[netsa-tools-discuss] Flags type count in rwstats
Hossam Zalabany
elzalabany at hu-berlin.de
Thu Jul 18 08:44:25 EDT 2019
Dear Cert.
I am trying to run SilK to parse statistics of my IPFIX top talkers per minute, I configured the sensor to have a new file for each minute, and keeping the in and out pairing out of the scoop at the moment, all fine so far except that I am only able to count total number of TCP flags, I need to count each flag time separately like, ACK, SYN, and so.
the current command I use is :
rwstats --fields=sip,sport,dip,dport,protocol,flags --integer-tcp-flags --values=byte --count=10 ext2ext-sens1_20190718.09
INPUT: 41300277 Records for 25847944 Bins and 816419146922 Total Bytes
OUTPUT: Top 10 Bins by Bytes
sIP|sPort| dIP|dPort|pro|fla| Bytes| %Bytes| cumul_%|
10.21.64.133 |60870| 10.5.54.69| 2051| 6| 24| 7257019952| 0.888884| 0.888884|
10.5.63.12| 2049| 10.1.223.88| 958| 6| 24| 7136227712| 0.874089| 1.762973|
10.21.64.133 |34073| 10.5.54.69| 2051| 6| 24| 5803794764| 0.710884| 2.473857|
10.5.63.12| 2049| 10.5.4.31| 1020| 6| 24| 3883330408| 0.475654| 2.949511|
10.21.64.133 |34595| 10.5.54.69| 2051| 6| 24| 3857964856| 0.472547| 3.422058|
10.5.204.4| 5247| 10.120.30.236|53789| 17| 0| 3674064752| 0.450022| 3.872080|
10.21.64.133 |37529| 10.5.54.69| 2051| 6| 24| 3262020960| 0.399552| 4.271632|
10.6.8.250| 0| 10.5.204.4| 0| 97| 0| 2994127260| 0.366739| 4.638371|
10.134.26.21| 0| 10.3.250.6| 0| 97| 0| 2893997631| 0.354474| 4.992846|
10.5.63.12| 2049| 10.134.144.21| 747| 6| 24| 2853011756| 0.349454| 5.342300|
what I desire to have is sIP|sPort|dIP|dPort|pro|ACK|SYN|FIN|Bytes|
is there is any suggested steps ?
regards
Hossam
-------------- next part --------------
HTML attachment scrubbed and removed
More information about the netsa-tools-discuss
mailing list