Top talkers on particular service

Stewart Gray Stewart.Gray at safecom.co.nz
Mon Mar 3 19:42:25 EST 2008 

I'm actually still running argus 2.0.6 on the machine in question, I
guess I have to upgrade first to use racluster :)

Thanks for the command, i'll give it a crack this evening.

Cheers, 

Stewart

-----Original Message-----
From: Pablo J. Rebollo-Sosa [mailto:Pablo.Rebollo at ece.uprm.edu] 
Sent: Tuesday, 4 March 2008 10:08 a.m.
To: Stewart Gray
Cc: argus-info at lists.andrew.cmu.edu
Subject: Re: [ARGUS] Top talkers on particular service

Stew,

You could try the following.

racluster -r argus.* -M rmon -m saddr  -w - - port https | rasort -m
bytes -w - | ra -N 20 -s saddr trans:10 sbytes:14 dbytes:14 bytes:14

Best regards,

Pablo J. Rebollo

Stewart Gray wrote:
> Hey Guys,
>  
> A simply question im sure. How do you get a list of top talkers for a 
> particular service. In real terms, I'm seeing a large spike in https 
> traffic and I'd like to know who is generating the traffic. I've 
> played with 'ramon -M Matrix' but I'm only interested in the src 
> addresses initially. Once i've determine the top talker it'd be good 
> to drill it down to find what it's talking to.
>  
> Have you considering putting an argus cheat sheet of sorts on your
page? 
> It could cover a bunch of argus tool usage examples. It'd be useful 
> for these sorts of queries :)
>  
> Thanks,
>  
> Stew
> ######################################################################
> ###############
> Important: This electronic message and attachments (if any) are 
> confidential and may be legally privileged. If you are not the 
> intended recipient do not copy, disclose or use the contents in any 
> way. Please let us know by return e-mail immediately and then destroy
this message.
> ######################################################################
> ###############
#####################################################################################
Important: This electronic message and attachments (if any) are confidential
and may be legally privileged. If you are not the intended recipient do not
copy, disclose or use the contents in any way. Please let us know by return
e-mail immediately and then destroy this message.
#####################################################################################

More information about the argus mailing list