manpagez: man pages & more
man trace-summary(1)
Home | html | info | man
trace-summary(1)                 User Commands                trace-summary(1)




NAME

       trace-summary - generate network traffic summaries


SYNOPSIS

       trace-summary [options] [input-file]


DESCRIPTION

       trace-summary generates break-downs of network traffic, including lists
       of the top hosts, protocols, ports, etc. Optionally,  it  can  generate
       output  separately  for  incoming vs. outgoing traffic, per subnet, and
       per time-interval.

       Per default, it assumes the input-file to be a libpcap trace file. How-
       ever,  if  it  is  a  Zeek connection log, use -c. If input-file is not
       given, the script reads from stdin. It writes its output to stdout.


OPTIONS

       --version
              show program's version number and exit

       -h, --help
              show this help message and exit

       -b, --bytes
              count fractions in terms of bytes  rather  than  packets/connec-
              tions

       -c, --conn-summaries
              input file contains Zeek connection summaries

       --conn-version=CONN_VERSION
              when used with -c, specify '1' for use with Bro version 1.x con-
              nection logs, or '2' for use with Bro 2.x format. '0'  tries  to
              guess the format

       -C, --chema
              for packets: include only TCP, ignore when seq==0

       -e, --external
              ignore strictly internal traffic

       -E EXCLUDENETS, --exclude-nets=EXCLUDENETS
              excludes CIDRs in file from analysis

       -i ILEN, --intervals=ILEN
              create summaries for time intervals of given length (seconds, or
              use suffix of 'h' for hours, or 'm' for minutes)

       -l LOCALNETS, --local-nets=LOCALNETS
              differentiate in/out based on CIDRs in file

       -n TOPX, --topn=TOPX
              show top <n>

       -p PORTS, --ports=PORTS
              include only ports listed in file

       -P STOREPORTS, --write-ports=STOREPORTS
              write top total/incoming/outgoing ports into file

       -r, --resolve-host-names
              resolve host names

       -R tag, --R=tag
              write output suitable for R into files <tag.*>

       -s FACTOR, --sample-factor=FACTOR
              sample factor of input

       -S SAMPLE, --do-sample=SAMPLE
              sample input with probability (0.0 < prob < 1.0)

       -m, --save-mem
              do not make memory-expensive statistics

       -t, --tcp
              include only TCP

       -u, --udp
              include only UDP

       -U MINTIME, --min-time=MINTIME
              minimum time in ISO format (e.g. 2005-12-31-23-59-00)

       -v, --verbose
              show top-n for every interval

       -V MAXTIME, --max-time=MAXTIME
              maximum time in ISO format


AUTHOR

       trace-summary was written by The Zeek Project <info@zeek.org>.



trace-summary                    November 2014                trace-summary(1)

zeek 3.0.0 - Generated Tue Nov 5 05:55:06 CST 2019
© manpagez.com 2000-2021
Individual documents may contain additional copyright information.