This is automatically generated documentation. Edit after the "COMMENTS" heading; changes to the main body will be lost.
ToIPFlowDumps -- Click element; creates separate trace files for each TCP/UDP flow
ToIPFlowDumps(FILEPATTERN [, KEYWORDS])
Ports: 1 input, at most 1 output
Package: analysis (core)
Writes summary information about incoming packets, in the style of
ToIPSummaryDump, to several files, one file per flow. It distinguishes flows
by their aggregate annotations. You usually will run ToIPFlowDumps downstream
of an AggregateIPFlows element.
The FILEPATTERN argument gives the pattern used by ToIPSummaryDump to
generate filenames. Printf-like `
%' escapes in the pattern are expanded
differently for each flow. Available escapes are:
%n Aggregate annotation in decimal. %.0n Upper 8 bits of aggregate annotation in decimal. %.1n, %.2n, %.3n Similar for bits 16-23, 8-15, 0-7. %.4n Upper 16 bits of aggregate annotation in decimal. %.5n Lower 16 bits of aggregate annotation in decimal. %x, %X Aggregate annotation in hex. %.0x, %.1x, ..., %.5x, %.0X, %.1X, ..., %.5X Like %.0n, ..., %.5n in hex. %s Source IP address. %.0s, %.1s, %.2s, %.3s First through fourth bytes of source IP address. %d Destination IP address. %.0d, %.1d, %.2d, %.3d First through fourth bytes of destination IP address. %S Source port. %D Destination port. %p Protocol ('T' for TCP, 'U' for UDP). %% A single % sign.
You may also use the `
0' flag and an optional field width, so `
expands to the aggregate annotation, padded on the left with enough zeroes to
make at least 6 digits.
Keyword arguments are:
gzipto compress completed trace files. (The resulting files have .gz appended to their FILEPATTERN names.) Defaults to false.
Only available in user-level processes.
... -> ToIPFlowDumps(/tmp/flow%03n);
might create a file
/tmp/flow001 with the following contents.
!IPSummaryDump 1.1 !data timestamp direction tcp_flags tcp_seq payload_len tcp_ack !flowid 188.8.131.52 3153 184.108.40.206 21 T !first_seq > 2195313811 !first_seq < 2484225252 !first_time 1018330170.887165 0.000001 > S 0 0 0 0.075539 < SA 0 0 1
Note that sequence numbers have been offset, so that the first sequence
numbers seen by ToIPFlowDumps are output as 0. The `
let you reconstruct actual sequence numbers if necessary. Similarly, timestamp
annotations are relative to `
Generated by 'click-elem2man' from '../elements/analysis/toipflowdumps.hh' on 18/Sep/2007.