Inter packet arrival times, etc

John T. Myers via Argus-info argus-info at lists.andrew.cmu.edu
Tue Mar 1 17:43:07 EST 2016


I'm using 3.0.8.1.

I've enabled both -JZ and both fields are still blank.

I enabled spkts and dpkts, and many records have > 1 packet, still getting
blank for all the other fields.

On Tue, Mar 1, 2016 at 5:36 PM, Carter Bullard <carter at qosient.com> wrote:

> Hey John,
> What version of argus are you using ???
> You will get blanks for the SIntPkt and DIntPkt fields if there aren’t
> more than 1 packet in the flow record.
> Try printing out at least the spkts and dpkts fields to see that you are
> getting multiple packets.
>
> You are not turning on source packet size reporting, which needs the -Z
> option, so do you mean +dintpkt instead of +spktsz ?????
>
> Carter
>
> On Mar 1, 2016, at 5:29 PM, John T. Myers via Argus-info <
> argus-info at lists.andrew.cmu.edu> wrote:
>
> Hi,
>
> I'm trying to enable SIntPkt and other similar metrics on live collection
> against an interface.
>
> Which Argus options enable this? I've tried -J but it does not work.
>
> The two commands I'm using are:
>
> sudo /usr/local/sbin/argus -i en0 -P 1776 -J
>
> and then trying...
>
> ra -A -S 127.0.0.1:1776 -s +sintpkt +spktsz
>
> The additional fields I'm trying to capture are blank, though.
>
> Thanks!
> John
>
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://pairlist1.pair.net/pipermail/argus/attachments/20160301/df9efcbf/attachment.html>


More information about the argus mailing list