NAME
rastrip - strip
data file.
COPYRIGHT
Copyright (c) 2000-2003 QoSient. All rights
reserved.
SYNOPSIS
rastrip [[-M stripfield]
[stripfield] ...] [raoptions]
DESCRIPTION
Rastrip reads argus data from an argus-data
source, and removes data sections that are specified on the command
line, and outputs a valid argus-stream. If rastrip is
run without any stripfield directives, the default is to
strip out all information from the record except the FAR
information and TCP specific information. This default generates an
argus-stream that contains the same semantic information
that was present in argus-1.5 data records, and generates the same
output from ra().
OPTIONS
Rastrip, like all ra based clients, supports a
number of ra options including filtering of input argus
records through a terminating filter expression. See ra(1) for a
complete description of ra options. rastrip(1)
specific options are:
- -M [-|+]stripfield
-
Supported stripfields are:
-
- far
- flow descriptors and flow metrics
- mac
- media access control addresses
- tcp
- TCP specific identifiers and metrics, such as base sequence
numbers, advertised window sizes and retransmission statistics.
- icmp
- ICMP specific identifiers and metrics, such as the source
address of the ICMP packet, the declared gateway address and the
ICMP types and modes, such as ECHO or Port Unreachable, along with
the port value.
- rtp
- RTP and RTCP specific identifiers and metrics, such as the
source stream identifiers, the last sequence number and stream drop
statistics.
- igmp
- IGMP specific identifiers and metrics.
- arp
- IGMP specific identifiers and metrics, such as the MAC address
of the responder to arp requests for a specific address.
- frag
- Fragmentation specific identifiers and metrics, such as the
average fragment size, number of fragments in this fragment, last
offset seen in this fragment.
- esp
- ESP specific identifiers and metrics, such as the Security
Identifier the last sequence number seen and drop statistics.
- mpls
- MPLS specific identifiers, such as the last MPLS label seen on
this flow.
- vlan
- VLAN specific identifiers, such as the source and destination
VLAN identifiers. flow.
- pppoe
- PPPOE specific identifiers, such as the source and destination
SAP identifiers.
- agr
- Aggregation specific metrics, such as the number of records
aggregated, the mean record duration, standard deviations.
- jitter
- Jitter specific metrics, such as the mean interpacket arrival
time while the flow is active, max, min and standard deviation, as
well as metrics for while the flow is idle.
- user
- All user data capture buffers.
- srcuser
- User data capture buffer from the source node.
- dstuser
- User data capture buffer from the destination node.
- stime
- Source jitter information.
- dtime
- Destination jitter information.
INVOCATION
Sample invocations of rastrip(1).
The first call reads
data from inputfile and strips the record, leaving only the
FAR data, which contains the flow descriptors and basic metrics,
and jitter information.
rastrip -r inputfile -M far jitter
The next sample invocation of rastrip(1),
adds vlan specific information to the default far and tcp
information that would normally be retained.
rastrip -r inputfile -M +vlan
The next sample invocation of rastrip(1),
removes only the user data capture buffers from the
argus-stream, keep the rest of the data intact.
rastrip -r inputfile -M -user
SEE ALSO
ra(1),
tcpdump(1)
FILES
AUTHORS
Carter Bullard (
BUGS