Jitter and intrapacket delay

Urtho junk at urtho.net
Fri Jul 13 10:06:15 EDT 2007 

should I have (d|s)intpkt and (d|s)jit on RTP flows ?

[root at radius argus]# ra -c '|' -n -S localhost:560 -s +dintpkt  
+sintpkt +dur
16:02:49.946727| e       |rtp|193.192.170.34|4890|<->|62.29.133.121| 
5302|250|250|18500|18500|CON|||4.983409
16:02:55.036817| e       |rtcp|193.192.170.34|4891|<->|62.29.133.121| 
5303|1|1|122|118|CON|||1.876561
16:02:54.079440| e       |udp|83.15.159.92|5200|<->|193.192.170.34| 
5060|1|2|949|955|CON|||0.168599
16:02:54.248217| e       |udp|193.192.170.34|16009|<->|193.192.170.35| 
1813|1|1|361|62|CON|||0.005577
16:02:54.946797| e       |rtp|193.192.170.34|4890|<->|62.29.133.121| 
5302|250|250|18500|18500|CON|||4.983438
16:03:01.716920| e       |rtcp|193.192.170.34|4891|<->|62.29.133.121| 
5303|1|2|122|236|CON|||4.100065
16:02:59.252409| e       |arp|193.192.170.35||who|193.192.170.34||1|1| 
60|60|CON|||0.000044
16:02:59.376878| e    V  |rtp|193.192.170.34|4892|<->|83.15.159.92| 
4892|250|184|18500|12966|CON|||4.981302
16:02:59.354154| e       |udp|83.15.159.92|5200|<-|193.192.170.34| 
5060|0|1|0|698|RSP|||0.000000
16:02:59.929228| e       |udp|62.29.133.121|5160|<->|193.192.170.34| 
5060|2|2|1404|1268|CON|||0.023544
16:02:59.946866| e       |rtp|193.192.170.34|4890|<->|62.29.133.121| 
5302|250|250|18500|18500|CON|||4.983348
16:03:00.114678| e       |rtcp|83.15.159.92|4893|->|193.192.170.34| 
4893|1|0|118|0|INT|||0.000000
16:03:04.376986| e    V  |rtp|193.192.170.34|4892|<->|83.15.159.92| 
4892|250|146|18500|9992|CON|||4.989717
16:03:04.946957| e       |rtp|193.192.170.34|4890|<->|62.29.133.121| 
5302|250|250|18500|18500|CON|||4.984580
16:03:05.114711| e       |rtcp|83.15.159.92|4893|<->|193.192.170.34| 
4893|1|1|118|122|CON|||2.452396
16:03:07.457055| e       |rtcp|193.192.170.34|4891|<->|62.29.133.121| 
5303|1|1|122|118|CON|||1.016621
16:03:09.377103| e    V  |rtp|193.192.170.34|4892|<->|83.15.159.92| 
4892|207|185|15318|13290|CON|||4.120165

On 2007-07-13, at 15:56, Carter Bullard wrote:

> As I said, you are using the wrong syntax.  While that is not your  
> only problem,
> it is a problem.  There are no "jit" or "intpkt" fields and all  
> records do not have
> jitter information in them.  Here is my attempt:
>
> ra -c '|' -S amon -s +sintpkt +dintpkt +dur
> StartTime|Flgs|Proto|SrcAddr|Sport|Dir|DstAddr|Dport|SrcPkts| 
> DstPkts|SrcBytes|DstBytes|State|SIntPkt|DIntPkt|Dur
> 09:53:30.921307| e       |arp|192.168.0.202||who|192.168.0.1||3|0| 
> 180|0|INT|||0.000995
> 09:53:33.730313| e       |udp|192.168.0.1|router|->|192.168.0.255| 
> router|1|0|66|0|INT|||0.000000
> 09:53:33.856879| e       |tcp|207.237.36.98|9171|<?>|216.92.197.167| 
> imap|1|1|66|66|FIN|||0.023512
> 09:53:33.859093| e       |tcp|207.237.36.98|6183|<?>|17.250.248.152| 
> imaps|8|6|676|811|CON|270507.000000|350512.000000|1.893553
> 09:53:34.064204| e       |tcp|207.237.36.98|fsc-port|->| 
> 216.92.197.167|imap|17|26|1202|31629|CON|31277.000000|11717.400391| 
> 0.500436
> 09:53:34.242689| e       |tcp|207.237.36.98|6206|<?>|216.92.197.167| 
> imap|2|1|170|134|CON|||0.035715
> 09:53:34.559823| e       |tcp|207.237.36.98|9218|->|17.250.248.152| 
> imaps|18|16|1835|4544|RST|81839.820312|95100.867188|1.510698
> 09:53:34.908662| e       |udp|207.237.36.98|metasage|<->| 
> 192.43.244.18|ntp|1|1|90|90|CON|||0.123894
> 09:53:35.743563| e       |tcp|192.168.0.66|54339|->|192.168.0.82| 
> monitor|12|11|811|3538|CON|389905.000000|428862.000000|4.288958
> 09:53:35.752332| e       |udp|192.168.0.82|filenet-rpc|<->| 
> 192.168.0.66|domain|3|3|254|420|CON|723.000000|499.000000|0.001720
> 09:53:39.619407| e       |arp|192.168.0.1||who|192.168.0.74||1|0|60| 
> 0|INT|||0.000000
> 09:53:39.619422| e       |arp|192.168.0.1||who|192.168.0.3||1|0|60| 
> 0|INT|||0.000000
> 09:53:39.619427| e       |arp|192.168.0.1||who|192.168.0.203||1|0| 
> 60|0|INT|||0.000000
> 09:53:40.792242| e       |tcp|192.168.0.66|54339|->|192.168.0.82| 
> monitor|4|4|264|1468|CON|1190073.000000|1190088.000000|4.000573
>
> Carter
>
>
> On Jul 13, 2007, at 7:45 AM, Urtho wrote:
>
>> argus -JR -P560 -i eth0 -U512 -m -D8 -F /etc/argus_no.conf >> / 
>> argus/debug.log >2&1 &
>>
>> debug.log:
>> argus[30164]: 13 Jul 07 13:36:33.879604 started
>> argus[30164]: 13 Jul 07 13:36:33.880359 ArgusGetInterfaceStatus:  
>> interface eth0 is up
>> argus[30164]: 13 Jul 07 13:39:22.702690 connect from  
>> localhost.localdomain
>>
>> [root at radius argus]# ra -c '|' -n -S localhost:560 -s +jit +sjit  
>> +djit +intpkt +dur
>> 13:43:12.075494| e    V  |rtp|193.192.170.34|5312|<->|83.15.159.92| 
>> 4872|250|152|18500|10646|CON|||4.980093
>>
>> :(((
>>
>>

More information about the argus mailing list