listening on multiple interfaces

Carter Bullard carter at qosient.com
Wed May 1 08:02:07 EDT 2002 

Hey Jeff,
   Argus has the big performance relevant TCP metrics
in each record.  Besides having bytes, pkts and application bytes,
argus also has retransmitted pkts and bytes, last
advertised window size, last seq number, along with the DS-Bytes,
VLAN tags, etc, so you should be able to do some analysis just
with Argus data.  This data is generated by default, so you've
already got a lot of TCP performance data in your argus archive,
if you've started one.

   Argus can also give you burst timing metrics, if you've got
ARGUS_GENERATE_JITTER_DATA=yes in your argus.conf file.  This
will give you mean, stdev, min and max interpacket arrival times,
for when TCP is in the window (Active) and when its outside its
window (Idle), so you can see the burst behavior when its
transmitting and see the inter-window gaps, while its waiting
for Acks, etc.

   If your interested in measuring a specific TCP to death,
you can configure argus to generate flow status reports as
often as every millisecond ("-S 0.001") which can give you some
very interesting data, indeed.  And since you only generate
argus data when there is activity, you can leave a sub-second
argus running for extended times.

 Use raxml to printout all the fields.  If you have any
questions, please send more mail!!!


Carter

Carter Bullard
QoSient, LLC
300 E. 56th Street, Suite 18K
New York, New York  10022

carter at qosient.com
Phone +1 212 588-9133
Fax   +1 212 588-9134
http://qosient.com

> -----Original Message-----
> From: wolfe at ems.psu.edu [mailto:wolfe at ems.psu.edu] 
> Sent: Tuesday, April 30, 2002 8:18 PM
> To: carter at qosient.com
> Subject: Re: listening on multiple interfaces 
> 
> 
> In message 
> <5C8959A16A71B449AE793CF52FBBED6603C041 at ptah.newyork.qosient.c
> om>, " Carter Bullard" writes:
> > Hey Jeff,
> >    Argus does collect much of the same information that tcptrace() 
> > collects, except for segment statistics and some instantaneous RTT 
> > values, and we don't have the interesting graphs that 
> tcptrace has.  
> > Is there a specific metric that you're trying to get?
> 
> I'm trying to troubleshoot a problem with 2 machines, one 
> local and one remote that are having performance problems. 
> I've used tcptrace in the past to look at window sizes and 
> retransmits. I guess I have to read though the argus docs 
> some more. I wasn't considering that I could derive the info 
> from my argus logs. I've use the logs mostly for more 
> traditional traffic and connection logging. (eg, did this 
> host connect to that host, etc..)
> 
> -JEff
> 
>

More information about the argus mailing list