Argus-info Digest, Vol 10, Issue 37
Carter Bullard
carter at qosient.com
Wed Jun 21 23:44:40 EDT 2006
Hey CS Lee,
Try some simple aggregations.
racluster -m matrix/4 -r /tmp/test.out - ip
Will show you the matrix interactions between
x.y.z.w/4 networks. Not necessarily riveting, but
it does help to see how simple aggregations can
give you a different look.
racluster -m smac dmac -r /tmp/test.out -m smac dmac dur spkts
dpkts sbytes dbytes
will give you a sense of the traffic going from one mac
address to another.
Carter
On Jun 21, 2006, at 9:30 PM, CS Lee wrote:
> Carter,
>
> Thanks, at least now I know it is not just the proto field in IP
> header where I previously thought it is. I will test more about other
> argus client tools to see how things go.
>
> Cheers.
>
More information about the argus
mailing list