argus metric: hops and ttl
CS Lee
geek00l at gmail.com
Thu Oct 11 10:46:53 EDT 2007
Hi Carter,
Thanks, and i just realize srng and drng are obsolete.
On 10/11/07, Carter Bullard <carter at qosient.com> wrote:
>
> Hey CS Lee,
> shops and dhops are derived from sttl and dttl but they are not the same
> metric.
> The sttl and dttl are the time to live fields which are the number of hops
> left in
> the packet before they will be discarded. We report the last ttl value
> and have
> a bit indication that it has changed during this reporting status
> interval.
>
> The shops and dhops are an attempt to calculate the number of hops the
> packet went through. So we take the ttl and we subtract it from a
> possible
> starting TTL value. Almost all TCPs use an initial TTL that is a power of
> 2, 64, 128, 256 (corrected to 255). While there are some OSs that will
> use 30 and 60 as an initial TTL value (AIX, HP-UX 3.x, Irix, OSF, Stratus,
> Ultrix, VMS), not correcting for these discrepancies still
> generates useful
> statistical data.
>
> So if the sttl is 243, then the shops will be (255 - 243), 12.
>
> Carter
>
>
>
>
> On Oct 11, 2007, at 1:47 AM, CS Lee wrote:
>
> Hi Carter,
>
> I figure there are shops, dhops and sttl, dttl in argus metric, just need
> to confirm both hops and ttl are the same in argus right. Another thing is
> may I know how you detect and obtain the value of loss( e.g, dup ack, etc)
> in the flow.
>
> Thanks,
> --
> Best Regards,
>
> CS Lee<geekooL[at]gmail.com>
>
> http://geek00l.blogspot.com
>
>
>
--
Best Regards,
CS Lee<geekooL[at]gmail.com>
http://geek00l.blogspot.com
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://pairlist1.pair.net/pipermail/argus/attachments/20071011/b3336b52/attachment.html>
More information about the argus
mailing list