[ARGUS] raxml issue
Glenn MacGregor
gtm at highstreetnetworks.com
Fri Jun 4 14:53:35 EDT 2004
Hi All,
Here is a snippit from the output of raxml (ramon -M topn -unnnr
argus.out -w - | raxml -unnnr - > hosts.xml)
The test I ran is the following:
At 192.168.0.74 I downloaded a 17meg file from 192.168.0.104. I would
assume Argus would output from ramon -M topn one record with a SrcIpAddr
= 192.168.0.74 with a very small number of SrcBytes and SrcAppBytes and
very high DstBytes and DstAppBytes and the opposite for 192.168.0.104.
Is this correct?
Here is some output from the command above:
...
<Flow><IP SrcIPAddr = "192.168.0.104" DstIPAddr = "0.0.0.0" Proto = "0"
IpId = "0" /></Flow>...
<Metrics SrcCount = "3569" DstCount = "11879" SrcBytes = "267211"
DstBytes = "17599811" SrcAppBytes = "35165" DstAppBytes = "16820505" />...
...
<Flow><IP SrcIPAddr = "192.168.0.74" DstIPAddr = "0.0.0.0" Proto = "0"
IpId = "0" /></Flow>...
<Metrics SrcCount = "11681" DstCount = "3370" SrcBytes = "17582185"
DstBytes = "226442" SrcAppBytes = "16811219" DstAppBytes = "2778" />...
Again the http server is on 192.168.0.104 and the client is 192.168.0.74
so this XML output seems backwards to me.
Any thoughts?
Thanks
Glenn MacGregor
More information about the argus
mailing list