NAME

     sc_ttlexp — dump source addresses from ICMP TTL expired messages in warts files

SYNOPSIS

     sc_ttlexp [-O options] [file ...]

DESCRIPTION

     The sc_ttlexp utility provides a dump of source IP addresses contained trace and tracelb
     records in warts(5) files.

     The options are as follows:

     -?      prints a list of command line options and a synopsis of each.

     -O option
             allows the behavior of sc_ttlexp to be further tailored.  The current choices for
             this option are:
               -  nodst: do not dump source address of a TTL expired message if it matches the
                  destination address probed.
               -  noreserved: do not dump source address of a TTL expired message if the address
                  is a reserved address.

EXAMPLES

     Given two warts(5) files named file1.warts and file2.warts, the following dumps all source
     addresses that sent TTL expired messages:

           sc_ttlexp file1.warts file2.warts

     Given a compressed warts file named file3.warts.bz2, the following dumps all source
     addresses that sent TTL expired messages, skipping those that were only observed in TTL
     expired messages from the destination probed:

           bzcat file3.warts.bz2 | sc_ttlexp -O nodst

SEE ALSO

     scamper(1), sc_wartsdump(1), sc_warts2json(1),

     M. Luckie, Scamper: a Scalable and Extensible Packet Prober for Active Measurement of the
     Internet, Proc. ACM/SIGCOMM Internet Measurement Conference 2010.

AUTHOR

     sc_ttlexp was written by Matthew Luckie <mjl@luckie.org.nz>.