ragraph load or bytes to compute bandwidth
jeanmarc pouchoulon
jeanmarc.pouchoulon at gmail.com
Fri Jul 20 19:04:56 EDT 2012
hi argus list,
I try to get cumulate network bandwidth for all protocols connected to
mail using
ragraph dload sload dport -m proto dport -M 1s -r ./argus_08\:00\:00.gz
-r ./argus_09\:00\:00.gz -w
./mess_2012_01_03_08_a10h_dload_sload_dport.png - dst port 110 or dst
port 995 or ....
and
ragraph dbytes sbytes dport -m proto dport -M 1s -r
./argus_08\:00\:00.gz -r ./argus_09\:00\:00.gz -w
./mess_2012_01_03_08_a10h_dload_sload_dport.png - port 110 or dst port
995 or dst port 587 or ...
Resulting graphs differ.
Can I use sload/dload with ragraph to compute cumulative bandwidth?
I try but I don't understand how load is aggregating with racluster.
On a single flow , I am not able to understand how is computed load.
StartTime Flgs Proto sCo SrcAddr Sport Dir
dCo DstAddr Dport TotPkts TotBytes State Load
08:07:10.148000 Ne tcp TN 197.0.1.1.32024 ->
US 100.0.1.1.smtp 16 12895 ACC 4868.12*
08:07:49.084000 Ne tcp TN 197.0.1.1.32024 ?>
US 100.0.1.1.smtp 1 1350 CON 0.000000
08:08:27.226000 Ne tcp TN 197.0.1.1.32024 ?>
US 100.0.1.1.smtp 1 1350 CON 0.000000
08:09:11.309000 Ne tcp TN 197.0.1.1.32024 <?
US 100.0.1.1.smtp 2 185 FIN 0.000000
08:09:11.345000 Ne tcp TN 197.0.1.1.32024 ?>
US 100.0.1.1.smtp 1 52 CON 0.000000
aggregating by dport :
StartTime Flgs Proto sCo SrcAddr Sport
Dir dCo DstAddr Dport TotPkts TotBytes
State SrcLoad DstLoad Dur RunTime
08:07:10.148000 Ne tcp TN 197.0.1.1.41520 ->
US 100.0.1.1.smtp 21 15832 FIN
1032.830811 12.2115* 121.196999 19.868000
thanks for your insight
jean-marc
More information about the argus
mailing list