Official mirror of git.bro.org/capstats.git
C++ Roff CMake Makefile
Fetching latest commit…
Cannot retrieve the latest commit at this time.
Permalink
Failed to load latest commit information.
cmake @ d29fbf6
.gitignore
.gitmodules
.update-changes.cfg
CHANGES
CMakeLists.txt
COPYING Updating copyright notice. Oct 8, 2013
INSTALL
Makefile
README
README.rst Add README.rst -> README symlink. Addresses BIT-1413 Jan 11, 2016
VERSION
btest
capstats.8 Porting changes from more recent codebase over. This will now be the … Nov 27, 2010
capstats.cc
config.h.in config.h wasn't being configured by CMake correctly Sep 14, 2011
configure Fix configure script to exit with non-zero status on error Aug 1, 2012
setup.py
version.cc.in

README.rst

capstats - A tool to get some NIC statistics.

Download

You can find the latest capstats release for download at http://www.bro.org/download.

Capstats's git repository is located at git://git.bro.org/capstats.git. You can browse the repository here.

This document describes capstats 0.24-2. See the CHANGES file for version history.

Output

Here's an example output with output in one-second intervals until CTRL-C is hit:

Each line starts with a timestamp and the other fields are:

pkts:Absolute number of packets seen by capstats during interval.
kpps:Number of thousands of packets per second.
kbytes:Absolute number of KBytes during interval.
mbps:Mbits/sec.
nic_pkts:Number of packets as reported by libpcap's pcap_stats() (may not match pkts)
nic_drops:Number of packet drops as reported by libpcap's pcap_stats().
u:Number of UDP packets.
t:Number of TCP packets.
i:Number of ICMP packets.
o:Number of IP packets with protocol other than TCP, UDP, and ICMP.
nonip:Number of non-IP packets.

Options

A list of all options:

capstats [Options] -i interface

   -i| --interface <interface>    Listen on interface
   -d| --dag                      Use native DAG API
   -f| --filter <filter>          BPF filter
   -I| --interval <secs>          Stats logging interval
   -l| --syslog                   Use syslog rather than print to stderr
   -n| --number <count>           Stop after outputting <number> intervals
   -N| --select                   Use select() for live pcap (for testing only)
   -p| --payload <n>              Verifies that packets' payloads consist
                                  entirely of bytes of the given value.
   -q| --quiet <count>            Suppress output, exit code indicates >= count
                                  packets received.
   -S| --size <size>              Verify packets to have given <size>
   -s| --snaplen <size>           Use pcap snaplen <size>
   -v| --version                  Print version and exit
   -w| --write <filename>         Write packets to file

Installation

capstats has been tested on Linux, FreeBSD, and MacOS. Please see the INSTALL file for installation instructions.