TcpTrace

WebHome | UnixGeekTools | Geekfarm | About This Site

Overview

tcptrace is a tool written by Shawn Ostermann at Ohio University, for analysis of TCP dump files. It can take as input the files produced by several popular packet-capture programs, including tcpdump, snoop, etherpeek, HP Net Metrix, and WinDump. tcptrace can produce several different types of output containing information on each connection seen, such as elapsed time, bytes and segments sent and recieved, retransmissions, round trip times, window advertisements, throughput, and more. It can also produce a number of graphs for further analysis.

Pointers

LibPcap - the packet capture library and related tools
http://jarok.cs.ohiou.edu/software/tcptrace/tcptrace.html
http://jarok.cs.ohiou.edu/software/tcptrace/manual/index.html
http://www.xplot.org/

UnixGeekTools - other great tools for unix geeks

Info

tons of connection level stats
graphing a wide range of stats
http module

command line


    # analyze a file
    tcptrace -n $file

    # long stats report on a specific connection, e.g. #139
    tcptrace -o139 -l -n $file

    # extract data to .dat files
    tcptrace -o139 -e -n $file

    # generate graphs on a specific connection
    tcptrace -o168 -G $file

    # analyze http traffic
    tcptrace -n -xhttp $file

Updated Sun Jul 23, 2006 12:14 PM