Ratop output
Monah Baki
monahbaki at gmail.com
Mon Dec 15 13:08:23 EST 2014
Hi all,
Running the following:
ratop -S localhost:561 -s stime proto saddr sport sco daddr dport dco
trans sload suser:100 - port 53
I noticed the first row "trans" and "SrcLoad" increases until you clear the
flow list, then a whole new output appears and whatever domain is in the
first row same symptom, the "trans" and "SrcLoad" increases till you
refresh.
Here is the output of what happens after the "Clear flow list"
13:04:35.095126 udp 172.31.1.8.49268 ZZ
10.1.0.182.domain ZZ *590 27870.4**
s[36]=t............s3.amazonaws.com.....t.
Clear flow list
13:05:06.018174 udp 172.31.1.8.49268 ZZ
10.1.0.182.domain ZZ *148 31109.3**
s[36]=x............support.apple.com.....x
Clear flow list
13:05:23.206770 udp 172.31.1.8.49268 ZZ
10.1.0.182.domain ZZ *144 24917.1**
s[40]={............atdmt-a.akamaihd.net.....{.
etc etc
Is there a way to automatic refresh???
Thanks
Monah
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://pairlist1.pair.net/pipermail/argus/attachments/20141215/80553477/attachment.html>
More information about the argus
mailing list