Measuring traffic (confused by -M rmon parameter)

Robert Leyba r_leyba14 at yahoo.com
Fri Jun 1 00:54:11 EDT 2007 

We'd like to measure the network traffic between two of our vlans.   We are 
quite confused by the -M rmon parameter.   In our example below, I sent 4 ping 
packets from one host to another.  Doing a simple ra and racount vs one with 
the -M rmon switch set, it looks like the one with the -M rmon is counting the 
packets twice.  Note how the timestamps of the packet transmission appears 
twice.

What would be the correct procedure?

Thanks

--robert




root at cpocts:/tmp# ra -r outfile - net 10.52.32.215/20 and net 10.22.97.10/20  -
L0
         StartTime    Flgs   Proto      SrcAddr        Sport   Dir      
DstAddr        Dport  SrcPkts  DstPkts     SrcBytes     DstBytes State
   14:35:54.112424  e         icmp        10.22.97.107          <->        
10.52.32.215               1        1           74           74   ECO
   14:35:55.114070  e         icmp        10.22.97.107          <->        
10.52.32.215               1        1           74           74   ECO
   14:35:56.114940  e         icmp        10.22.97.107          <->        
10.52.32.215               1        1           74           74   ECO
   14:35:57.116779  e         icmp        10.22.97.107          <->        
10.52.32.215               1        1           74           74   ECO
root at cpocts:/tmp# ra -M rmon -r outfile - net 10.52.32.215/20 and net 
10.22.97.10/20  -L0
         StartTime    Flgs   Proto         Host        Sport   Dir      
DstAddr        Dport  OutPkts   InPkts     OutBytes      InBytes State
   14:35:54.112424  e         icmp        10.22.97.107          <->        
10.52.32.215               1        1           74           74   ECO
   14:35:54.112424  e         icmp        10.52.32.215          <->        
10.22.97.107               1        1           74           74   ECO
   14:35:55.114070  e         icmp        10.22.97.107          <->        
10.52.32.215               1        1           74           74   ECO
   14:35:55.114070  e         icmp        10.52.32.215          <->        
10.22.97.107               1        1           74           74   ECO
   14:35:56.114940  e         icmp        10.22.97.107          <->        
10.52.32.215               1        1           74           74   ECO
   14:35:56.114940  e         icmp        10.52.32.215          <->        
10.22.97.107               1        1           74           74   ECO
   14:35:57.116779  e         icmp        10.22.97.107          <->        
10.52.32.215               1        1           74           74   ECO
   14:35:57.116779  e         icmp        10.52.32.215          <->        
10.22.97.107               1        1           74           74   ECO
root at cpocts:/tmp# racount -M rmon -r outfile - net 10.52.32.215/20 and net 
10.22.97.10/20  -L0
racount   records     total_pkts     src_pkts       dst_pkts       
total_bytes        src_bytes          dst_bytes
    sum   5           16             8              8              
1184               592                592
root at cpocts:/tmp# racount -r outfile - net 10.52.32.215/20 and net 
10.22.97.10/20  -L0
racount   records     total_pkts     src_pkts       dst_pkts       
total_bytes        src_bytes          dst_bytes
    sum   5           8              4              4              
592                296                296

More information about the argus mailing list