grouping incoming http requests by subnet?

James A. Robinson jim.robinson at gmail.com
Thu Jan 31 01:25:00 EST 2013


On Wed, Jan 30, 2013 at 9:06 PM, Dave Edelman <dedelman at iname.com> wrote:
> The -r <datasource> option is going to try reading from a file. I went a
> caught a thousand wild packet I have radium running on the same box and its
> connection port is 9012
>
> ra -S localhost:9601 -w testAll.arg -N 1000
>
> and then I sent them through racluster which can also do the filtering. I
> don’t really think that you want to use rmon mode or both your source and
> destination subnets are going to appear as source addresses.
>
> racluster  -m saddr/24 -r testAll.arg - tcp and port 80

Ah, thank you for pointing out that I can combine the filtering
with racluster, w/o needing an additional filter in the pipeline.

Ok, so -m saddr/24 is going to do what I thought, roll up the
traffic from multiple ips sharing the same class C, cool.

Jim



More information about the argus mailing list