IRL BGP Microscope
TCPTRACE' - tcptrace for large volume input

The original tcptrace reads the given pcap file(s) and produce TCP connection information, including connection life time, TCP segments sent and recieved, retransmissions, round trip times, window advertisements, throughput, and more. It can also produce a number of graphs for further analysis .
./tcptrace dumpfile
The IRL patched tcptrace (tcptrace') fixed several issues in the original tcptrace and allow the processing of large volume of input data, both in terms of number of input files and the number of connections.

The modifications include,
  • Close input and output files correctly. The original tcptrace runs out of file descriptors soon when processing large number of files.
  • Compress the output graph files on-the-flight to save storage space (this could make a huge difference).
  • Other minor issues