Documentation of fields
Jochen Haemmerle
mail at jhaemmerle.org
Fri Jun 6 09:08:04 EDT 2008
Hi Carter,
> Any field in particular that caught your eye?
No, nothing in particular. I was just curious ;)
I did a little comparison of the possible fields mentioned in the manpage,
listed in the ra.print.all.conf and the one I got out of a "printall" XML
ArgusRecord.
I attached the list at the end of the mail.
Still, is there some documentation maybe in the src-code (haven't checked
so far) that I could look for?
I'm currently working on a project doing statistical analysis with network
traffic, and I would be really happy to get as much information out of a
pcap file as possbile.
Regards
Jochen
>
> Carter
>
> On Jun 5, 2008, at 12:17 PM, Jochen Haemmerle wrote:
>
>> Hi,
>>
>> I'm new to argus and just started to play around with v3.0.0.. I
>> stumbled
>> over the "-s" option and the ra.print.all.conf. where the amount of
>> available fields really amazed me. Is there a description for the
>> available fields?. The "ra" manpage covered may fields, however some
>> were
>> missing.
>> Is there a readme file I missed or so? I'd be happy for every hint.
>>
>> Regards
>> Jochen
>>
>>
>>
>>
>
>
## ra.printall ## ########## ra - Manpage
######################################## ## XML ra.printall ##
ackdat TcpAckDat
appbytes appbytes total application bytes. AppBytes
avgdur avgdur average duration of aggregated
records.. AvgDuration
binnum BinNum
bins Bins
bytes bytes total transaction bytes. Bytes
daddr daddr destination IP addr. DstAddr
dappbytes dappbytes dst -> src application bytes. DstAppBytes
dbytes dbytes dst -> src transaction bytes. DstBytes
dco dco destination IP address country code. DstCoCode
ddbytes DeltaDstBytes
ddpkts DeltaDstPkts
ddsb ddsb destination diff serve byte value. DstDSByte
ddur DstDuration
deldur DeltaDuration
delltime DeltaLastTime
delstime DeltaStartTime
denc DstEncaps
dhops DstHops
dintpkt dintpkt destination interpacket arrival time DstIntPkt
dintpktact DstActiveIntPkt
dintpktactmax DstActIntPktMax
dintpktactmin DstActIntPktMin
dintpktidl DstIdleIntPkt
dintpktidlmax
dintpktidlmin
dintpktmax DstIntPktMax
dintpktmin DstIntPktMin
dipid dipid destination IP identifier. DstIpId
dir dir direction of transaction Dir
djit djit destination jitter.
djitact
djitidl
dload dload destination bits per second. DstLoad
dloss dloss destination pkts retransmitted or
dropped. DstLoss
dltime DstLastTime
dmac dmac destination MAC addr. DstMacAddr
dmaxsz dmaxsz maximum packet size for traffic
transmitted by the dst. DstMaxPktSize
dminsz dminsz minimum packet size for traffic transmitted
by the dst. dstMinPktSize
dmpls dmpls destination MPLS identifier.
dpkts dpkts dst -> src packet count. DstPkts
dploss dploss percent destination pkts retransmitted or
dropped. DstPctLoss
dport dport destination port number. DstPort
drate drate destination pkts per second. DstRate
drng
dsbytes DeltaSrcBytes
dspkts DeltaSrcPkts
dstime
dtcpb dtcpb destination TCP base sequence number
dtos dtos destination TOS byte value. DstTos
dttl dttl dst -> src TTL value. DstTtl
dur dur record total duration. Duration
duser:1500
DstUserData
dvid destination VLAN identifier.
dvid dvlan destination user date buffer.
dvlan dvlan destination VLAN identifier.
dvpri dvpri destination VLAN priority.
dwin dwin destination TCP window advertisement.
erng end time for the filter timerange.
flgs flgs TCP flags seen in transaction. Flags
inode inode ICMP intermediate node. InodeAddr
intpkt interpacket arrival time
jdelay
jit jit jitter.
jitact
jitidl
ldelay
load load bits per second. Load
loss loss pkts retransmitted or dropped. Loss
ltime ltime record last time. LastTime
maxdur maxdur maximum duration of aggregated
records. MaxDuration
mindur mindur minimum duration of aggregated
records. MinDuration
offset record byte offset in file or stream.
pddbytes PctDeltaDstBytes
pddpkts PctDeltaDstPkts
pdsbytes PctDeltaSrcBytes
pdspkts PctDeltaSrcPkts
pkts pkts total transaction packet count. Pkts
ploss ploss percent pkts retransmitted or
dropped PctLoss
proto proto transaction protocol. Proto
rate rate pkts per second. Rate
saddr saddr source IP addr. SrcAddr
sappbytes sappbytes src -> dst application bytes. SrcAppBytes
sbytes sbytes src -> dst transaction bytes. SrcBytes
sco sco source IP address country code. SrcCoCode
sdsb sdsb source diff serve byte value. SrcDSByte
sdur SrcDuration
senc SrcEncaps
seq seq argus sequence number. SeqNumber
shops SrcHops
sintpkt sintpkt source interpacket arrival time
sintpktact SrcActiveIntPkt
sintpktactmax SrcActIntPktMax
sintpktactmin SrcActIntPktMin
sintpktidl SrcIdleIntPkt
sintpktidlmax
sintpktidlmin
sintpktmax SrcIntPktMax
sintpktmin SrcIntPktMin
sipid sipid source IP identifier. SrcIpId
sjit sjit source jitter.
sjitact
sjitidl
sload sload source bits per second. SrcLoad
sloss sloss source pkts retransmitted or dropped. SrcLoss
sltime SrcLastTime
smac smac source MAC addr. SrcMacAddr
smaxsz smaxsz maximum packet size for traffic
transmitted by the src. SrcMaxPktSize
sminsz sminsz minimum packet size for traffic
transmitted by the src. SrcMinPktSize
smpls smpls source MPLS identifier.
spkts spkts src -> dst packet count. SrcPkts
sploss sploss percent source pkts retransmitted or
dropped. SrcPctLoss
sport sport source port number. SrcPort
srate srate source pkts per second. SrcRate
srcid srcid argus source identifier.
srng srng start time for the filter
timerange. StartRange
sstime SrcStartTime
state state transaction state State
stcpb stcpb source TCP base sequence number
stddev stddev standard deviation of aggregated duration
times. StdDev
stime stime record start time StartTime
stos stos source TOS byte value. SrcTos
sttl sttl src -> dst TTL value. SrcTtl
suser:1500 suser source user date buffer. SrcUserData
svid svid source VLAN identifier.
svlan svlan source VLAN identifier.
svpri svpri source VLAN priority.
swin swin source TCP window advertisement.
synack TcpSynAck
tcpext
tcprtt tcprtt TCP connection setup round-trip time.
trans trans aggregation record count.
More information about the argus
mailing list