[ARGUS] difference in pppd and argus statistics
Roman Festchook
roma at polesye.net
Thu Apr 15 16:55:11 EDT 2004
I use argus to monitor traffic on ppp interfaces (pptp tunnels on linux) - and see
strange and repeating situation - argus started when pppXX interface come up
and stop when ppp connection dropped, sometimes I see strange difference in
pppd statistics and argus record summaries, like this:
pppd stats for connection:
Apr 15 21:08:40 kobzar pppd[5726]: Sent 33418023 bytes, received 1993843 bytes.
argus summary:
total_pkts src_pkts dst_pkts total_bytes src_bytes dst_bytes
tcp 64040 25056 38984 35329978 2167012 33162966
udp 754 381 373 80304 24571 55733
icmp 15 15 0 1124 1124 0
ip 5 5 0 236 236 0
arp 0 0 0 0 0 0
non-ip 0 0 0 0 0 0
sum 64814 25457 39357 35411642 2192943 33218699
So more traffic in incoming flow (2192943-1993843=199100) practically identical amount of smaller outgoing
flow (33218699-33418023=-199324). And this difference repeats.
Somebody can point me to reason of this strange defference?
--
Roman Festchook
Network Engineer
RF2-UANIC FRA11-RIPE
More information about the argus
mailing list