ra filter of llc packets
mike tancsa
mike at sentex.ca
Wed Jul 23 10:36:04 EDT 2014
Hi,
I am trying to slim down some historical files by filtering out some L2
proto packets, but cant seem to find the magic filter incantation. Is
there a way to get rid of
packets such as
07/11 19:19:30.80* * llc 00:04:28:c7:fe:50.170 ->
01:00:0c:cc:cc:cd.170 3 192 REQ
07/11 19:19:36.79* * llc 00:04:28:c7:fe:50.170 ->
01:00:0c:cc:cc:cd.170 3 192 REQ
07/11 19:19:42.83* * llc 00:04:28:c7:fe:50.170 ->
01:00:0c:cc:cc:cd.170 3 192 REQ
07/11 19:19:48.83* * llc 00:04:28:c7:fe:50.170 ->
01:00:0c:cc:cc:cd.170 3 192 REQ
Another thing I noticed was that this particular file seems to break the
-N switch-- at least what I understand how it should work.
eg.
# ra -nr mpls-router.arg -s stime,proto | head -20
StartTime Proto
07/11 11:31:58.310204 llc
07/11 11:32:04.309024 llc
07/11 11:32:10.308252 llc
07/11 11:32:16.307877 llc
07/11 11:32:22.306741 llc
07/11 11:32:28.342169 llc
07/11 11:32:34.341274 llc
07/11 11:32:40.340494 llc
07/11 11:32:46.340141 llc
07/11 11:32:49.762776 tcp
07/11 11:32:52.339053 llc
07/11 11:32:55.237412 tcp
07/11 11:32:58.338272 llc
07/11 11:33:03.847288 tcp
07/11 11:33:04.337521 llc
07/11 11:33:10.337955 llc
07/11 11:33:16.336544 llc
07/11 11:33:22.335258 llc
07/11 11:33:28.370505 llc
yet if I do
# ra -nr mpls-router.arg -s stime,proto -N 20 | head -20
StartTime Proto
07/11 11:31:58.310204 llc
#
I get one record ?
---Mike
More information about the argus
mailing list