?? trpr.html
字號:
<!DOCTYPE html PUBLIC "-//w3c//dtd html 4.0 transitional//en"><html><head> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <meta name="GENERATOR" content="Mozilla/4.76 [en] (X11; U; Linux 2.4.2-2 i686) [Netscape]"> <meta name="Author" content="Brian Adamson"> <meta name="Description" content="How to use the trpr (Tcpdump Rate Plot Real-time)program to grahically display tcpdump traces, capturedor real-time."> <meta name="Keywords" content="tcpdump, plotting, network trace, data rate"> <title>trpr User's Guide</title></head> <body> <center> <h1> <i>trpr</i> 1.9b9 User's Guide</h1> </center> <i>Trpr</i> (TRace Plot Real-time) is a program which analyzes output from the <i>tcpdump</i> packet sniffing program and creates output suitable for plotting. It also specifically supports a range of functionality for specific use of the <i>gnuplot</i> graphing program. <i>trpr</i> can operate in a "real-time" plotting mode where <i>tcpdump</i> <tt>stdout</tt> can be piped into <i>trpr</i> and <i>trpr</i>'s <tt>stdout</tt> in turn can be piped directly into <i>gnuplot</i> for a sort of real-time network oscilloscope. <i>Trpr</i> can also parse <i>tcpdump</i> text trace files and produce files which can be plotted by <i>gnuplot</i> or imported into other plotting or spreadsheet programs. IPv4 and IPv6 traces from<i> tcpdump </i>are supported<i>. Trpr</i> can also perform the same functions with <i>drec</i> log files (See <a href="http://manimac.itd.nrl.navy.mil/MGEN"> http://manimac.itd.nrl.navy.mil/MGEN</a> for more information on <i>drec</i> and the MGEN test tool set) and <i> ns-2</i> (Berkeley's network simulator - see <a href="http://www.isi.edu/nsnam/ns"> http://www.isi.edu/nsnam/ns</a> ) trace files. <p>By default, <i>trpr</i> creates a "data rate" versus time plot of the flowsspecified using the <u>auto</u> and <u>flow</u> (and <u>exclude</u> ) commands. The <u>auto</u> command is used to set filters to automatically detect individual flows matching the <u>auto </u>filter parameters (protocol type, source addr/port, and destination addr/port) and the <u> flow</u> command aggregates flows matching its filter specification under a single data plot set. The <u>exclude</u> command is used tospecify packet flows <i> trpr</i> should ignore. The <u>flow</u> , <u>auto</u> and <u>exclude</u> commands can each be used multiple timeson the command line to specify different combinations of filters to producedifferent desired output. (In the future, an exclusion filter setwill also be provided). </p> <p>If the <u>interarrival</u> command is used, <i>trpr</i> creates a plot of the differential interarrival delay of packets for the specified flows. And for MGEN packets, the <u>latency</u> command can be used to create a plot of the transmission latency (<i>drec</i>-logged <tt>rxTime - txTime</tt> ) versus time for the flows. Also, for MGEN packets, the <u> loss</u> command can be used to generate profiles of packet lossover time. MGEN packet payloads contain sequence numbers and timestamps to facillitate these analyses. </p> <p><i>Trpr</i> can also "play back" a <i>gnuplot </i>visualization of trace file content at real time rates with the <u>replay</u> command. </p> <p>Other interesting options are planned for the future. <br> </p> <h2> Downloads:</h2> The <i>trpr</i> package is available at <a href="http://manimac.itd.nrl.navy.mil/Tools/dist"> http://manimac.itd.nrl.navy.mil/Tools/dist</a> . <p><i>Tcpdump</i> can be found at <a href="http://ee.lbl.gov">http://ee.lbl.gov</a> . </p> <p><i>Gnuplot</i>'s official web site is <a href="http://www.gnuplot.org"> http://www.gnuplot.org</a> . </p> <p>The <i>MGEN</i> web site is <a href="http://mgen.pf..itd.nrl.navy.mil"> http://mgen.pf.itd.nrl.navy.mil</a> .</p> <p>The <i>ns </i>web site is <a href="http://www.isi.edu/nsnam/ns"> http://www.isi.edu/nsnam/ns</a> .<br> </p> <h2> Build Instructions:</h2> Simply compile <i>trpr</i> with a C++ compiler. It has been primarily built with <i>gcc</i> on Unix platforms. For example, <br> type: <br> <tt>g++ -o trpr trpr.cpp -lm</tt> <p>to build the executable binary. </p> <h2> Quick Start:</h2> Here are a couple of examples illustrating use of <i>trpr</i> in simple ways. Note that <i>trpr</i> has a number of flexible command-line operations to get the results you want and understanding these is strongly recommended. And <i>tcpdump</i> has very flexible filtering options for paring down the data captured from the network so that your graphscan focus on the data of interest. The options of <i>tcpdump</i>and <i> trpr</i> can be coupled together in many different ways. And <i> trpr</i> supports options to command <i>gnuplot</i> to createGif or Postscript files for hard output or use in other programs. Detailedusage instructions for <i>trpr</i> and hints for <i>tcpdump</i> and<i> gnuplot</i> usage are given later. <h3> 1) Non-real-time Operation:</h3> a) Capture IP packets with<i> tcpdump</i> with hexadecimal packet header output. Noteyou <b> must</b> use <i> tcpdump</i>'s <br> hexadecimal output option (<tt>-x</tt>) and some form of filtering that captures only IP packets (<i>trpr</i> will not <br> properly parse the output of non-IP data (e.g. Appletalk, etc) data which <i>tcpdump</i> may otherwise capture: <p> <tt> tcpdump -x ip <traceFile></tt> </p> <p> b) Use <i>trpr</i> to process the captured <traceFile> to create a <plotFile> suitable for plottfing <br> with <i> gnuplot</i>, automatically creating lines on the graph for each unique "flow" of data <br> discovered in the <traceFile>: </p> <p> <tt> trpr input <traceFile> </tt><tt>auto X </tt><tt>output <plotFile></tt> </p> <p> c) Use <i>gnuplot</i> to display agraph of <i>trpr</i>'s analysis results (By default trpr puts appropriate <br> headers in the <plotFile> for <i>gnuplot</i>: </p> <p> <tt> gnuplot -persist <plotFile></tt> </p> <p><tt> </tt>As examples<i>, DREC </i>log files can be processedwith: </p> <p><tt> trpr drec input <drecLogFile> </tt><tt>auto X </tt><tt>output <plotFile></tt></p> <p><tt> </tt>and <i>Ns2 </i>simulation trace files can beprocessed with:<br> <tt> <br> trpr ns </tt><tt>input <nsTraceFile></tt><tt> link <srcNode>,<dstNode> send </tt><tt>auto X </tt><tt>output <plotFile></tt></p> <p><tt> (Note: For <i>ns-2 </i>mobile trace files, the<u> link </u>command should be used in the form:<br> </tt></p> <div align="center"><tt>link <nodeId>,{AGT | RTR | MAC}</tt><br> </div> <p><tt> to capture the corresponding set of packets (Agent, Router, or MAC) for a mobile <i>ns </i>node)<br> </tt></p> <p><tt> </tt>Note that the <u>link </u>command coupled withthe <u>send </u>command specifies to process packets sent over the link fromnode <src> to node <dst> in the <i>ns </i>simulation. The <src> and/or <dst> arguments can be wildcarded with the 'X' character to process multiple links to/from a particular or any simulation node. The <i>ns </i>processing feature of <i>trpr </i>has only been tested with simulations using the wireless extensions at this time.</p> <p>We hope to provide better documentation for using <i>trpr </i>with <i> ns-2</i> soon.<br> </p> <h3>2) Real-time Operation:</h3> a) Set up <i>tcpdump</i> to capture IP packets and direct hexadecimal output to <i>trpr</i>, in turn piping <i> trpr</i>'s <br> real-time output directly to <i>gnuplot</i> to get continuously updated plots of network traffic flow activity <br> Note you <b>must</b> use <i>tcpdump</i>'s hexadecimal output option (<tt> -x</tt> ) and some form of filtering that captures <br> only IP packets (<i>trpr</i> will not properly parse the output of non-IP data (e.g. Appletalk, etc) data which <br> <i> tcpdump</i> may otherwise capture: <p> <tt> tcpdump -l -x ip | trpr real auto X | gnuplot -noraise -persist</tt> </p> <p><tt> </tt>Or for <i>drec</i> operation: </p> <p> <tt>drec -f/dev/stdout | trpr drec real auto X | gnuplot -noraise -persist</tt> </p> <p><tt> </tt>Note that the "tail -f" option can also be used to pipe a <i>drec</i> log file to <i>trpr</i> in parallel with logging. (The <i>drec</i> "-f" option causes <i>drec</i> to "flush" its outputline by line for better real time performance. Note this may penalize system performance) <br> </p> <h2> Detailed Instructions:</h2> <h3> Usage:</h3> <p><br> <tt>trpr [version][drec][ns][raw][key][real][latency][interarrival][loss]</tt> <br> <tt> [window <sec>] [history <sec>]</tt> <br> <tt> [auto <type,srcAddr/port,dstAddr/port>,flowId]</tt> <br>?? 快捷鍵說明
復制代碼
Ctrl + C
搜索代碼
Ctrl + F
全屏模式
F11
切換主題
Ctrl + Shift + D
顯示快捷鍵
?
增大字號
Ctrl + =
減小字號
Ctrl + -