racluster for connections initiated by host X
David
lists at edeca.net
Fri Aug 15 12:35:34 EDT 2008
Another quick question, this time regarding racluster. I am running
it like so:
$ racluster -m saddr daddr -w - - "port 80" | rasort -m bytes
This seems to work fine to give me a sorted list of the biggest flows
(where one end is port 80). Please let me know if there is anything
very wrong with this assumption.
However, what I really want is a list of all destinations and the byte
counts from host X to any host on port 80. So I have tried various
combinations of:
$ racluster -m saddr daddr -w - - "src host X and dst port 80" |
rasort -m bytes
But I cannot seem to get any data out of this. I am sure I am missing
something fairly trivial, but I cannot figure out what it is.
David
----------------------------------------------------------------
This message was sent using IMP, the Internet Messaging Program.
More information about the argus
mailing list