Skip site navigation (1)Skip section navigation (2)

FreeBSD Manual Pages


home | help
TRACE-SUMMARY(1)		 User Commands		      TRACE-SUMMARY(1)

       trace-summary - generate	network	traffic	summaries

       trace-summary [options] [input-file]

       trace-summary generates break-downs of network traffic, including lists
       of the top hosts, protocols, ports, etc.	Optionally,  it	 can  generate
       output  separately  for	incoming vs. outgoing traffic, per subnet, and
       per time-interval.

       Per default, it assumes the input-file to be a libpcap trace file. How-
       ever,  if  it  is  a  Zeek connection log, use -c. If input-file	is not
       given, the script reads from stdin. It writes its output	to stdout.

	      show program's version number and	exit

       -h, --help
	      show this	help message and exit

       -b, --bytes
	      count fractions in terms of bytes	 rather	 than  packets/connec-

       -c, --conn-summaries
	      input file contains Zeek connection summaries

	      when used	with -c, specify '1' for use with Bro version 1.x con-
	      nection logs, or '2' for use with	Bro 2.x	format.	'0'  tries  to
	      guess the	format

       -C, --chema
	      for packets: include only	TCP, ignore when seq==0

       -e, --external
	      ignore strictly internal traffic

       -E EXCLUDENETS, --exclude-nets=EXCLUDENETS
	      excludes CIDRs in	file from analysis

       -i ILEN,	--intervals=ILEN
	      create summaries for time	intervals of given length (seconds, or
	      use suffix of 'h'	for hours, or 'm' for minutes)

       -l LOCALNETS, --local-nets=LOCALNETS
	      differentiate in/out based on CIDRs in file

       -n TOPX,	--topn=TOPX
	      show top <n>

       -p PORTS, --ports=PORTS
	      include only ports listed	in file

       -P STOREPORTS, --write-ports=STOREPORTS
	      write top	total/incoming/outgoing	ports into file

       -r, --resolve-host-names
	      resolve host names

       -R tag, --R=tag
	      write output suitable for	R into files <tag.*>

       -s FACTOR, --sample-factor=FACTOR
	      sample factor of input

       -S SAMPLE, --do-sample=SAMPLE
	      sample input with	probability (0.0 < prob	< 1.0)

       -m, --save-mem
	      do not make memory-expensive statistics

       -t, --tcp
	      include only TCP

       -u, --udp
	      include only UDP

       -U MINTIME, --min-time=MINTIME
	      minimum time in ISO format (e.g. 2005-12-31-23-59-00)

       -v, --verbose
	      show top-n for every interval

       -V MAXTIME, --max-time=MAXTIME
	      maximum time in ISO format

       trace-summary was written by The	Zeek Project <>.

trace-summary			 November 2014		      TRACE-SUMMARY(1)


Want to link to this manual page? Use this URL:

home | help