Man page or keyword search:   man All Sections 1 - General Commands 2 - System Calls 3 - Subroutines, Functions 4 - Special Files 5 - File Formats 6 - Games and Screensavers 7 - Macros and Conventions 8 - Maintenence Commands 9 - Kernel Interface New Commands Server 4.4BSD AIX Alpinelinux Archlinux Aros BSDOS BSDi Bifrost CentOS Cygwin Darwin Debian DigitalUNIX DragonFly ElementaryOS Fedora FreeBSD Gentoo GhostBSD HP-UX Haiku Hurd IRIX Inferno JazzOS Kali Knoppix LinuxMint MacOSX Mageia Mandriva Manjaro Minix MirBSD NeXTSTEP NetBSD OPENSTEP OSF1 OpenBSD OpenDarwin OpenIndiana OpenMandriva OpenServer OpenSuSE OpenVMS Oracle PC-BSD Peanut Pidora Plan9 QNX Raspbian RedHat Scientific Slackware SmartOS Solaris SuSE SunOS Syllable Tru64 UNIXv7 Ubuntu Ultrix UnixWare Xenix YellowDog aLinux   44335 pages apropos Keyword Search (all sections) Output format html ascii pdf view pdf save postscript

TRACE-SUMMARY(1)		 User Commands		      TRACE-SUMMARY(1)

NAME
       trace-summary - generate network traffic summaries

SYNOPSIS
       trace-summary [options] [input-file]

DESCRIPTION
       trace-summary generates break-downs of network traffic, including lists
       of the top hosts, protocols, ports, etc. Optionally,  it	 can  generate
       output  separately  for	incoming vs. outgoing traffic, per subnet, and
       per time-interval.

       Per default, it assumes the input-file to be a libpcap trace file. How‐
       ever,  if  it  is  a  Bro  connection log, use -c. If input-file is not
       given, the script reads from stdin. It writes its output to stdout.

OPTIONS
       --version
	      show program's version number and exit

       -h, --help
	      show this help message and exit

       -b, --bytes
	      count fractions in terms of bytes	 rather	 than  packets/connec‐
	      tions

       -c, --conn-summaries
	      input file contains Bro connection summaries

       --conn-version=CONN_VERSION
	      when used with -c, specify '1' for use with Bro version 1.x con‐
	      nection logs, or '2' for use with Bro 2.x format. '0'  tries  to
	      guess the format

       -C, --chema
	      for packets: include only TCP, ignore when seq==0

       -e, --external
	      ignore strictly internal traffic

       -E EXCLUDENETS, --exclude-nets=EXCLUDENETS
	      excludes CIDRs in file from analysis

       -i ILEN, --intervals=ILEN
	      create summaries for time intervals of given length (seconds, or
	      use suffix of 'h' for hours, or 'm' for minutes)

       -l LOCALNETS, --local-nets=LOCALNETS
	      differentiate in/out based on CIDRs in file

       -n TOPX, --topn=TOPX
	      show top <n>

       -p PORTS, --ports=PORTS
	      include only ports listed in file

       -P STOREPORTS, --write-ports=STOREPORTS
	      write top total/incoming/outgoing ports into file

       -r, --resolve-host-names
	      resolve host names

       -R tag, --R=tag
	      write output suitable for R into files <tag.*>

       -s FACTOR, --sample-factor=FACTOR
	      sample factor of input

       -S SAMPLE, --do-sample=SAMPLE
	      sample input with probability (0.0 < prob < 1.0)

       -m, --save-mem
	      do not make memory-expensive statistics

       -t, --tcp
	      include only TCP

       -u, --udp
	      include only UDP

       -U MINTIME, --min-time=MINTIME
	      minimum time in ISO format (e.g. 2005-12-31-23-59-00)

       -v, --verbose
	      show top-n for every interval

       -V MAXTIME, --max-time=MAXTIME
	      maximum time in ISO format

AUTHOR
       trace-summary was written by The Bro Project <info@bro.org>.

trace-summary			 November 2014		      TRACE-SUMMARY(1)

Vote for polarhome