tracefilter
salcock edited this page Dec 18, 2014
·
1 revision
tracefilter copies all packets that match a user-specified bpf filter to an output trace, creating a new filtered sub-trace.
tracefilter inputuri bpffilter outputuri
Capturing a trace file using a filter:
tracefilter int:eth0 "tcp port 80" erf:http_only.erf.gz
Filtering an existing trace:
tracefilter erf:trace.erf.gz "host 192.168.2.110" erf:single_host.erf.gz
-
tracefilterdoes not support setting the compression level or method. It will always write gzip level 1 compressed output. -
tracefilteris a limited version of tracesplit. If you require more flexibility in your filtering, tracesplit may prove to be a better option.