[ARGUS] Question about Flow features
Kolja Straub via Argus-info
argus-info at lists.andrew.cmu.edu
Tue Mar 2 12:55:57 EST 2021
Hi,
I hope you're all good.
I currently have some difficulties generating some flow features I want.
1.
Is there a possibility to get the standard deviation of packet sizes for the standard flows that ra generates?
I only found smeanpkts as a flow field so I wonder if there is the same for standard deviation, but unfortunately I did not found one.
The same would be useful for inter arrival time of packets.
In both cases I tried generating them myself using racluster with aggregation key none (to keep the the flows as they are) and RACLUSTER_AGG_METRIC on different attributes (bytes for the packet size, sintpkt for the interarrival times), but it didn't work out.
2.
Is it possible to get a distribution of packet sizes in a flow or the size of the first packet? For example, 5 packets of size 200 and 4 of size 100 and first packet has size 100.
These are some flow features I found in some papers but I don't have an idea how to get it if it's even possible.
In both cases I wanted to ask if this is possible with the standard clients or if it would be necessary to change something in the code to get what I want.
Thanks in advance
Kolja
Sent with [ProtonMail](https://protonmail.com) Secure Email.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://pairlist1.pair.net/pipermail/argus/attachments/20210302/69eedb43/attachment.html>
More information about the argus
mailing list