graph of bytes against protocols for network loop detection?

Carter Bullard carter at qosient.com
Thu Feb 28 11:54:44 EST 2008 

Hey Marten,
Here is a simple gnuplot plot file that will generate a graph
of 'Total Bytes By Protocol" using argus data.   This graphs src and
dst bytes per protocol separately, if you want just total bytes,
then the change is really simple.

There are a few things that you will want to modify, like adding
  a date string to the title, etc, but this should be a good start for  
you.

So assuming your gnuplot is installed in /opt/local/bin/gnuplot
(change the first line if this needs to be changed), put the included
script in the file 'barchart.bytesxproto.plt" and then:

    % chmod 755 barchart.bytesxproto.plt
    % racluster -m proto -r argus.out -s proto spkts dpkts sbytes  
dbytes > racluster.dat
    % ./barchart.bytesxproto.plt

And you'll get a window that pops up with a graph in it.

If you want to discuss how to get other graphs out of argus data,
just send email to the list and we'll talk about it.

Carter

------ begin barchart.bytesxproto.plt ------
#!/opt/local/bin/gnuplot -persist
#
#       G N U P L O T
#       Version 4.2 patchlevel 2
#       last modified 31 Aug 2007
#       System: Darwin 9.2.0
#
#       Copyright (C) 1986 - 1993, 1998, 2004, 2007
#       Thomas Williams, Colin Kelley and many others
#
#       Type `help` to access the on-line reference manual.
#       The gnuplot FAQ is available from http://www.gnuplot.info/faq/
#
#       Send bug reports and suggestions to <http://sourceforge.net/projects/gnuplot 
 >
#
#
reset
#
# Create simple barchart of Total Bytes by Protocol
# The racluster.dat file was generated using:
#
#     racluster -m proto -r argus.out -s proto spkts dpkts sbytes dbytes
#
# And is of the format:
#
# Proto  SrcPkts  DstPkts     SrcBytes     DstBytes
#   pim    53267    18086     48793554      1085160
#  ospf     1764        0       213220            0
#  [more]
#
set termoption font "Verdana, 12"
set size square 0.90,0.90
set bmargin 4
set title "Total Bytes By Protocol" font "Verdana,22"
set style data histogram
set style histogram cluster gap 1
set style fill solid border -1
set tics font "Verdana,14"
set boxwidth 0.80
set grid
set ylabel "Log Total Bytes" font "Verdana,18"
set logscale y 10
set auto y
set label 1 "Generated by Argus using Gnuplot"
set label 1 at graph 1.02, 0.62 rotate by 90 font "Verdana,9"
#
set key autotitle columnhead
plot 'racluster.dat' using 4:xticlabels(1) ti col, \
      ''              using 5 ti col
#


------ end barchart.bytesxproto.plt ------


On Feb 27, 2008, at 1:52 AM, Marten Bauer wrote:

> Hello,
>
> for detecting network loops I need a graph which
> prints the protocol on the x axes and the amount of
> bytes on the y axes.
>
> I tried to archive this with ragraph, but I never got
> what I want.
>
> Is it possible with ragraph or another ra* tool to
> generate such plot?
>
> Thx for helping
> Marten
>

More information about the argus mailing list