argus user data buffer analysis
Oguz Yarimtepe
comp.ogz at gmail.com
Sat Feb 14 15:18:49 EST 2009
Hi,
I was testing argus with some offline data. I have some questions
related with both argus usage and some details about it.
My offline data is a tcpdump record and it is suggested to convert it to
argus data as argus -mAJZRU 512 to get as much information as possible
from the record. What is the idea behind using 512 byte of user data to
capture?
Can you give me some information about the Interpacket arrival time? How
does it being calculated?
If i want to calculate the non-empty packets at a flow, should i subract
the loss number from total number?
Thanx.
On Thu, 2009-02-12 at 12:33 -0500, Carter Bullard wrote:
> If we can go through each metric, one at a time, with some
> priority, I can writeup a detailed email as to what is in argus to
> support that specific metric, and what clients are needed to
> process/generate a report, or the specific value.
>
> Using that as a starting point, then we can identify what additional
> work is needed, and what an operational tool for that metric
> would look like.
--
Oguz Yarimtepe
http://www.loopbacking.info
More information about the argus
mailing list