lunar (1) tracetopends.1.gz

Provided by: libtrace-tools_3.0.21-1ubuntu5_amd64 bug

NAME

       tracetopends - reports the endpoints that are responsible for the most traffic in a trace

SYNOPSIS

       tracetopends [ -f bpf ] [ -A addrtype ] [ -s ] [ -d ] [ -b ] [ -a ] [ -p ] [ -n topcount ]
       inputuri [inputuri ...]

DESCRIPTION

       tracetopends reports the number of bytes and packets sent  and  received  by  the  busiest
       endpoints observed in the input trace(s).

       -f bpf filter
              Output only packets that match tcpdump style bpf filter.

       -n top count
              Report the top N endpoints (defaults to 10).

       -A address type
              Specifies  how  an endpoint should be defined. Suitable options are "mac", "v4" and
              "v6" which will report endpoint stats for each observed MAC address,  IPv4  address
              and IPv6 address respectively.

       -s     Sort endpoints based on the amount of outgoing traffic (will cancel any previous -d
              option. This is on by default.

       -d     Sort endpoints based on the amount of incoming traffic (will cancel any previous -s
              option.

       -b     Sort endpoints based on the amount of IP traffic (will cancel any previous -a or -p
              options. This is on by default.

       -a     Sort endpoints based on the amount of application layer traffic  (will  cancel  any
              previous -b or -p options.

       -p     Sort  endpoints  based  on the amount of packets (will cancel any previous -b or -a
              options.

OUTPUT

       Output is written to stdout in columns separated by blank space.

       The columns are (in order):
        * Endpoint address
        * Time last observed
        * Packets originating from the endpoint
        * Bytes originating from the endpoint (IP header onwards)
        * Payload originating from the endpoint (post transport header)
        * Packets sent to the endpoint
        * Bytes sent to the endpoint (IP header onwards)
        * Payload sent to the endpoint (post transport header)

EXAMPLES

       Find the IPv4 addresses that are sending the most traffic.
       tracetopends -A v4 -b -s erf:trace.erf.gz

       More    details    about    tracetopends    (and    libtrace)    can    be    found     at
       http://www.wand.net.nz/trac/libtrace/wiki/UserDocumentation

SEE ALSO

       libtrace(3),    tracemerge(1),    tracefilter(1),    traceconvert(1),   tracesplit_dir(1),
       tracereport(1),    tracertstats(1),    tracestats(1),    tracepktdump(1),    traceanon(1),
       tracesummary(1), tracereplay(1), tracediff(1), traceends(1)

AUTHORS

       Shane Alcock <salcock@cs.waikato.ac.nz>