Management records
Russ Harvey
russ-harvey at ucr.edu
Thu Jun 5 10:31:31 EDT 2014
Thanks Carter,
I don't quite get your answer, but will do some research to try to understand
it. From the man page, I guess I thought just the opposite:
s - Src loss/retransmissions
d - Dst loss/retransmissions
g - Gaps in sequence numbers were observed
since I thought `loss' meant packet loss and gaps meant the sequence numbers
were off somehow.
The setup with argus and netmap is working pretty well, though we haven't
stressed it, the 10Gb link being monitored only peaks at about 60K pps.
Later this month we will put an argus/netmap system on our other 10Gb link,
which peaks around 250K pps, so we'll see how that one goes.
Thanks again,
--russ
On Wed, Jun 04, 2014 at 09:28:50PM -0400, Carter Bullard wrote:
> Hey Russ,
> The 'd' flag means that argus determined that the flow realized loss, somewhere along the path, through its sequence number analysis. Not that the sensor lost the packets. The 'g' indicates that the sensor didn't get all the packets, and experienced gaps in a particular flow (missing sequence numbers).
>
> Seems all is doing well with your set up ???
>
> Carter
>
> > On Jun 4, 2014, at 6:40 PM, Russ Harvey <russ-harvey at ucr.edu> wrote:
> >
> > Sorry for the dumb question, I did not find an answer in the docs or minimal
> > list search I did. In trying to look for evidence of packet loss for
> > 10Gb traffic that argus is monitoring, I see indications of dropped packets
> > in the record output (e.g. the `d' flag is set and the loss field has a
> > non-zero value). However, looking at the management records for the same
> > traffic does not show any packet loss/ retransmits (in the sport filed,
> > I believe). Why would the management records not indicate losses?
> > I am using argus-3.0.7.5 on ubuntu 12.04 (and have linked argus to a netmap
> > version of libpcap)
> >
> > Thanks,
> > --russ
> >
More information about the argus
mailing list