Section: User Commands (1)
Return to Main Contents
- report profile of network traffic
[-f filter expr
reports a profile of network traffic by ranking it by link type, ip protocol,
TCP/UDP port, ip address, or network address.
Network information is collected either by reading data from
or by directly monitoring the network interface
The default action for
is to automatically search for an appropriate
interface, and to generate a profile before it exits.
When reading data from
will display the profile and exit immediately after the
entire file has been processed. When collecting data from
will keep running unless the
option had been specified.
The options are as follows:
- -f filter expr
Filter the packets according the rules given by
For the syntax of these rules, see
The argument must be quoted if it contains spaces in order to separate it
from other options.
- -h , -
Display version and a brief help message.
will track the source and destination information separately,
where applicable, and identify source data with a ">" and
destination data with "<". For example, a "http <" statistic
signifies all traffic with destination port 80 (http). This option
only applies to port, host and network statistics.
- -i interface
Do a live capture (rather than read from a file) on the interface
given on the command line. If
is "auto" then
tries to find an appropriate one by itself.
- -P port
to ignore TCP and UDP ports greater than or equal to
when displaying port statistics.
This is not the same as filtering these port numbers out
of the data set. This way, packets with i.e. the source port above
and the destination port below
will be able to still count the lower port number as a statistic.
In addition, this doesn't affect the other statistic types (link,
Set the interface into non-promiscuous mode (promiscuous
is the default) when doing live captures.
- -r filename
Read all data from
which may be a regular file, a named pipe or "-" to read it's data from
standard input. Acceptable file formats include pcap
files) and "snoop" format files.
is usually a file created by the
command using the "-w" option.
- -S letters
which statistics to display.
must be a string of one or more of the following letters:
show stats about the link layer
show stats about all ip protocols
show stats about TCP/UDP ports
show stats about hosts/ip addresses
show stats about network addresses
a synonym for "liphn"
- -s seconds
When monitoring an interface,
runs for only
seconds, and then quits. Has no effect when reading data from a file.
- -t lines
When printing a profile of the data,
will display a maximum of
lines for each statistic.
Upon receiving a SIGINT,
will print any remaining statistics, and then exit.
- /dev/bpf n
the packet filter device
tcpprof -i fxp0 -S a
Displays a complete profile of network data
passing through the fxp0 network interface, after the user enters
^C (control C).
tcpprof -r file.dump -S a
Displays a complete profile of network data from the
generated file "file.dump".
was first written along side tcpstat in Winter 1998 using FreeBSD 3.0,
and then finaly retrofited for Linux in Spring 2000. It became installed
along with tcpstat since version 1.5.
An Paul Herman Aq firstname.lastname@example.org
Please send all bug reports to this address.
Not tested with link types other than Ethernet, PPP, and "None" types.
There may be problems reading non-IPv4 packets across platforms when
reading null type link layers. This is due to a lack of a standardized
packet type descriptor in libpcap for this link type.
Snoop file formats cannot be read from stdin or named pipes.
- SEE ALSO
linux.jgfs.net manual pages