|
tcptrace - a TCP connection analysis tool |
|
tcptrace [options] filename |
|
tcptrace takes a tcpdump file specified on the command line (or from standard input) and produces a summarization of the connections. |
|
Output format options |
|
−b |
brief output format |
||
|
−l |
long output format |
||
|
−r |
print rtt statistics (slower for large files) |
||
|
−W |
report on estimated congestion window (not generally useful) |
||
|
−q |
no output (if you just want modules output) |
|
Graphing options |
|
−T |
create throughput graph[s], (average over 10 segments, see -A) |
||
|
−R |
create rtt sample graph[s] |
||
|
−S |
create time sequence graph[s] |
||
|
−N |
create owin graph[s] (_o_utstanding data on _N_etwork) |
||
|
−F |
create segsize graph[s] |
||
|
−G |
create ALL graphs |
|
Output format detail options |
|
−D |
print in decimal |
||
|
−X |
print in hexadecimal |
||
|
−n |
don’t resolve host or service names (much faster) |
||
|
−s |
use short names (list "picard.cs.ohiou.edu" as just "picard") |
|
Connection filtering options |
|
−iN |
ignore connection N (can use multiple times) |
|
−oN[-M] |
|
only connection N (or N through M). Arg can be used many times. In N is a file rather than a number, read list from file instead. |
|
−c |
ignore non-complete connections (didn’t see syn’s and fin’s) |
||
|
−BN |
first segment number to analyze (default 1) |
||
|
−EN |
last segment number to analyze (default last in file) |
|
Graphing detail options |
|
−C |
produce color plot[s] |
||
|
−M |
produce monochrome (b/w) plot[s] |
||
|
−AN |
Average N segments for throughput graphs, default is 10 |
||
|
−z |
zero axis options: |
||
|
−z |
plot time axis from 0 rather than wall clock time (backward compat) |
||
|
−zx |
plot time axis from 0 rather than wall clock time |
||
|
−zy |
plot sequence numbers from 0 (time sequence graphs only) |
||
|
−zxy |
plot both axes from 0 |
||
|
−y |
omit the (yellow) instantaneous throughput points in tput graph |
|
Misc options |
|
−Z |
dump raw rtt sample times to file[s] |
||
|
−p |
print all packet contents (can be very long) |
||
|
−P |
print packet contents for selected connections |
||
|
−t |
´tick’ off the packet numbers as a progress indication |
||
|
−v |
print version information and exit |
||
|
−w |
print various warning messages |
||
|
−d |
whistle while you work (enable debug, use -d -d for more output) |
||
|
−e |
extract contents of each TCP stream into file |
||
|
−h |
print help messages |
||
|
−u |
print minimal UDP information too |
|
−Ofile |
|
dump matched packets to tcpdump file ’file’ |
|
+[v] |
reverse the setting of the -[v] flag (for booleans) |
|
Extended boolean options (unambiguous prefixes also work) |
|
−-showsacks |
|
show SACK blocks on time sequence graphs (default) |
|
−-noshowsacks |
|
DON’T show SACK blocks on time sequence graphs |
|
−-showrexmit |
|
mark retransmits on time sequence graphs (default) |
|
−-noshowrexmit |
|
DON’T mark retransmits on time sequence graphs |
|
−-showoutorder |
|
mark out-of-order on time sequence graphs (default) |
|
−-noshowoutorder |
|
DON’T mark out-of-order on time sequence graphs |
|
−-showzerowindow |
|
mark zero windows on time sequence graphs (default) |
|
−-noshowzerowindow |
|
DON’T mark zero windows on time sequence graphs |
|
−-showurg |
|
mark packets with URGENT bit set on the time sequence graphs (default) |
|
−-noshowurg |
|
DON’T mark packets with URGENT bit set on the time sequence graphs |
|
−-showrttdongles |
|
mark non-RTT-generating ACKs with special symbols |
|
−-noshowrttdongles |
|
DON’T mark non-RTT-generating ACKs with special symbols (default) |
|
−-showdupack3 |
|
mark triple dupacks on time sequence graphs (default) |
|
−-noshowdupack3 |
|
DON’T mark triple dupacks on time sequence graphs |
|
−-showzerolensegs |
|
show zero length packets on time sequence graphs (default) |
|
−-noshowzerolensegs |
|
DON’T show zero length packets on time sequence graphs |
|
−-showzwndprobes |
|
show zero window probe packets on time sequence graphs (default) |
|
−-noshowzwndprobes |
|
DON’T show zero window probe packets on time sequence graphs |
|
−-showtitle |
|
show title on the graphs (default) |
|
−-noshowtitle |
|
DON’T show title on the graphs |
|
−-res_addr |
|
resolve IP addresses into names (may be slow) (default) |
|
−-nores_addr |
|
DON’T resolve IP addresses into names (may be slow) |
|
−-res_port |
|
resolve port numbers into names (default) |
|
−-nores_port |
|
DON’T resolve port numbers into names |
|
−-checksum |
|
verify IP and TCP checksums |
|
−-nochecksum |
|
DON’T verify IP and TCP checksums (default) |
|
−-dupack3_data |
|
count a duplicate ACK carrying data as a triple dupack |
|
−-nodupack3_data |
|
DON’T count a duplicate ACK carrying data as a triple dupack (default) |
|
−-check_hwdups |
|
check for ’hardware’ dups (default) |
|
−-nocheck_hwdups |
|
DON’T check for ’hardware’ dups |
|
−-warn_ooo |
|
print warnings when packets timestamps are out of order |
|
−-nowarn_ooo |
|
DON’T print warnings when packets timestamps are out of order (default) |
|
−-warn_printtrunc |
|
print warnings when packets are too short to analyze |
|
−-nowarn_printtrunc |
|
DON’T print warnings when packets are too short to analyze (default) |
|
−-warn_printbadmbz |
|
print warnings when MustBeZero TCP fields are NOT 0 |
|
−-nowarn_printbadmbz |
|
DON’T print warnings when MustBeZero TCP fields are NOT 0 (default) |
|
−-warn_printhwdups |
|
print warnings for hardware duplicates |
|
−-nowarn_printhwdups |
|
DON’T print warnings for hardware duplicates (default) |
|
−-warn_printbadcsum |
|
print warnings when packets with bad checksums |
|
−-nowarn_printbadcsum |
|
DON’T print warnings when packets with bad checksums (default) |
|
−-warn_printbad_syn_fin_seq |
|
print warnings when SYNs or FINs rexmitted with different sequence numbers |
|
−-nowarn_printbad_syn_fin_seq |
|
DON’T print warnings when SYNs or FINs rexmitted with different sequence numbers (default) |
|
−-dump_packet_data |
|
print all packets AND dump the TCP/UDP data |
|
−-nodump_packet_data |
|
DON’T print all packets AND dump the TCP/UDP data (default) |
|
−-continuous |
|
run continuously and don’t provide a summary |
|
−-nocontinuous |
|
DON’T run continuously and don’t provide a summary (default) |
|
−-print_seq_zero |
|
print sequence numbers as offset from initial sequence number |
|
−-noprint_seq_zero |
|
DON’T print sequence numbers as offset from initial sequence number (default) |
|
−-limit_conn_num |
|
limit the maximum number of connections kept at a time in real-time mode |
|
−-nolimit_conn_num |
|
DON’T limit the maximum number of connections kept at a time in real-time mode (default) |
|
−-xplot_all_files |
|
display all generated xplot files at the end |
|
−-noxplot_all_files |
|
DON’T display all generated xplot files at the end (default) |
|
−-ns_hdrs |
|
assume that ns has the useHeaders_flag true (uses IP+TCP headers) (default) |
|
−-nons_hdrs |
|
DON’T assume that ns has the useHeaders_flag true (uses IP+TCP headers) |
|
−-csv |
|
display the long output as comma separated values |
|
−-nocsv |
|
DON’T display the long output as comma separated values (default) |
|
−-tsv |
|
display the long output as tab separated values |
|
−-notsv |
|
DON’T display the long output as tab separated values (default) |
|
Extended variable options (unambiguous prefixes also work) |
|
−-output_dir=‘‘STR’’ |
|
directory where all output files are placed (default: ’<NULL>’) |
|
−-output_prefix=‘‘STR’’ |
|
prefix all output files with this string (default: ’<NULL>’) |
|
−-xplot_title_prefix=‘‘STR’’ |
|
prefix to place in the titles of all xplot files (default: ’<NULL>’) |
|
−-update_interval=‘‘STR’’ |
|
time interval for updates in real-time mode (default: ’<NULL>’) |
|
−-max_conn_num=‘‘STR’’ |
|
maximum number of connections to keep at a time in real-time mode (default: ’<NULL>’) |
|
−-remove_live_conn_interval=‘‘STR’’ |
|
idle time after which an open connection is removed in real-time mode (default: ’<NULL>’) |
|
−-remove_closed_conn_interval=‘‘STR’’ |
|
time interval after which a closed connection is removed in real-time mode (default: ’<NULL>’) |
|
−-xplot_args=‘‘STR’’ |
|
arguments to pass to xplot, if we are calling xplot from here (default: ’<NULL>’) |
|
−-sv=‘‘STR’’ |
|
separator to use for long output with <STR>-separated-values (default: ’<NULL>’) |
|
Included Modules |
|
http Http analysis package |
|
tcplib TCPLib analysis package |
|
traffic traffic analysis package |
|
slice traffic efficiency data by time slices |
|
rttgraph round trip time analysis graphs |
|
collie connection summary package |
|
realtime example real-time package |
|
For module-specific options, please use ‘tcptrace -hxargs‘ Filter Variables: Please use ’tcptrace -hfilter’ for the complete listing of filter variables. Filter Syntax: Please use ’tcptrace -hfilter’ for filter syntax. |
|
Options are first read from the file $HOME/.tcptracerc (if it exists), and then from the environment variable TCPTRACEOPTS (if it exists), and finally from the command line. |
|
Shawn Ostermann (ostermann@cs.ohiou.edu) |
|
Thanks to Mark Foster (mafoster@george.arc.nasa.gov) for writing this manual page. Thanks to Avinash Lakhiani (alakhian@irg.cs.ohiou.edu) for updating it. |
|
Dump File Names |
|
xplot |
an interactive tool for examining .xpl files output by tcptrace. |
||
|
jPlot |
a Java version of xplot. |