Questions again about ragraph and Top tcp/udp ports

Mon Nov 27 11:58:26 EST 2006

Hey Réal,
I've "dumbed down" ragraph() for this first phase of the new release.  After we're happy with it, we can put some of the compound graphs back.  Right now we're basically one object one metric, but I can add the support back.

For racluster(), you can add the port field of interest to the 'model' definition.

   Racluster -m matrix proto dport

You need the proto so that the port values can be decoded.  There is a problem however, with "matrix" you are saying to ignore direction, but with the port values, you are implying direction.  Matrix may not be what you want.

Possibly:
   Racluster -m saddr daddr proto dport

Is more appropriate?

Carter

Carter Bullard
QoSient LLC
150 E. 57th Street Suite 12D
New York, New York 10022
+1 212 588-9133 Phone
+1 212 588-9134 Fax  

-----Original Message-----
From: real.melancon at videotron.ca
Date: Fri, 24 Nov 2006 18:58:41 
To:argus-info at lists.andrew.cmu.edu
Subject: [ARGUS] Questions again about ragraph and Top tcp/udp ports

1. With Argus 2.0.6 I was using the following commands to get several graphs. They do not work anymore on v3.0. How can I get a similar graph for:

Packet Loss (with IP address):
#> ragraph loss saddr daddr -M 10s -r argus.out - -title 'Packet Loss / IPs' -w ploss.png

Packet Loss (number of packets):
#> ragraph loss spkts dpkts -M 10s -r argus.out - -title 'Packet Loss / Packets' -w ploss2.png

Jitter (number of packets):
#> ragraph jitter saddr daddr -M 10s -r argus.out - -title 'Jitter' -w jitter.png

Concurrent transactions:
 #> ragraph trans -M 10s -r argus.out - -title 'Concurrent Transactions' -w transac.png

2. How can I get Top Talkers & Listeners but on a specific TCP/UDP port ?

Right now I use this line to get Top talkers & Listeners:

racluster -m matrix -r argus.out -w - | rasort -m bytes -w - | ra -nu

Thanks in advance.

Real Melanson.

____________________________
Réal Melançon 