unidirectional flows in argus
Will Urbanski
urbanski at vt.edu
Thu Jul 21 13:52:07 EDT 2011
Would it be appropriate to put it under the -M option?
I tried that command but I am still getting the flows in both
directions. Piping the command to racount produces the same output as well.
Cheers,
Will
On 07/20/2011 08:00 PM, Carter Bullard wrote:
> Hey Will,
> We currently don't have methods to convert to unidirectional flows, although it wouldn't take much to do that. How would you want to specify it on the command line ?
>
> You can print unidirectional flow representations using the rmon option, and printing only the src identifiers. So something like:
>
> ra -M rmon -r file -s sstime sdur sadder sport dir daddr dport spkts sbytes
>
> this will print what would be the unidirectional flow stats.
>
> Carter
>
> Carter Bullard, QoSient, LLC
> 150 E. 57th Street Suite 12D
> New York, New York 10022
> +1 212 588-9133 Phone
> +1 212 588-9134 Fax
>
> On Jul 19, 2011, at 10:57 AM, Will Urbanski <urbanski at vt.edu> wrote:
>
>> Hello,
>>
>> I am trying to convert some argus captures from bidirectional to
>> unidirectional flows to compare with some other captures that were done
>> with flow-tools. I've tried (unsuccessfully) to convert the
>> bidirectional flows using -M rmon in racount, ra, etc and can't see a
>> difference between when -M rmon is and is not specified. Is -M rmon the
>> appropriate way to be specifying that I want a unidirectional flow from
>> Argus?
>>
>> Thanks,
>>
>> Will
>>
More information about the argus
mailing list