racluster agregation per dst port
Carter Bullard
carter at qosient.com
Mon Oct 12 08:30:01 EDT 2009
Hey Jean-Marc,
You must include the "proto" field, as the dport parsing (whether its
16, 32, or 64 bit)
is specific to the particular proto field. So, ....
racluster -m proto dport -r ./argus_.........
Carter
On Oct 12, 2009, at 6:43 AM, jean-marc pouchoulon wrote:
> Helo Argus list,
>
> I'd like to have a sum of bytes/packets on specific dst port
>
> racluster -m dport -r ./argus_00\:00\:00 - dst port 110 or dst
> port 995
> StartTime Flgs Proto sCo SrcAddr Sport Dir
> dCo DstAddr Dport TotPkts TotBytes State
> 00:00:00.000000 Ne ip ZZ 0.0.0.0 ->
> ZZ 0.0.0.0 29957 1456503 INT
> 00:00:02.375000 Ne ip ZZ 0.0.0.0 ->
> ZZ 0.0.0.0 5281 372398 INT
>
> is there is a way to print the dst port ?
>
>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 3815 bytes
Desc: not available
URL: <https://pairlist1.pair.net/pipermail/argus/attachments/20091012/e60f9eea/attachment.bin>
More information about the argus
mailing list