some questions
Chris Newton
newton at unb.ca
Fri Nov 16 08:48:58 EST 2001
Yes, that does help, thanks Carter. Some more questions though :)
> Because argus maps ICMP packet to actual flows,
>we'll report any ICMP event that pertains to a given
>flow. With ra(), this show up as a 'I' indication
>in the indicator field. So, yes, if a flow is redirected,
>or if it failed to reach its destination because of
>Unreachable status, for whatever reason, we will report
>it.
Ra prints out an 'I', when it prints flows, but in the argus records is it
simply tagged as having caused an ICMP event, or is the actual event recorded,
and maybe even an 'argus record #' for the corresponding ICMP flow?
What structures in the argus record should I look for these in?
> With regard to any identifier changing, MAC
>address, VLAN tag, MPLS tag, TOS, TTL. Because these
>identifiers can affect how the network treats packets,
>Argus provides an indication of the dynamic change of
>the network. A change in TTL indicates that your packets
>are going over a dynamically changing path, which may
>explain why your not seeing the performance you expect,
>or that there is routing instability somewhere in the
>network. A change in TOS may explain why your packet
>loss metrics unexpectedly increased.
Ahh, thanks. As with the ICMP indicators above, what structures in the
argus file record do I find this information in?
Thanks Carter!
Chris
More information about the argus
mailing list