ra filter of llc packets

mike tancsa mike at sentex.ca
Wed Jul 23 17:57:26 EDT 2014 

On 7/23/2014 5:24 PM, Carter Bullard wrote:
> What system are you on, 32-bit ???  64-bit ??? Do you have a .rarc file ???

Actually, I tried both on 64 and 32.  The file was generated on a 32bit 
version.  All are FreeBSD

>
> So can we try some test ???  How do these uses of -N work for you ??
>
>     ra -s +0rank -r file -N 5
>     ra -s +0rank -r file -N 0-5
>     ra -s +0rank -r file -N 5-10
>
>     ra -s +0rank -r file -N i5
>     ra -s +0rank -r file -N o5-10
>
>     ra -s +0rank -r file -N i0-10 -N o5-8


Output attached in a txt file.  No .rarc file.  Just the defaults and on 
a 64bit system.   FreeBSD 9.3-STABLE #11 r268621, using clients-latest 
from the URL you provided which is argus-clients-3.0.8
0(cage)% strings /usr/local/bin/ra | tail -1
3.0.8
0(cage)% which ra
/usr/local/bin/ra
0(cage)%

	---Mike

-------------- next part --------------
0(cage)% ra -s +0rank -r file -N 5 
 Rank           StartTime      Flgs  Proto            SrcAddr  Sport   Dir            DstAddr  Dport  TotPkts   TotBytes State 
     1    11:31:58.310204  *           llc  00:04:28:c7:fe:50.snap      ->  01:00:0c:cc:cc:cd.snap          3        192   INT
0(cage)% ra -s +0rank -r file -N 0-5   
ra -s +0rank -r file -N 5-10   
 Rank           StartTime      Flgs  Proto            SrcAddr  Sport   Dir            DstAddr  Dport  TotPkts   TotBytes State 
     1    11:31:58.310204  *           llc  00:04:28:c7:fe:50.snap      ->  01:00:0c:cc:cc:cd.snap          3        192   INT
0(cage)% ra -s +0rank -r file -N 5-10   
ra -s +0rank -r file -N i5   
0(cage)% ra -s +0rank -r file -N i5   
 Rank           StartTime      Flgs  Proto            SrcAddr  Sport   Dir            DstAddr  Dport  TotPkts   TotBytes State 
     1    11:31:58.310204  *           llc  00:04:28:c7:fe:50.snap      ->  01:00:0c:cc:cc:cd.snap          3        192   INT
0(cage)% ra -s +0rank -r file -N o5-10   
 Rank           StartTime      Flgs  Proto            SrcAddr  Sport   Dir            DstAddr  Dport  TotPkts   TotBytes State 
     5    11:32:22.306741  *           llc  00:04:28:c7:fe:50.snap      ->  01:00:0c:cc:cc:cd.snap          3        192   REQ
     6    11:32:28.342169  *           llc  00:04:28:c7:fe:50.snap      ->  01:00:0c:cc:cc:cd.snap          3        192   REQ
     7    11:32:34.341274  *           llc  00:04:28:c7:fe:50.snap      ->  01:00:0c:cc:cc:cd.snap          3        192   REQ
     8    11:32:40.340494  *           llc  00:04:28:c7:fe:50.snap      ->  01:00:0c:cc:cc:cd.snap          3        192   REQ
     9    11:32:46.340141  *           llc  00:04:28:c7:fe:50.snap      ->  01:00:0c:cc:cc:cd.snap          3        192   REQ
    10    11:32:49.762776  e           tcp      98.159.255.66.bgp      <?>      98.159.255.65.15896         2        127   CON
0(cage)% ra -s +0rank -r file -N i0-10 -N o5-8
 Rank           StartTime      Flgs  Proto            SrcAddr  Sport   Dir            DstAddr  Dport  TotPkts   TotBytes State 
0(cage)%

More information about the argus mailing list