Provided by: libtrace-tools_3.0.21-1ubuntu3_amd64 bug


       tracertstats - perform simple filter based analysis on a trace


       tracertstats  [  -f | --filter bpf ] [ -i | --interval interval ] [ -c | --count count ] [
       -o | --output-format csv,txt,png,html ] [ -m | --merge-inputs ] inputuri...

       tracertstats -H|--libtrace-help


       tracertstats takes a list of bpf expressions and outputs the number of packets  and  bytes
       that match that expression every interval seconds, or count packets.

       -f bpf-filter
       --filter bpf-filter
              Add another "bpf filter"

       -i interval
       --interval interval
              Output results every interval seconds.

       -c count
       --count count
              Output results every count packets.

              Treats  all inputs as a single input, resulting a single unified output rather than
              an output for each input. Works best with traces that are consecutive to  create  a
              single CSV, for instance.

       -o format
       --output-format format
              Selects the output format.

              txt    Human  readable  text.   This  is  the  default output format which provides
                     output easily understood by a human.  This format has the disadvantage  that
                     it takes up quite a bit of horizontal space.

              csv    Comma  Seperated  Values.  This  is  suitable  for  further  analysis  in  a
                     spreadsheet, or other program.

              png    PNG Graphic.  Produces a fairly incomprehensible png graph.  This relies  on
                     gdc being available at compile time.

              html   This produces output suitable for display to a human in a webbrowser.


       tracertstats --filter 'host sundown' \
            --filter 'port http' \
            --filter 'port ftp or ftp-data' \
            --filter 'port smtp' \
            --filter 'tcp[tcpflags] & tcp-syn!=0' \
            --filter 'not ip' \
            --filter 'ether[0] & 1 == 1' \
            --filter 'icmp[icmptype] == icmp-unreach' \
            --output-format html
            erf:/traces/trace1.gz \


       More     details    about    tracertstats    (and    libtrace)    can    be    found    at


       libtrace(3),    tracemerge(1),    tracesplit(1),    tracesplit_dir(1),     tracefilter(1),
       traceconvert(1),    tracereport(1),    tracepktdump(1),   traceanon(1),   tracesummary(1),
       traceconvert(1), tracereplay(1), tracediff(1), traceends(1), tracetopends(1)


       Perry Lorier <>