Management records
Carter Bullard
carter at qosient.com
Wed Jun 4 21:28:50 EDT 2014
Hey Russ,
The 'd' flag means that argus determined that the flow realized loss, somewhere along the path, through its sequence number analysis. Not that the sensor lost the packets. The 'g' indicates that the sensor didn't get all the packets, and experienced gaps in a particular flow (missing sequence numbers).
Seems all is doing well with your set up ???
Carter
> On Jun 4, 2014, at 6:40 PM, Russ Harvey <russ-harvey at ucr.edu> wrote:
>
> Sorry for the dumb question, I did not find an answer in the docs or minimal
> list search I did. In trying to look for evidence of packet loss for
> 10Gb traffic that argus is monitoring, I see indications of dropped packets
> in the record output (e.g. the `d' flag is set and the loss field has a
> non-zero value). However, looking at the management records for the same
> traffic does not show any packet loss/ retransmits (in the sport filed,
> I believe). Why would the management records not indicate losses?
> I am using argus-3.0.7.5 on ubuntu 12.04 (and have linked argus to a netmap
> version of libpcap)
>
> Thanks,
> --russ
>
More information about the argus
mailing list