Full docs about ra output?

Mark Poepping poepping at cmu.edu
Thu May 24 21:39:09 EDT 2012 

Taking a stab (trying to relieve Carter of some of the burden)...

For directionality specifically, if it's a well-defined protocol and argus saw most (if not all) of the packets from the beginning, it will know the direction, but there are many examples of ordinary and hybrid protocols where you won't necessarily know the direction in all cases: peer-to-peer, ICMP, UDP can all make it hard to understand direction - or direction might not have meaning.  Packet loss (esp. packet sampling) often causes this output, and multi-path routing will 'look like' packet loss too, depending on where you're watching and how your paths are advertised or have evolved over time.

On a simple, lightly loaded network (my house), long-running argus probes generally get the directionality right.
At my work, it's not so simple so it helps to interact with questions that we have for the data and considerations of probe location and efficiency given the use cases.

Hope that helps some, it takes a little getting used to.  If you have specific questions or confusions, it does help to snap a packet capture that displays your confusion - that way others may be work with them directly and try to help you (with no explicit promises, of course).
Mark.


From: argus-info-bounces+poepping=cmu.edu at lists.andrew.cmu.edu [mailto:argus-info-bounces+poepping=cmu.edu at lists.andrew.cmu.edu] On Behalf Of Matt Brown
Sent: Thursday, May 24, 2012 9:00 PM
To: argus-info at lists.andrew.cmu.edu
Subject: [ARGUS] Full docs about ra output?


Hello,

I see the man page for ra, but it seems lacking for some DSR value output.  For instance, there are somethings that aren't implicit, but appear like they should/were intended to be.

Specifically, I see this with 'dir's possible values.

The cases if confusion are <? And ?>.  How can argus "not" know the direction of the transaction "sort of?"

Thanks,

Matt
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://pairlist1.pair.net/pipermail/argus/attachments/20120525/92e34aa2/attachment.html>

More information about the argus mailing list