1RASTRIP(1) General Commands Manual RASTRIP(1)
2
6 rastrip - strip argus(8) data file.
7
9 Copyright (c) 2000-2003 QoSient. All rights reserved.
10
12 rastrip [[-M stripfield] [stripfield] ...] [raoptions]
13
15 Rastrip reads argus data from an argus-data source, and removes data
16 sections that are specified on the command line, and outputs a valid
17 argus-stream. If rastrip is run without any stripfield directives,
18 the default is to strip out all information from the record except the
19 FAR information and TCP specific information. This default generates
20 an argus-stream that contains the same semantic information that was
21 present in argus-1.5 data records, and generates the same output from
22 ra().
23
26 Rastrip, like all ra based clients, supports a number of ra options
27 including filtering of input argus records through a terminating filter
28 expression. See ra(1) for a complete description of ra options. ras‐
29 trip(1) specific options are:
30 -M [-|+]stripfield
32 Supported stripfields are:
34 far flow descriptors and flow metrics
35 mac media access control addresses
36 tcp TCP specific identifiers and metrics, such as
37 base sequence numbers, advertised window sizes
38 and retransmission statistics.
39 icmp ICMP specific identifiers and metrics, such as
40 the source address of the ICMP packet, the
41 declared gateway address and the ICMP types and
42 modes, such as ECHO or Port Unreachable, along
43 with the port value.
44 rtp RTP and RTCP specific identifiers and metrics,
45 such as the source stream identifiers, the last
46 sequence number and stream drop statistics.
47 igmp IGMP specific identifiers and metrics.
48 arp IGMP specific identifiers and metrics, such as
49 the MAC address of the responder to arp requests
50 for a specific address.
51 frag Fragmentation specific identifiers and metrics,
52 such as the average fragment size, number of
53 fragments in this fragment, last offset seen in
54 this fragment.
55 esp ESP specific identifiers and metrics, such as the
56 Security Identifier the last sequence number seen
57 and drop statistics.
58 mpls MPLS specific identifiers, such as the last MPLS
59 label seen on this flow.
60 vlan VLAN specific identifiers, such as the source and
61 destination VLAN identifiers. flow.
62 pppoe PPPOE specific identifiers, such as the source
63 and destination SAP identifiers.
64 agr Aggregation specific metrics, such as the number
65 of records aggregated, the mean record duration,
66 standard deviations.
67 jitter Jitter specific metrics, such as the mean inter‐
68 packet arrival time while the flow is active,
69 max, min and standard deviation, as well as met‐
70 rics for while the flow is idle.
71 user All user data capture buffers.
72 srcuser User data capture buffer from the source node.
73 dstuser User data capture buffer from the destination
74 node.
75 stime Source jitter information.
76 dtime Destination jitter information.
77
80 Sample invocations of rastrip(1). The first call reads argus(8) data
81 from inputfile and strips the record, leaving only the FAR data, which
82 contains the flow descriptors and basic metrics, and jitter informa‐
83 tion.
84 rastrip -r inputfile -M far jitter
86 The next sample invocation of rastrip(1), adds vlan specific informa‐
88 tion to the default far and tcp information that would normally be
89 retained.
90 rastrip -r inputfile -M +vlan
92 The next sample invocation of rastrip(1), removes only the user data
94 capture buffers from the argus-stream, keep the rest of the data
95 intact.
96 rastrip -r inputfile -M -user
98
100 ra(1), rarc(5), argus(8), tcpdump(1)
101
104 Carter Bullard (carter@qosient.com).
105
107 04 December 2001 RASTRIP(1)