Top talkers on particular service
Pablo J. Rebollo-Sosa
Pablo.Rebollo at ece.uprm.edu
Mon Mar 3 16:07:31 EST 2008
Stew,
You could try the following.
racluster -r argus.* -M rmon -m saddr -w - - port https | rasort -m
bytes -w - | ra -N 20 -s saddr trans:10 sbytes:14 dbytes:14 bytes:14
Best regards,
Pablo J. Rebollo
Stewart Gray wrote:
> Hey Guys,
>
> A simply question im sure. How do you get a list of top talkers for a
> particular service. In real terms, I'm seeing a large spike in https
> traffic and I'd like to know who is generating the traffic. I've played
> with 'ramon -M Matrix' but I'm only interested in the src addresses
> initially. Once i've determine the top talker it'd be good to drill it
> down to find what it's talking to.
>
> Have you considering putting an argus cheat sheet of sorts on your page?
> It could cover a bunch of argus tool usage examples. It'd be useful for
> these sorts of queries :)
>
> Thanks,
>
> Stew
> #####################################################################################
> Important: This electronic message and attachments (if any) are
> confidential and may be legally privileged. If you are not the intended
> recipient do not copy, disclose or use the contents in any way. Please
> let us know by return e-mail immediately and then destroy this message.
> #####################################################################################
More information about the argus
mailing list