ipaggcreate
creates IP address aggregates from network traffic dumps or pcap files
TLDR
SYNOPSIS
ipaggcreate [options] [files]
DESCRIPTION
ipaggcreate reads IP packets from one or more data sources, maps each packet to a label (such as source address, destination address, or flow), and outputs an aggregate file reporting the number of packets or bytes observed per label.This tool is part of the ipsumdump package and works in conjunction with ipsumdump and ipaggmanip for network traffic analysis and summarization.
PARAMETERS
-r, --tcpdump FILE
Read from one or more tcpdump/pcap files-s, --src
Label by IP source address-d, --dst
Label by IP destination address (default)--flows
Label by TCP or UDP flow--address-pairs
Label by address pair--packets
Count packets per label (default)-B, --bytes
Count bytes per label (IP and transport headers included, link headers excluded)-o, --output FILE
Write output to file instead of stdout-f, --filter FILTER
Include only packets matching a tcpdump filter expression-b, --binary
Write summary in binary format-A, --anonymize
Anonymize IP addresses in output-t, --interval TIME
Stop after recording aggregate data for specified duration-q, --quiet
Suppress progress bar output
CAVEATS
Input format must be compatible with ipsumdump output or pcap format. Large capture files may require significant memory for aggregation. Output format is specific to the ipagg tool suite.
HISTORY
Part of the ipsumdump package developed by Eddie Kohler at UCLA and later ICSI. The tool suite was created for network measurement research and released as open source software in the early 2000s.
SEE ALSO
ipsumdump(1), ipaggmanip(1), tcpdump(1)
