Using tcptrace

tcptrace can be run on a network dumpfile trivially as in

tcptrace dumpfile
where dumpfile is a file containing traffic captured from the network. tcptrace understands various network dumpfile formats like tcpdump, snoop, etherpeek, netm, ns, nlanr, netscout. Dumpfiles in these formats can also be compressed in GnuZIP (gz), BZIP2 (bz2), or UNIX compress (Z) formats, as tcptrace can uncompress them on the fly.

tcptrace can be passed multiple command-line options to perform various tasks as explained in subsequent chapters. If you want tcptrace to always start processing with certain command-line options, you may store them in .tcptracerc file in your home directory, or set the TCPTRACEOPTS environment variable with the options. tcptrace reads the .tcptracerc file and the TCPTRACEOPTS environment variable before processing options given in command-line.

You may also use tcptrace -h to get brief descriptions of various command-line options.


Super-User 2003-08-29