unidirectional flows in argus
Carter Bullard
carter at qosient.com
Thu Jul 21 19:03:57 EDT 2011
There seems to be some confusion. As I stated, the -M rmon option will not generate unidirectional flows, but you will be able to print the values using the method I provided, to check your values. How are you running your command, and why do you think its not working?
Carter
On Jul 21, 2011, at 1:52 PM, Will Urbanski wrote:
> Would it be appropriate to put it under the -M option?
>
> I tried that command but I am still getting the flows in both
> directions. Piping the command to racount produces the same output as well.
>
> Cheers,
>
> Will
>
> On 07/20/2011 08:00 PM, Carter Bullard wrote:
>> Hey Will,
>> We currently don't have methods to convert to unidirectional flows, although it wouldn't take much to do that. How would you want to specify it on the command line ?
>>
>> You can print unidirectional flow representations using the rmon option, and printing only the src identifiers. So something like:
>>
>> ra -M rmon -r file -s sstime sdur sadder sport dir daddr dport spkts sbytes
>>
>> this will print what would be the unidirectional flow stats.
>>
>> Carter
>>
>> Carter Bullard, QoSient, LLC
>> 150 E. 57th Street Suite 12D
>> New York, New York 10022
>> +1 212 588-9133 Phone
>> +1 212 588-9134 Fax
>>
>> On Jul 19, 2011, at 10:57 AM, Will Urbanski <urbanski at vt.edu> wrote:
>>
>>> Hello,
>>>
>>> I am trying to convert some argus captures from bidirectional to
>>> unidirectional flows to compare with some other captures that were done
>>> with flow-tools. I've tried (unsuccessfully) to convert the
>>> bidirectional flows using -M rmon in racount, ra, etc and can't see a
>>> difference between when -M rmon is and is not specified. Is -M rmon the
>>> appropriate way to be specifying that I want a unidirectional flow from
>>> Argus?
>>>
>>> Thanks,
>>>
>>> Will
>>>
>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 4367 bytes
Desc: not available
URL: <https://pairlist1.pair.net/pipermail/argus/attachments/20110721/5a50e829/attachment.bin>
More information about the argus
mailing list