ragator

Carter Bullard carter at qosient.com
Fri Nov 10 08:22:42 EST 2000


Hey William,
   Hmmmmm, the CIDR address parsing is broken in this case.
This will be fixed today, and in the "w" release hopefully
tonight.

Carter

Carter Bullard
QoSient, LLC
300 E. 56th Street, Suite 17A
New York, New York  10022

carter at qosient.com
Phone +1 212 813-9426
Fax   +1 212 813-9426

-----Original Message-----
From: owner-argus at lists.andrew.cmu.edu
[mailto:owner-argus at lists.andrew.cmu.edu]On Behalf Of William Setzer
Sent: Thursday, November 09, 2000 5:03 PM
To: argus at lists.andrew.cmu.edu
Subject: ragator


[ Just subscribed to the list. ]

I was reading the last message in the archive about suggestions for
"ragator".  I'm trying to use the tool right now, and it's not
behaving as I expected.  I might be misunderstanding Flow/Model
lines, or there might be a bug.  In any case, it qualifies for
the requested feedback. :)

Here's what I was trying:

  Flow    100     152.1.1.1:16    *       *       *       *       200
1000
  Flow    101     152.7.1.1:16    *       *       *       *       201
1000
  Flow    102     *               *       *       *       *       202
1000


  Model   200     255.255.255.0           0.0.0.0         no      no      no
  Model   201     255.255.255.255         0.0.0.0         no      no      no
  Model   202     0.0.0.0                 0.0.0.0         no      no      no

The idea was to print out one aggregate line for every "152.1" C
block, one aggregate line for each host in the "152.7" B block, and
lump everything else together into one line.

So if I ran:

  ragator -f <flow> -n -r <argus> -w - - ip | rasort -s packets -c -n -r -

it would print out my big packet flingers.

Well, as you might guess, it doesn't work.  I just get a number of
lines of "ip    0.0.0.0  <->  0.0.0.0".  If someone could confirm
either a bug or my stupidity, I'd really appreciate it.  And I hope
that the above flow (corrected, if necessary) might serve as another
example, as requested by Carter Bullard.

Thanks.


William
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://pairlist1.pair.net/pipermail/argus/attachments/20001110/87fc97bf/attachment.html>


More information about the argus mailing list