aguri

AGURI(1)                  BSD General Commands Manual                 AGURI(1)

NAME
     aguri — display aggregation-based traffic profile

SYNOPSIS
     aguri [-46adhPv] [-c count] [-i interface] [-f pcapfilters] [-g geometry]
           [-l nodes] [-n plots] [-p pidfile] [-r dumpfile] [-s interval]
           [-t thresh] [-w outputfile] [-x dsDS] [-y KM] [file ...]

DESCRIPTION
     aguri is an aggregation-based traffic profiler that records summary
     information of network traffic.  aguri can be used as a flexible traffic
     monitoring tool which covers a wide range of application, from short-term
     trouble detection to long-term trend monitoring.

     aguri adapts itself to spatial traffic distribution by aggregating small
     spatial fractions so that it does not require any predefined rule.  Thus,
     aguri is capable to detect unexpected increase of unknown protocols and
     DoS attacks.  Temporal aggregation is achieved by creating a summary of
     summaries applying the same algorithm to its outputs.

     By default, aguri records 4 fields in an IPv4 or IPv6 packet, that is,
     source address, destination address, source port number, destination port
     number.

     aguri monitors network traffic using libpcap(3), and produces a summary.
     aguri also produces a summary when it receives a HUP signal.  Periodic
     summaries can be obtained by sending HUP signals from cron(8) to the
     running aguri program.  When neither an interface nor a dumpfile is
     specified, aguri reads aguri output files and produces a summary of
     summaries.

     The options are as follows:

     -4      Process only IPv4 packets.

     -6      Process only IPv6 packets.

     -a      Enable X11 tree animation.  (experimental)

     -c count
             Exit after processing count packets.

     -d      Enable debug outputs.

     -i interface
             Listen on interface.

     -f pcapfilters
             Specify pcap filters.

     -g geometry
             Specify window geometry for X11 tree animation.

     -h      Display help information and exit.

     -l nodes
             Use the specified number of nodes for each tree.

     -n plots
             Output the specified number of plot entries for plot output.

     -P      Output in the plot format.

     -p pidfile
             Write the process id to the pidfile.

     -r dumpfile
             Read packets from dumpfile.  (which was created with the -w
             option of tcpdump(1) ).

     -s interval
             Output a summary every interval seconds.

     -t thresh
             Specify the threshold value for aggregation.  The unit is 0.1%.
             Default is 10 (1%).

     -v      Print the version number and exit.

     -w outputfile
             Direct output to outputfile.  By default, output is directed to
             stdout.

     -x dsDS
             Process only the specified field type.  When d is specified, the
             destination address is processed.  When s is specified, the
             source address is processed.  When D is specified, the
             destination protocol is processed.  When S is specified, the
             source protocol is processed.

     -y KM   Scale the output values for plot output.  When K is specified,
             values are converted to Kbps.  When M is specified, values are
             converted to Mbps.

RETURN VALUES
     aguri returns 0 on success, and non-zero if the arguments are incorrect
     or at an error.

SEE ALSO
     lipcap(3), tcpdump(1), cron(8)

BSD                             March 17, 2001                             BSD