QUestion about how to use Argus to calculate TCP loss rate and RRT (fwd)
Peter Van Epp
vanepp at sfu.ca
Fri Oct 27 10:54:40 EDT 2006
On Thu, Oct 26, 2006 at 11:58:15PM -0700, carlw at cs.sfu.ca wrote:
>
> Hi,
>
> I am Carl, I am trying to use Argus to analyze tcpdump data, so that I can
> calculate tcp packet loss rate and RRT, or even bandwidth. I read throught
> the related documentation in quosient.com/arugs website, it
> mentions that Argus can read tcpdump data to calculate packet loss and
> round-trip delay, which is exactly what I need. But unfortunately, I can't
> find related document to tell me how to do it in more detailed steps. I
> really appreciate if anyone can help me to sort this out!
>
> Here I also attached a tcpdump file, so that you might want to use it as an
> example to show me the steps.
>
> Thanks in advance for your help, and hope someone can reply me soon!
>
> Carl
Assuming you are using argus-2.0.6:
argus_bpf -JR -r tcpdump.file -w file.argus
will process the tcpdump file in to an argus file with response times
(man argus) and
ra -F ra.conf.full -r file.argus
(man ra and man rarc)
where ra.conf.full looks like this:
RA_FIELD_DELIMITER=','
RA_PRINT_HOSTNAMES=protocol
RA_FIELD_SPECIFIER=time trans dur avgdur saddr daddr proto sport dport stos dtos sttl dttl bytes pkts load srate drate loss srcid ind mac dir sjitter djitter status user win seq mpls vlan ipid
RA_PRINT_UNIX_TIME=yes
RA_USEC_PRECISION=6
RA_PRINT_LABELS=0
will dump all the data that argus has. Removing fields you don't want from the
RA_FIELD_SPECIFIER line will supress them.
Peter Van Epp / Operations and Technical Support
Simon Fraser University, Burnaby, B.C. Canada
More information about the argus
mailing list