rastrip

RASTRIP(1)                  General Commands Manual                 RASTRIP(1)



NAME
       rastrip - strip argus(8) data file.

COPYRIGHT
       Copyright (c) 2000-2003 QoSient. All rights reserved.

SYNOPSIS
       rastrip [[-M stripfield] [stripfield] ...]  [raoptions]

DESCRIPTION
       Rastrip reads argus data from an argus-data source, and removes data
       sections that are specified on the command line, and outputs a valid
       argus-stream.  If rastrip is run without any stripfield directives,
       the default is to strip out all information from the record except the
       FAR information and TCP specific information.  This default generates
       an argus-stream that contains the same semantic information that was
       present in argus-1.5 data records, and generates the same output from
       ra().


OPTIONS
       Rastrip, like all ra based clients, supports a number of ra options
       including filtering of input argus records through a terminating filter
       expression.  See ra(1) for a complete description of ra options.
       rastrip(1) specific options are:

       -M [-|+]stripfield

                      Supported stripfields are:
              far            flow descriptors and flow metrics
              mac            media access control addresses
              tcp            TCP specific identifiers and metrics, such as
                             base sequence numbers, advertised window sizes
                             and retransmission statistics.
              icmp           ICMP specific identifiers and metrics, such as
                             the source address of the ICMP packet, the
                             declared gateway address and the ICMP types and
                             modes, such as ECHO or Port Unreachable, along
                             with the port value.
              rtp            RTP and RTCP specific identifiers and metrics,
                             such as the source stream identifiers, the last
                             sequence number and stream drop statistics.
              igmp           IGMP specific identifiers and metrics.
              arp            IGMP specific identifiers and metrics, such as
                             the MAC address of the responder to arp requests
                             for a specific address.
              frag           Fragmentation specific identifiers and metrics,
                             such as the average fragment size, number of
                             fragments in this fragment, last offset seen in
                             this fragment.
              esp            ESP specific identifiers and metrics, such as the
                             Security Identifier the last sequence number seen
                             and drop statistics.
              mpls           MPLS specific identifiers, such as the last MPLS
                             label seen on this flow.
              vlan           VLAN specific identifiers, such as the source and
                             destination VLAN identifiers.  flow.
              pppoe          PPPOE specific identifiers, such as the source
                             and destination SAP identifiers.
              agr            Aggregation specific metrics, such as the number
                             of records aggregated, the mean record duration,
                             standard deviations.
              jitter         Jitter specific metrics, such as the mean
                             interpacket arrival time while the flow is
                             active, max, min and standard deviation, as well
                             as metrics for while the flow is idle.
              user           All user data capture buffers.
              srcuser        User data capture buffer from the source node.
              dstuser        User data capture buffer from the destination
                             node.
              stime          Source jitter information.
              dtime          Destination jitter information.


INVOCATION
       Sample invocations of rastrip(1).  The first call reads argus(8) data
       from inputfile and strips the record, leaving only the FAR data, which
       contains the flow descriptors and basic metrics, and jitter
       information.

          rastrip -r inputfile -M far jitter

       The next sample invocation of rastrip(1), adds vlan specific
       information to the default far and tcp information that would normally
       be retained.

          rastrip -r inputfile -M +vlan

       The next sample invocation of rastrip(1), removes only the user data
       capture buffers from the argus-stream, keep the rest of the data
       intact.

          rastrip -r inputfile -M -user

SEE ALSO
       ra(1), rarc(5), argus(8), tcpdump(1)

FILES
AUTHORS
       Carter Bullard (carter@qosient.com).

BUGS
                               04 December 2001                     RASTRIP(1)