[ARGUS] difference in pppd and argus statistics
Peter Van Epp
vanepp at sfu.ca
Sat Apr 17 00:58:08 EDT 2004
On Thu, Apr 15, 2004 at 11:55:11PM +0300, Roman Festchook wrote:
> I use argus to monitor traffic on ppp interfaces (pptp tunnels on linux) - and see
> strange and repeating situation - argus started when pppXX interface come up
> and stop when ppp connection dropped, sometimes I see strange difference in
> pppd statistics and argus record summaries, like this:
>
<snip>
You should be able to also start tcpdump on the interface at the same
time you start argus. tcpdump should see the same packets argus does from
bpf and you can then see what argus did with them (which as Carter mentioned
is used a different sense of who is the source).
Peter Van Epp / Operations and Technical Support
Simon Fraser University, Burnaby, B.C. Canada
More information about the argus
mailing list