up and coming clients release

Carter Bullard carter at qosient.com
Fri Jun 1 12:02:32 EDT 2001 

Gentle people,
   I'm now putting together the first shot at a clients
only release.  This will include new versions of the
existing ra*() programs, and quite a few more, as well
as contributed software.  Some are simple tools, such as
check all the sequence numbers in an argus file to make
sure all the records are there, list the IP addresses in
an argus stream, etc...

There are a few new programs that are prototype tools,
I would really like to get some feedback on.  Some are
adaptations of existing tools to argus data.  In particular,
we have
   ragrep()
   rarpwatch()
   ratop()
   ragraph()

ragrep() is basically the existing gnu grep() code that
searches ra user data, so that you can use regular expressions
to search the user data capture buffers.  Some of you maybe
using ragrep() already, but now it will be included in the
actual release.  So if you wanted all the argus records where
the user data included "HTTP-1.0", this will give them to you.

rarpwatch() is a partial adaptation of the existing arpwatch()
program.  Because argus reports on arp requests and responses
and can provide ethernet address/IP address pairings, it can
easily feed arpwatch like tools.  So far, the tool supports printing
out arpwatch() data.   I'd like to port the entire functionality.

ratop() is a real-time curses tool that presents the top flows.
It also works with ragator() configuration files, so that you
can see top aggregated flows as well.  Its pretty cool.

ragraph().  This is a perl script that calls a new program,
rahistogram() and uses rrdtool utilities to generate gif
graphs from the rahistogram() data.   This works very well
to graph packet load and byte load.

All of these programs are prototypes, in that they do one or
two functions well, but will need some work to enhance their
support.  Such as with ragraph(), I still need to support
putting better titles on the graphs.

If anyone is interested in testing one or all of the new tools,
I'll try to have a beta distribution available next week.
Of course there are no man pages, so there will need to be some
dialog in order to use the tools.  The exercise will help me
to generate the man pages, and FAQ questions, but also to
make the tool usable.

Any takers?

Carter


Carter Bullard
QoSient, LLC
300 E. 56th Street, Suite 18K
New York, New York  10022

carter at qosient.com
Phone +1 212 588-9133
Fax   +1 212 588-9134
http://qosient.com

More information about the argus mailing list