[netsa-tools-discuss] Understanding LOADMETHOD=4
asad
a.alii85 at gmail.com
Mon Oct 5 04:06:01 EDT 2015
Mark,
I'm glad I'm of any help to this wonderful community.
At , the end you mentioned about the time a long flow spends in return
you are referring to "active flows" I believe but where these values
are defined/calc in the first place.
regards
Asad
On 10/1/15, Mark Thomas <mthomas at cert.org> wrote:
> Aha! No wonder you are confused. My math is wrong.
>
> A flow that begins at 12:03:50 and ends at 12:06:20 has a duration
> of 150 seconds, not 210 seconds.
>
> If I keep the 60 bytes/second average flow rate, then the overall
> number of bytes in the flow is 9000, not 12600.
>
> The updated table reads:
>
> BIN 12:03:00 12:04:00 12:05:00 12:06:00
>
> time-proportional 600 3800 3600 1200
> bin-uniform 2250 2450 2250 2250
> start-spike 9000 200 0 0
> middle-spike 0 200 9000 0
> end-spike 0 200 0 9000
> maximum-volume 9000 9200 9000 9000
> minimum-volume 0 200 0 0
>
>
> The long flow spends 10 seconds in the first bin, 60 seconds in the
> middle two bins, and 20 seconds in the final bin.
>
> Thank you for pointing out this error.
>
> -Mark
>
>
> On Thu, 1 Oct 2015 22:14:00 +0500, asad wrote:
>
>> Sorry,
>>
>> Last line would would be
>>
>> 12,600/210= 60.
>>
>>
>>
>> On Thu, Oct 1, 2015 at 10:04 PM, asad <a.alii85 at gmail.com> wrote:
>>
>>> Thanks Marks for step by step explanation, can using flows/second I can
>>> fill in the table as needed.
>>>
>>> The only thing I'm still confused is for "time-proportional" or
>>> "--load-scheme=4" how are "active flows" calculated,
>>>
>>> Like (bytes/second )* active flows=
>>>
>>> In the example mentioned in the link here
>>> http://tools.netsa.cert.org/silk/rwcount.html
>>>
>>> Time proportional columns (first is ) 600
>>>
>>> Now
>>> (60 bytes/210 seconds)=60 should I consider active flows as 10 seconds
>>>
>>> Thanks.
>>>
>>> On Thu, Oct 1, 2015 at 8:08 PM, Mark Thomas <mthomas at cert.org> wrote:
>>>
>>>> For a record that spans multiple bins, divide the flow by its
>>>> duration to get values for
>>>>
>>>> flows/second
>>>> bytes/second
>>>> packets/second
>>>>
>>>> The example flow has 3000 bytes and 300 packets across 60 seconds,
>>>> and the values are:
>>>>
>>>> flows/second = 1/60
>>>> bytes/second = 50
>>>> packets/second = 5
>>>>
>>>> To find the amount of volume to add to each bin, multiply the
>>>> per-second values by the time spent in the bin.
>>>>
>>>> For the first bin, the number of seconds in the bin is
>>>>
>>>> bin_end_time - flow_start_time
>>>>
>>>> For the final bin, the number of seconds is
>>>>
>>>> flow_end_time - bin_start_time
>>>>
>>>> For the middle bin(s), the number of seconds is the bin_size.
>>>>
>>>> I think that example may have been more clear if the flow spent 10
>>>> seconds in the first bin and 20 seconds in the final bin.
>>>>
>>>> There is another example in the rwcount manual page.
>>>> http://tools.netsa.cert.org/silk/rwcount.html
>>>>
>>>> See also the discussion (and picture) in section 3.4.4 of the
>>>> Analyst's Handbook.
>>>> http://tools.netsa.cert.org/silk/analysis-handbook.pdf
>>>>
>>>> -Mark
>>>>
>>>>
>>>> On Thu, 1 Oct 2015 14:56:43 +0500, asad wrote:
>>>>
>>>> > Hello,
>>>> >
>>>> > I'm following the excellent write - up here,
>>>> >
>>>> >
>>>> https://tools.netsa.cert.org/confluence/display/tt/Using+--load-scheme+to+Allocate+Flows+to+Bins+in+rwcount
>>>> >
>>>> > I'm only stuck at last example for LOADMETHOD=4 here is the chart
>>>> > given
>>>> >
>>>> > The first bin 1 in bytes rows is given value of "750", If Each bin
>>>> > is
>>>> > allocated a percentage of the flow's record, packets and bytes
>>>> > proportional to the amount of the flow's active time that spans the
>>>> > bin what is the backend mathematical formula used? Thanks.
>>>> >
>>>> > regards.
>>>> > Asad
>>>>
>>>
>>>
>
More information about the netsa-tools-discuss
mailing list