Fwd: Re: Linksys router...
Russell Fulton
r.fulton at auckland.ac.nz
Mon Dec 20 16:42:40 EST 2004
On Mon, 2004-12-20 at 16:12 -0500, Brian Johnson wrote:
> Good idea. I think I've been staring at numbers too long today, my brain quit working. tcpdump spews forth all my test traffic. So it must be with how I'm running argus. Basically what I want to do is generate graphs of our incoming/outgoing bandwidth usage. So, I'm using argus to gather the data, racount to give me the numbers, and then mrtg to graph the stuff. But "racount -ar /tmp/argus.out" is giving me numbers that are WAY too low, and "ra -ar /tmp/argus.out" is not showing me any of the traffic from my tests.
>
> That's what leads me to believe I'm running argus wrong. I've been using:
>
> argus -i eth1 -S 10 -w argus.out
looks fine.
use ra to see what is actually in the file and if it corresponds with
what tcpdump is seeing.
>
> But the sum line of "racount -ar argus.out" is WAY too low. Usually about 2 to 5 times lower than it should be. If I download a 20MB file, I will see a sum in the total_bytes column of about 9800000 (rounded up). After a 40MB file, I see a sum of 13000000. I even waited a few minutes to make sure argus had written it's data out.
I hardly ever use racount, but from memory it is pretty straight forward
with no obvious gotchas.
Russell
More information about the argus
mailing list