NAME
rastrip - strip argus(8) data file.
COPYRIGHT
Copyright (c) 2000-2003 QoSient. All rights reserved.
SYNOPSIS
rastrip [[-M stripfield] [stripfield] ...] [raoptions]
DESCRIPTION
Rastrip reads argus data from an argus-data source, and removes data
sections that are specified on the command line, and outputs a valid
argus-stream. If rastrip is run without any stripfield directives,
the default is to strip out all information from the record except the
FAR information and TCP specific information. This default generates
an argus-stream that contains the same semantic information that was
present in argus-1.5 data records, and generates the same output from
ra().
OPTIONS
Rastrip, like all ra based clients, supports a number of ra options
including filtering of input argus records through a terminating filter
expression. See ra(1) for a complete description of ra options.
rastrip(1) specific options are:
-M [-|+]stripfield
Supported stripfields are:
far flow descriptors and flow metrics
mac media access control addresses
tcp TCP specific identifiers and metrics, such as
base sequence numbers, advertised window sizes
and retransmission statistics.
icmp ICMP specific identifiers and metrics, such as
the source address of the ICMP packet, the
declared gateway address and the ICMP types and
modes, such as ECHO or Port Unreachable, along
with the port value.
rtp RTP and RTCP specific identifiers and metrics,
such as the source stream identifiers, the last
sequence number and stream drop statistics.
igmp IGMP specific identifiers and metrics.
arp IGMP specific identifiers and metrics, such as
the MAC address of the responder to arp requests
for a specific address.
frag Fragmentation specific identifiers and metrics,
such as the average fragment size, number of
fragments in this fragment, last offset seen in
this fragment.
esp ESP specific identifiers and metrics, such as the
Security Identifier the last sequence number seen
and drop statistics.
mpls MPLS specific identifiers, such as the last MPLS
label seen on this flow.
vlan VLAN specific identifiers, such as the source and
destination VLAN identifiers. flow.
pppoe PPPOE specific identifiers, such as the source
and destination SAP identifiers.
agr Aggregation specific metrics, such as the number
of records aggregated, the mean record duration,
standard deviations.
jitter Jitter specific metrics, such as the mean
interpacket arrival time while the flow is
active, max, min and standard deviation, as well
as metrics for while the flow is idle.
user All user data capture buffers.
srcuser User data capture buffer from the source node.
dstuser User data capture buffer from the destination
node.
stime Source jitter information.
dtime Destination jitter information.
INVOCATION
Sample invocations of rastrip(1). The first call reads argus(8) data
from inputfile and strips the record, leaving only the FAR data, which
contains the flow descriptors and basic metrics, and jitter
information.
rastrip -r inputfile -M far jitter
The next sample invocation of rastrip(1), adds vlan specific
information to the default far and tcp information that would normally
be retained.
rastrip -r inputfile -M +vlan
The next sample invocation of rastrip(1), removes only the user data
capture buffers from the argus-stream, keep the rest of the data
intact.
rastrip -r inputfile -M -user
SEE ALSO
ra(1), rarc(5), argus(8), tcpdump(1)
FILES
AUTHORS
Carter Bullard (carter@qosient.com).
BUGS
04 December 2001