolensegs
	    show zero length packets on	time sequence graphs (default)

       --noshowzerolensegs
	    DON'T show zero length packets on time sequence graphs

       --showzwndprobes
	    show zero window probe packets on time sequence graphs (default)

       --noshowzwndprobes
	    DON'T show zero window probe packets on time sequence graphs

       --showtitle
	    show title on the graphs (default)

       --noshowtitle
	    DON'T show title on	the graphs

       --res_addr
	    resolve IP addresses into names (may be slow) (default)

       --nores_addr
	    DON'T resolve IP addresses into names (may be slow)

       --res_port
	    resolve port numbers into names (default)

       --nores_port
	    DON'T resolve port numbers into names

       --checksum
	    verify IP and TCP checksums

       --nochecksum
	    DON'T verify IP and	TCP checksums (default)

       --dupack3_data
	    count a duplicate ACK carrying data	as a triple dupack

       --nodupack3_data
	    DON'T  count a duplicate ACK carrying data as a triple dupack (de-
	    fault)

       --check_hwdups
	    check for 'hardware' dups (default)

       --nocheck_hwdups
	    DON'T check	for 'hardware' dups

       --warn_ooo
	    print warnings when	packets	timestamps are out of order

       --nowarn_ooo
	    DON'T print	warnings when packets timestamps are out of order (de-
	    fault)

       --warn_printtrunc
	    print warnings when	packets	are too	short to analyze

       --nowarn_printtrunc
	    DON'T  print  warnings  when packets are too short to analyze (de-
	    fault)

       --warn_printbadmbz
	    print warnings when	MustBeZero TCP fields are NOT 0

       --nowarn_printbadmbz
	    DON'T print	warnings when MustBeZero TCP fields  are  NOT  0  (de-
	    fault)

       --warn_printhwdups
	    print warnings for hardware	duplicates

       --nowarn_printhwdups
	    DON'T print	warnings for hardware duplicates (default)

       --warn_printbadcsum
	    print warnings when	packets	with bad checksums

       --nowarn_printbadcsum
	    DON'T print	warnings when packets with bad checksums (default)

       --warn_printbad_syn_fin_seq
	    print warnings when	SYNs or	FINs rexmitted with different sequence
	    numbers

       --nowarn_printbad_syn_fin_seq
	    DON'T print	warnings when SYNs or FINs  rexmitted  with  different
	    sequence numbers (default)

       --dump_packet_data
	    print all packets AND dump the TCP/UDP data

       --nodump_packet_data
	    DON'T print	all packets AND	dump the TCP/UDP data (default)

       --continuous
	    run	continuously and don't provide a summary

       --nocontinuous
	    DON'T run continuously and don't provide a summary (default)

       --print_seq_zero
	    print sequence numbers as offset from initial sequence number

       --noprint_seq_zero
	    DON'T  print sequence numbers as offset from initial sequence num-
	    ber	(default)

       --limit_conn_num
	    limit the maximum number of	connections kept at a  time  in	 real-
	    time mode

       --nolimit_conn_num
	    DON'T  limit  the  maximum number of connections kept at a time in
	    real-time mode (default)

       --xplot_all_files
	    display all	generated xplot	files at the end

       --noxplot_all_files
	    DON'T display all generated	xplot files at the end (default)

       --ns_hdrs
	    assume that	ns has the useHeaders_flag true	(uses IP+TCP  headers)
	    (default)

       --nons_hdrs
	    DON'T  assume  that	 ns  has the useHeaders_flag true (uses	IP+TCP
	    headers)

       --csv
	    display the	long output as comma separated values

       --nocsv
	    DON'T display the long output as comma separated values (default)

       --tsv
	    display the	long output as tab separated values

       --notsv
	    DON'T display the long output as tab separated values (default)

       Extended	variable options (unambiguous prefixes also work)

       --output_dir=``STR''
	    directory where all	output files are placed	(default: '<NULL>')

       --output_prefix=``STR''
	    prefix all output files with this string (default: '<NULL>')

       --xplot_title_prefix=``STR''
	    prefix to place  in	 the  titles  of  all  xplot  files  (default:
	    '<NULL>')

       --update_interval=``STR''
	    time interval for updates in real-time mode	(default: '<NULL>')

       --max_conn_num=``STR''
	    maximum  number of connections to keep at a	time in	real-time mode
	    (default: '<NULL>')

       --remove_live_conn_interval=``STR''
	    idle time after which an open connection is	removed	 in  real-time
	    mode (default: '<NULL>')

       --remove_closed_conn_interval=``STR''
	    time  interval after which a closed	connection is removed in real-
	    time mode (default:	'<NULL>')

       --xplot_args=``STR''
	    arguments to pass to xplot,	if we are calling xplot	from here (de-
	    fault: '<NULL>')

       --sv=``STR''
	    separator  to use for long output with <STR>-separated-values (de-
	    fault: '<NULL>')

       Included	Modules

	 http		  Http analysis	package

	 tcplib		  TCPLib analysis package

	 traffic	  traffic analysis package

	 slice		  traffic efficiency data by time slices

	 rttgraph	  round	trip time analysis graphs

	 collie		  connection summary package

	 realtime	  example real-time package

       For module-specific options, please use `tcptrace -hxargs`

       Filter Variables:

       Please use 'tcptrace -hfilter' for the complete listing of filter vari-
       ables.

       Filter Syntax:

       Please use 'tcptrace -hfilter' for filter syntax.

ENVIRONMENT
       Options	are first read from the	file $HOME/.tcptracerc (if it exists),
       and then	from the environment variable TCPTRACEOPTS (if it exists), and
       finally from the	command	line.

AUTHOR
       Shawn Ostermann (ostermann@cs.ohiou.edu)

CREDITS
       Thanks  to  Mark	Foster (mafoster@george.arc.nasa.gov) for writing this
       manual page. Thanks to Avinash Lakhiani (alakhian@irg.cs.ohiou.edu) for
       updating	it.

FILES
       Dump File Names
       Trailing	 (unrecognized)	 arguments  are	 taken to be one or more file-
       names.  The files can be	compressed, see	compress.h for	configuration.
       If  the	dump  file  name  is 'stdin', then we read from	standard input
       rather than from	a file.

SEE ALSO
       xplot   an interactive tool for examining .xpl  files  output  by  tcp-
	       trace.

       jPlot   a Java version of xplot.

				  14 Oct 2002			   tcptrace(1)

NAME | SYNOPSIS | DESCRIPTION | OPTIONS | ENVIRONMENT | AUTHOR | CREDITS | FILES | SEE ALSO

Want to link to this manual page? Use this URL:
<https://www.freebsd.org/cgi/man.cgi?query=tcptrace&sektion=1&manpath=FreeBSD+12.1-RELEASE+and+Ports>

home | help