Capstats is used to poll network statistics according to a BPF.

This file gives a short overview of how to use capstats. The basic model is
that you run capstats as a daemon (as root), and it will then take commands
from a client. Using a client, you can create new capture sessions, modify
them, pull up stats on running sessions, and so on.

Currently, the system consists of just one binary, which has both daemon and
client modes.

DAEMON MODE
-----------
Run "capstats -d" to start the daemon. It creates a unix socket
/var/run/capstats, on which it will accept client connections. When started
this way, the daemon will only accept connections from root; to make it
accept connections from other users, start the daemon with
"capstats -d -g <group>", where <group> is the name (or gid) of a group
from which the daemon should accept connections.


CLIENT MODE
-----------
The client is used to pass command lines to the daemon. The syntax for using
the capstats binary as a client is simply "capstats <command>". The following
commands are defined:

new <session-name> <filter>
	Start a new session. <session-name> is any string you want to use to
	identify the capture session. <filter> is a BPF-compliant filter
	string to use. See tcpdump(8) for BPF syntax.

modify <session-name> <filter>
	Modify the named session to use a new filter.

stop <session-name>
	Stop the named session.

list
	List all the running sessions.

show <session-name>
	Show information about the named session.

poll <session-name>
	Output statistics for the named session.

watch <session-name> frequency <seconds>
	Output statistics for the named session every given interval (interrupt
	with ctrl-c).



