new argus-clients package

Carter Bullard carter at qosient.com
Wed Oct 9 15:37:42 EDT 2002 

Gentle people,
   I've just uploaded a new argus-clients package to the dev
directory.
ftp://ftp.qosient.com/dev/argus-2.0/argus-clients-2.0.6.beta.34.tar.gz
This should be considered a complete reworking of the argus-clients
package and has a number of very significant improvements.  There
are a lot of reasons why argus-clients jumps from 2.0.2.alpha.17 to
2.0.6.beta.34, I've been working on it for quite some time, so, now
that I've been laid up on the couch after my surgery and had some
time to push it out, here it is, finally.

   The new argus-clients has new programs and some key changes:
       specify fields to print on the command line using "-s" option.
          this supports printing out all the fields argus supports,
          from bytes to tos to loss stats, jitter stats, whatever we've
got.
          because of this most of all the field directives on the
command
          line are gone.  hopefully we can move to the style in official
          release.

       ranonymize - this program anonymizes argus data.  it strips out
          fields that are not needed, wanted, liked, and then randomizes
          all the data fields, in a very controlled fashion.  The
program
          anonymizes the timestamps, sequence numbers, mac and IP
addresses,
          port numbers.  There is a detailed man page on ranonymize()'s
          configuration.   This is an interesting and important program
          if you want to share data.

          We all should talk about this program, as there are a lot of
          of very cool concepts, such as what is the best way to
anonymize
          port numbers, random or random fixed offset?  Should you
preserve
          the well known port ranges?  When randomizing new IP
addresses,
          should you preserve the subnet hierarchy, the Class
designations?
          Very interesting stuff.

       rastrip - toss argus data sections.  the default mode strips
argus
          data down to 1.7 semantics, and if you throw out the
          TCP data, you can get it down to 1.5 semantics.  Good man
          page for this.

       ratop - this program is working very well, and offers a real-time
          look into network activity.  Not documented yet, man page on
the
          way.  This program has a lot to offer, and getting the list to
          trying it out will be a very good thing.  Try:

              ratop -nS server

          and then change the aggregation models using the '+' and '-'
keys.
          Try the 'h' key to get help, which is minimal but helpful.
          arrow keys work, page up and down work to allow you to move
through
          large flow lists, etc...

          This handles flow loads in the 5-10K per second range and has
          options to control update speeds to improve performance when
your
          using it remotely.   Lots of bells and whistles.....

       ragraph - allows you to graph argus data. this works much better,
          uses the rrdtool libraries and gives you a fast way to graph
          any of the fields.  not perfect, but very useful.

These are the highlights, although there are many other utility
programs.
The purpose of the release is to see if there is any interest in using
and improving on these programs.  Hopefully you guys will give it a run,
and make some comments, and we can talk about fun stuff.  Do give this
collection of programs a try.


Hope all is well,


Carter

Carter Bullard
QoSient, LLC
300 E. 56th Street, Suite 18K
New York, New York  10022

carter at qosient.com
Phone +1 212 588-9133
Fax   +1 212 588-9134
http://qosient.com

More information about the argus mailing list