Provided by: trace-summary_0.93-1_all bug

NAME

       trace-summary - generate network traffic summaries

SYNOPSIS

       trace-summary [options] <pcap-file>|<conn-summaries>

DESCRIPTION

       This manual page documents briefly the trace-summary program.

       trace-summary  is a Python script that generates break-downs of network traffic, including
       lists of the top  hosts,  protocols,  ports,  etc.  Optionally,  it  can  generate  output
       separately for incoming vs. outgoing traffic, per subnet, and per time-interval.

       Per  default,  it  assumes  the  input-file  to  be  a  libpcap trace file. If it is a Bro
       connection log, use -c. If input-file is not given, the script reads from stdin. It writes
       its output to stdout.

OPTIONS

       --version
              show program's version number and exit

       -h, --help
              show this help message and exit

       -b, --bytes
              count fractions in terms of bytes rather than packets/connections

       -c, --conn-summaries
              input file contains Bro connection summaries

       --conn-version=CONN_VERSION
              when used with -c, specify '1' for use with Bro version 1.x connection logs, or '2'
              for use with Bro 2.x format. '0' tries to guess the format

       -C, --chema
              for packets: include only TCP, ignore when seq==0

       -e, --external
              ignore strictly internal traffic

       -E EXCLUDENETS, --exclude-nets=EXCLUDENETS
              excludes CIDRs in file from analysis

       -i ILEN, --intervals=ILEN
              create summaries for time intervals of given length

       -l LOCALNETS, --local-nets=LOCALNETS
              differentiate in/out based on CIDRs in file

       -n TOPX, --topn=TOPX
              show top <n>

       -p PORTS, --ports=PORTS
              include only ports listed in file

       -P STOREPORTS, --write-ports=STOREPORTS
              write top total/incoming/outgoing ports into files

       -r, --resolve-host-names
              resolve host names

       -R tag, --R=tag
              write output suitable for R into files <tag.*>

       -s FACTOR, --sample-factor=FACTOR
              sample factor of input

       -S SAMPLE, --do-sample=SAMPLE
              sample input with probability (0.0 < prob < 1.0)

       -m, --save-mem
              do not make memory-expensive statistics

       -t, --tcp
              include only TCP

       -u, --udp
              include only UDP

       -U MINTIME, --min-time=MINTIME
              minimum time in ISO format (e.g. 2005-12-31-23-59-00)

       -v, --verbose
              show top-n for every interval

       -V MAXTIME, --max-time=MAXTIME
              maximum time in ISO format

AUTHOR

       trace-summary was written by The Bro Project <info@bro.org>.

       This manual page was written by Raúl Benencia <rul@kalgan.cc> for the Debian project  (but
       may be used by others).