[Q] to see the most service port number for the traffic amounts
soyoung at essue.co.kr
soyoung at essue.co.kr
Wed Mar 20 02:54:44 EST 2002
Hi Carter, I have a question about using ra* client..
I want to rank the hosts and services(source port number) according to their
traffic amounts.
First, I used the following command to see the top 5 hosts that have sent
the most packets:
ramon -r result.arg -M TopN | rasort -N 5 -s bytes
It seems to present the appropriate result (as in the FAQ),
but in case of service port number, how do I use the argus clients to
find out the top N port number that have sent the most traffic?
(i.e. like the following results - the format is arbitrary)
port num 80 (http) : 2000 bytes
port num 25 (smtp) : 1500 bytes
port num 23 (telnet) : 1000 bytes
....
....
I think ramon and rasort commands with an appropriate options would give
the results what I want, but not sure how to use them.
I'm looking for your help..
Regards,
SoYoung
More information about the argus
mailing list