trpr 2.0b1 User's Guide
Contents
1. 20 seconds This command instructs trpr to automatically discover and lt type srcAddr port dstAddr port id gt plot flows of network data according to the matching type src dst id criteria provided Otherwise trpr only plots flows given by the flow option described below Valid values for lt type gt include X udp tcp or the numeric value of the IP protocol type of interest The X value wildcards the lt type gt so that trpr will automatically create a plot on the graph for any type of IP protocol which meets the given lt source destination gt criteria The source and destination addresses srcAddr amp dstAddr must be given in dotted decimal notation or may also be wildcarded with an X character The lt source destination gt portion may also be omitted and then will be automatically wildcarded The optional id portion of the flow description corresponds to any flow id which may apply to the data analyzed This currently only applies to drec log files when the user wishes to additionally differentiate drec flows by their flow id See the mgen user s guide for more information As an example auto udp will cause trpr to enumerate individual plots for each unique UDP protocol flow detected regardless of source or destination The source and destination port numbers can be explicitly specified or wildcarded with an X 2 1 05 11 36 AM trpr User s Guide 6 of 9 flow lt type srcAddr port dstAddr2. gt b Use rpr to process the captured lt traceFile gt to create a lt plotFile gt suitable for plottfing with gnuplot automatically creating lines on the graph for each unique flow of data discovered in the lt traceFile gt trpr input lt traceFile gt auto X output lt plotFile gt c Use gnuplot to display a graph of trpr s analysis results By default trpr puts appropriate headers in the lt plotFile gt for gnuplot gnuplot persist lt plotFile gt As examples mgen log files can be processed with trpr drec input lt drecLogFile gt auto X output lt plotFile gt and ns 2 simulation trace files can be processed with trpr ns input lt nsTraceFile gt link lt srcNode gt lt dstNode gt send auto X output lt plotFile gt Note The link command coupled with the send command specifies to process packets sent over the link from node lt src gt to node lt dst gt in the ns 2 simulation The lt src gt and or lt dst gt arguments can be wildcarded with the X character to process multiple links to from a particular or any simulation node Note For ns 2 mobile trace files the link command should be used in the form link lt nodeId gt AGT RT MAC to capture the corresponding set of packets Agent Router or MAC for a mobile ns 2 node 2 1 05 11 36 AM trpr User s Guide http proteantools pf itd nrl navy mil trpr html 3 of 9 We hope to provide more examples for using rpr with ns 2 soon 2 Real time
3. port id gt exclude lt type srcAddr port dstAddr port id gt input lt inputFile gt output lt outputFile gt link lt src gt lt dst gt http proteantools pf itd nrl navy mil trpr html or implicitly through omission Note that flows which match those given with the flow option see below will not be tested against the auto criteria The auto option may be used multiple times on the trpr command line to establish multple sets of automatic flow matchiing criteria e g trpr auto udp auto tcp Note that if _no_ flow or auto filters are provided trpr runs with a default wildcard enumeration filter of auto X This command instructs rpr to look for and plot specific flows which match the given type src dst criteria All flows which match the given criteria are accumulated together onto a single plot line The address and port criteria are given in the same way as for the auto command and may be wildcarded in the same way For example the option flow udp will cause trpr to accumulate all detected UDP traffic regardless of source and destination since they are implicitly wildcarded here into a single plot Thus the command trpr flow udp flow tcp will produce a graph with two lines one plotting cumulative UDP traffic and the other plotting cumulative TCP traffic detected by tcpdump As with the auto option the flow option may be used multiple times on the command line and may be used in conjunction with th
4. Operation a Set up tcpdump to capture IP packets and direct hexadecimal output to rpr in turn piping trpr s real time output directly to gnuplot to get continuously updated plots of network traffic flow activity Note you must use tcpdump s hexadecimal output option x and some form of filtering that captures only IP packets trpr will not properly parse the output of non IP data e g Appletalk etc data which tcpdump may otherwise capture tcpdump l x ip trpr real auto X gnuplot noraise persist Or for mgen operation mgen flush output dev stdout trpr drec real auto X gnuplot noraise persist Note that the tail f option can also be used to pipe a mgen log file to trpr in parallel with logging The mgen flush option causes mgen to flush its output line by line for better real time performance Note this may penalize system performance Detailed Instructions Usage trpr version drec ns raw key real latency interarrival loss count window lt sec gt history lt sec gt auto lt type srcAddr port dstAddr port gt flowId flow lt type srcAddr port dstAddr port gt flowId exclude lt type srcAddr port dstAddr port gt flowId input lt inputFile gt output lt outputFile gt link lt src gt lt dst gt send recv range lt startSec gt lt stopSec gt offset lt hh mm ss gt summary histogram replay lt factor gt png lt pngFile gt post lt postFile gt
5. e auto option Flows of network traffic matching the criteria specified with the flow option will be accumulated into a matching flow plot and are also tested against the sets of auto option criteria so redundant plot lines may result depending on the criteria used This command instructs trpr to ignore specific flows which match the given type src dst criteria The address and port criteria are given in the same way as for the auto command and may be wildcarded in the same way For example the option flow udp will cause trpr to ignore all detected UDP traffic regardless of source and destination since they are implicitly wildcarded here The exclude command filters are evaluated before the auto and flow command filters This option instructs trpr to use the file name given by lt inputFile gt for input Otherwise trpr looks for input from stdin The expected input format is text output from the tcpdump program run with its hexadecimal option x given and properly filtered so that only IP protocol data is captured Non IP data from tcpdump will result in errors in trpr s output This option instructs trpr to save cumulative data into the file name given by lt outputFile gt for later non real time plotting The plot data stored here contains data from the entire tcpdump run as opposed to the trpr real time mode s limited history of data By default i e unless the raw option is given the output file contains text header info
6. e time given in the trace file in its output instead of normalizing the time values generally the plots x axis to zero time for the first packet event or optional offset time This causes rpr to output summary statistics of results to stdout at the end of analysis These summary results are available with or without the production of data intended for plotting This options is useful for commanding or scripting trpr to collect statistics in addition to or instead of plots This causes trpr to output a histogram of the values of analyses intervals intervals determined by the window command for each flow to stdout Some percentile information of the histogram content is also provided in the output The histograms are comma delimited tables of values The hcat program provided in the TRPR distribution can be used to query and manipulate these histogram files or they can also be plotted with a graphing tool e g gnuplot The hcat program also allows multiple histogram files from multiple trpr analysis runs to be combined together for cumulative Statistics collection Currently the quantization size and curve 2 1 05 11 36 AM trpr User s Guide http proteantools pf itd nrl navy mil trpr html 8 of 9 of the histogram is fixed and adapts in range with data The histogram output may be useful for packet latency analyses or other kinds of statistics compilations This limits rpr s rate of real time gnuplot graph generation to a lt
7. eraging window at the window s end thus ramping from one window to the next This may be useful for alternative post processing of trpr s output files or to reduce the number of data points on plots with an extremely large number of data points where the window start stop points are indiscernable anyway This parameter sets the step size of trpr s window based data rate and packet loss averaging algorithms The step size unit is time in seconds This algorithm counts the cumulative quantity of data or packet loss in each window of time and calculates the kilobits per second kbps or loss fraction value for each step These discrete values of data rate or loss fraction versus time comprise rpr s plot data Two points are plotted one at each time window s beginning and one at its end to form a stair step plot The window command also controls the gnuplot real time graph update rate for real command operation The window lt sec gt value can be specified as 1 to cause trpr to average across the entire trace file or the period specified by the range command Note the negative window value should not be used in combination with the real command Default 1 second This parameter determines the range in time units of seconds of the X axis of the graphs produced in trpr s real time mode As time progresses the gnuplot graphs will scroll in strip chart fashion to display the current history of network activity Default
8. factor gt of real time when parsing a pre existing trace file When the replay command is given trpr generates the same gnuplot output as for the real command The lt factor gt parameter scales the playback rate with respect to real time For example lt factor gt 1 is actual real time while lt factor gt 2 is double speed playback Note that real time update occurs once per window time replay lt factor gt tcpdump Hints 1 Make sure you are using tcpdump filters such that only IP packets are captured trpr currently doesn t like non IP packets in tcpdump s output 2 Always use the x option when using tcpdump with trpr trpr looks for and parses the hexadecimal output 3 Use tcpdump s n option to skip DNS lookups and speed up tcpdump s performance trpr only uses dotted decimal numeric IP addresses 4 Use tcpdump s line buffering option 1 to get output with minimal delay for real time plotting 5 Read and learn tcpdump s man page for the extensive set of filtering options tcpdump provides Uses these filter options in conjunction with trpr s own filters to get the graphical results you want 6 Leverage tcpdump s ability to store captured data in a binary file use tcpdump s w option and then post process it with tcpdump s filter s using tcpdump to process the stored binary file with its r option and redirecting its output to trpr gnuplot Hints 1 Use gnuplot s noraise option whe
9. flows trpr should ignore The flow auto and exclude commands can each be used multiple times on the command line to specify different combinations of filters to produce different desired output In the future an exclusion filter set will also be provided If the interarrival command is used trpr creates a plot of the differential interarrival delay of packets for the specified flows And for MGEN packets the latency command can be used to create a plot of the transmission latency mgen logged rxTime txTime versus time for the flows Also for MGEN packets the loss command can be used to generate profiles of packet loss over time MGEN packet payloads contain sequence numbers and time stamps to facillitate these analyses The count command simply produces counts of the indicate send and or recv events for the specified flows The histogram command causes trpr to output histograms of any of these statistics and the window command determines the averaging window interval to use with window 1 over the entire trace file and window 0 for individual events Trpr can also play back a gnuplot visualization of trace file content at real time rates with the replay command Other interesting at least I find them interesting options are planned for the future Downloads The trpr package is available at http downloads pf itd nrl navy mil proteantools Tcpdump can be found at http ee lbl gov Gnuplot s official web site i
10. limit the actual graph animation rate or the trace file will be parsed at cartoon rate i e as fast as possible This option commands gnuplot to create a gif Graphics Interchange Format file when it plots instead of the default X11 display The lt gifFile gt parameter is the name of the file gnuplot will create when it processes trpr s output This can be used in either real time or non real time operation In real time operation the lt gifFile gt will be periodically overwritten according to window setting This option commands gnuplot to create a Postscript file when it plots instead of the default X11 display The lt postFile gt parameter is the name of the file gnuplot will create when it processes trpr s output This can be used in either real time or non real time operation In real time operation the lt postFile gt will be periodically overwritten according to window setting 2 1 05 11 36 AM trpr User s Guide 5 of 9 multiplot ramp window lt sec gt history lt sec gt auto http proteantools pf itd nrl navy mil trpr html With gnuplot trpr will create a multiplot graph with one graph per detected flow stacked vertically This only works with the real time upated real command graphing mode for now By default trpr creates stair step plots of its averaging window results i e 2 data points per window The optional ramp command causes trpr to create plots with one data point per av
11. multiplot ramp alimit lt bytes gt NOTE Type addr or port parameters can be wildcarded with an X character Command Line Parameters and Options version Causes trpr to display program version number and exit drec trpr will expect to process a drec log file instead of tcpdump hex output ns trpr will expect to process a ns trace file instead of tcpdump hex output raw When this option is given the lt outputFile gt will only include unlabeled sets of plotting data without the default gnuplot compatible headers This is useful to get the raw plot data 2 1 05 11 36 AM trpr User s Guide key rate interarrival latency loss count real gif lt gifFile gt post lt postFile gt 4 of 9 http proteantools pf itd nrl navy mil trpr html for importing into a spreadsheet or other plotting program With this option trpr will print a key to the data plot sets in the lt outputFile gt This consists of one comma delimited line with a leading character This line is printed when new flows of data are detected and another data set column is output The first column is marked Time Subsequent columns are labeled with a description of the flow data being plotted Causes trpr to create plots of data rate versus time The window command can be used to set trpr s rate averaging window The rate command is the implicit default plot mode for trpr Causes trpr to create plots of differential inte
12. n using with trpr in real time mode if you don t want the updated plots to continually pop to your display s top level 2 Use gnuplot s persist option if you wish the last plot to remain displayed after exiting 3 rpr s output files for gnuplot are in text format and easily edited to customize output Gnuplot is a very flexible program with lots of options to get the graphs into almost any format you would like It is also lightning fast 2 1 05 11 36 AM trpr User s Guide http proteantools pf itd nrl navy mil trpr html Examples of Use TBD Credits trpr was written by Brian Adamson adamson itd nrl navy mil Your questions and comments are welcome and appreciated 16 April 2004 9 of 9 2 1 05 11 36 AM
13. rarrival packet delays for detected flows instead of the default data rate versus time plot Causes trpr to create plots of transmission delay for drec flows instead of the default data rate versus time plot This type of plot is only available for drec operation Causes trpr to create plots of packet loss based on received sequence numbers for drec flows instead of the default data rate versus time plot This type of plot is only available for drec operation The window command can be used to set trpr s loss averaging window The window specified should be large enough to encompass several expected packet events for desired results Causes trpr to create plots of packet counts versus time instead of the default data rate versus time plot The window command can be used to set trpr s count accumulation window The rate command is the implicit default plot mode for trpr When this option is given trpr will output plotting commands and data to its stdout This output is intended for the stdin of gnuplot for real time plotting However note that this output can be redirected to a file for storage and then later that file can be directed to the input of gnuplot for playback Note that the real time mode can be used simultaneously with trpr s cumulative non real time output option Note that the real time graph update occurs once per window time This option can also be used with pre existing trace files Use the replay command to
14. rmation at its beginning so that gnuplot can be used to create a nicely labelled graph This causes trpr to process only packets associated with the identified link or node For ns trace files the lt src gt and lt dst gt values correspond to simulation node identifiers For tcpdump operation the MAC address is used Note that lt src gt and or lt dst gt values can be wildcarded by omission or by designating X as the value For ns simulations using the wireless mobility extensions the lt dst gt value may be AGT 2 1 05 11 36 AM trpr User s Guide send recy range lt startSec gt stopSec offset lt hh mm ss gt absolute summary histogram 7 of 9 http proteantools pf itd nrl navy mil trpr html or RTR corresponding to the wireless transmission type By default both AGT and RTR are counted by trpr since the notion of links is not used in the trace files Wildcarding the lt src gt or lt dst gt values allows the user to analyze all traffic arriving to and or leaving from a specific simulation node or MAC address The send and recv commands may be optionally used in combination with the link command to specify whether only arriving packets recv or departing packets send are processed By default both arriving and departing packets are processed Specifies that only sent packets are to be processed In ns this corresponds to s events for traced links or nodes In tcpdump this co
15. rresponds to packets whose source MAC address correspond to the lt src gt value given with the link command By default both sent and received packets are counted by trpr The send and recy commands are generally useful only for ns simulations but may be applicable to tcpdump trace file analysis in some situations Specifies that only received packets are to be processed In ns this corresponds to r events for traced links or nodes In tcpdump this corresponds to packets whose destination MAC address corresponds to the lt dst gt value given with the link command By default both sent and received packets are counted by trpr The send and recv commands are generally useful only for ns simulations but may be applicable to tcpdump trace file analysis in some situations Causes trpr to skip ahead to the start time in seconds from the first packet event in the trace file and end processing at the optional stop time in seconds Setting the stop time to 1 causes trpr to process until the end of the trace input Note the range command may be used in combination with the offset and or absolute commands to perform analysis for a specific time period in the trace file This allows the user to specify an absolute analysis start time using a time of day reference The time given is in 24 hour clock time format and must be within 12 hours of the time of the first packet event in the trace file Causes trpr to use the absolut
16. s http www gnuplot org The MGEN web site is http mgen pf itd nrl navy mil The ns web site is http www isi edu nsnam ns Build Instructions Simply compile trpr with a C compiler It has been primarily built with gcc on Unix platforms For example 2 1 05 11 36 AM trpr User s Guide http proteantools pf itd nrl navy mil trpr html 2 of 9 type g o trpr trpr cpp lm to build the executable binary Quick Start Here are a couple of examples illustrating use of trpr in simple ways Note that trpr has a number of flexible command line operations to get the results you want and understanding these is strongly recommended And tcpdump has very flexible filtering options for paring down the data captured from the network so that your graphs can focus on the data of interest The options of tcpdump and trpr can be coupled together in many different ways And trpr supports options to command gnuplot to create Gif or Postscript files for hard output or use in other programs Detailed usage instructions for rpr and hints for tcpdump and gnuplot usage are given later 1 Non real time Operation a Capture IP packets with tcpdump with hexadecimal packet header output Note you must use tcpdump s hexadecimal output option x and some form of filtering that captures only IP packets trpr will not properly parse the output of non IP data e g Appletalk etc data which tcpdump may otherwise capture tcpdump x ip lt traceFile
17. trpr User s Guide http proteantools pf itd nrl navy mil trpr html 1 of 9 trpr 2 0b1 User s Guide Trpr TRace Plot Real time is a program which analyzes output from the tcpdump packet sniffing program and creates output suitable for plotting It also specifically supports a range of functionality for specific use of the gnuplot graphing program trpr can operate in a real time plotting mode where tcpdump stdout can be piped into trpr and trpr s stdout in turn can be piped directly into gnuplot for a sort of real time network oscilloscope Trpr can also parse tcpdump text trace files and produce files which can be plotted by gnuplot or imported into other plotting or spreadsheet programs IPv4 and IPv6 traces from tcpdump are supported Trpr can also perform the same functions with mgen log files See http mgen pf itd nrl navy mil for more information on mgen and the MGEN test tool set and ns 2 Berkeley s network simulator see http www isi edu nsnam ns trace files By default trpr creates a data rate versus time plot of the flows specified using the auto and flow and exclude filtering commands The auto command is used to set filters to automatically detect and _enumerate_ individual flows matching the auto filter parameters protocol type source addr port and destination addr port and the flow command _aggregates_ flows matching its filter specification under a single data plot set The exclude command is used to specify packet
Download Pdf Manuals
Related Search