argus to tcpdump conversion

Carter Bullard carter at qosient.com
Fri Jun 15 09:06:41 EDT 2001 

Hey Scott,
No this is definitely not how it is suppose to work.
If you've got the time to look into it, lets try something.

Lets be working with a known entity.  If you don't mind,
lets do this with 2.0.2.beta.1 ragator().

   A simple test is to make sure that ragator() is doing
the right thing with each file.  Something like this
may give us a hint as to what the problem might be.
This script works for csh(), I'm not sure the bash syntax.

foreach i (argus.2001.06.11.*)
> echo $i
> racount -r $i
> ragator -r $i -w - | racount
> end

This should show us if we can handle a single file properly.

If there are discrepancies, add the single filter "- ip"
to each calls of racount() or ragator() to see if there
is a problem with non-ip traffic.

> racount -r $i - ip
> ragator -r $i -w - - ip | racount

What do you think?

Carter

Carter Bullard
QoSient, LLC
300 E. 56th Street, Suite 18K
New York, New York  10022

carter at qosient.com
Phone +1 212 588-9133
Fax   +1 212 588-9134
http://qosient.com

-----Original Message-----
From: owner-argus-info at lists.andrew.cmu.edu
[mailto:owner-argus-info at lists.andrew.cmu.edu] On Behalf Of Scott A.
McIntyre
Sent: Friday, June 15, 2001 2:29 AM
To: Carter Bullard
Cc: argus-info at lists.andrew.cmu.edu
Subject: Re: argus to tcpdump conversion


Hi,

> is very helpful.  If the byte and packet totals are the
> same, then things are working, just not as you suspect.
> 
> racount -r file*
> ragator -r file* -w - | racount
> ragator -f conf -r file* -w - | racount

I think that something may be going wrong...

racount -r argus.2001.06.11.*

racount    records       total_pkts         src_pkts         dst_pkts
total_bytes        src_bytes        dst_bytes
    sum   24595389        756164959        257431648        498733311
648287400775     176310819167     471976581608


ragator -r argus.2001.06.11.* -w - | racount

racount    records       total_pkts         src_pkts         dst_pkts
total_bytes        src_bytes        dst_bytes
    sum      61368          3140201           890517          2249684
2627930912        729987862       1897943050


ragator -f flow.conf -r argus.2001.06.11.* -w - | racount

racount    records       total_pkts         src_pkts         dst_pkts
total_bytes        src_bytes        dst_bytes
    sum     226382        234740941         70528022        164212919
208338503046      51664450414     156674052632

More information about the argus mailing list