zero flow duration?
Russell Fulton
r.fulton at auckland.ac.nz
Thu Oct 11 17:55:34 EDT 2007
Michael Hornung wrote:
> I'm trying to look at average bandwidth utilization per host offering
> services on a segment I'm monitoring. To do so I'm running the
> following on an argus file:
>
> racluster -r file -M norep -w - -- ip | \
> ra -s daddr bytes dur -- 'dst net (blah)'
>
> In many of the records there is a byte count but the flow duration
> reads "0.000000". Can you explain in what curcumstances a flow has a
> duration of 0? My guess is that the given flow did not end within the
> file I'm passing through racluster?
>
single packet flows ?
Russell
More information about the argus
mailing list