Per-connection info
David
lists at edeca.net
Mon Nov 26 06:51:14 EST 2007
I have just started using Argus and I'd like to get
per-connection/stream info out using ra.
The fields I am interested in can be provided, it seems, by the Argus
data. I would like start time, duration (or end time), end-points (IP
and port or IP and ICMP message-type), packet totals and byte totals.
However, I do not want 1 line per Argus record (e.g. SYN/FIN/etc). I
would like 1 line per connection (for TCP flows), UDP stream or ICMP
message with the total counts per stream.
What I am after is similar to tshark -z conv,tcp but with the dates,
which Wireshark cannot do and UDP/ICMP messages.
I have tried ragator but possibly I passed the wrong option, as
further ra runs do not appear to do what I am after.
Other tools such as rahosts have saved me lots of time so far, thanks!
David
More information about the argus
mailing list