COPYRIGHT

Copyright (c) 2000-2003 QoSient. All rights reserved.

SYNOPSIS

rastrip [[-M stripfield] [stripfield] ...] [raoptions]

DESCRIPTION

Rastrip reads argus data from an argus-data source, and removes data sections that are specified on the command line, and outputs a valid argus-stream. If rastrip is run without any stripfield directives, the default is to strip out all information from the record except the FAR information and TCP specific information. This default generates an argus-stream that contains the same semantic information that was present in argus-1.5 data records, and generates the same output from ra().

OPTIONS

Rastrip, like all ra based clients, supports a number of ra options including filtering of input argus records through a terminating filter expression. See ra(1) for a complete description of ra options. rastrip(1) specific options are:

-M\| [-|+]stripfield\^

Supported stripfields are:

far

flow descriptors and flow metrics

mac

media access control addresses

tcp

TCP specific identifiers and metrics, such as base sequence numbers, advertised window sizes and retransmission statistics.

icmp

ICMP specific identifiers and metrics, such as the source address of the ICMP packet, the declared gateway address and the ICMP types and modes, such as ECHO or Port Unreachable, along with the port value.

rtp

RTP and RTCP specific identifiers and metrics, such as the source stream identifiers, the last sequence number and stream drop statistics.

igmp

IGMP specific identifiers and metrics.

arp

IGMP specific identifiers and metrics, such as the MAC address of the responder to arp requests for a specific address.

frag

Fragmentation specific identifiers and metrics, such as the average fragment size, number of fragments in this fragment, last offset seen in this fragment.

esp

ESP specific identifiers and metrics, such as the Security Identifier the last sequence number seen and drop statistics.

mpls

MPLS specific identifiers, such as the last MPLS label seen on this flow.

vlan

VLAN specific identifiers, such as the source and destination VLAN identifiers. flow.

pppoe

PPPOE specific identifiers, such as the source and destination SAP identifiers.

agr

Aggregation specific metrics, such as the number of records aggregated, the mean record duration, standard deviations.

jitter

Jitter specific metrics, such as the mean interpacket arrival time while the flow is active, max, min and standard deviation, as well as metrics for while the flow is idle.

user

All user data capture buffers.

srcuser

User data capture buffer from the source node.

dstuser

User data capture buffer from the destination node.

stime

Source jitter information.

dtime

Destination jitter information.

INVOCATION

Sample invocations of rastrip(1). The first call reads argus(8) data from inputfile and strips the record, leaving only the FAR data, which contains the flow descriptors and basic metrics, and jitter information.

   rastrip -r inputfile -M far jitter

The next sample invocation of rastrip(1), adds vlan specific information to the default far and tcp information that would normally be retained.

   rastrip -r inputfile -M +vlan

The next sample invocation of rastrip(1), removes only the user data capture buffers from the argus-stream, keep the rest of the data intact.

   rastrip -r inputfile -M -user

RELATED TO rastrip…

ra(1), rarc(5), argus(8), tcpdump(1)

FILES

AUTHORS

Carter Bullard ([email protected]).

BUGS