I'm currently working hard on network flow analysis stuff, and argus is always my best friend. Another wonderful application suite is silktools and I think you should try it out if you are into network flow analysis. Anyway here's the quick installation for upcoming argus 3 on Ubuntu 7.10.
It is pretty straight forward to get argus 3 installed -
It is pretty straight forward to get argus 3 installed -
shell>sudo apt-get install libpcap0.8 libpcap0.8-dev flex bison rrdtool
Once you have installed all the dependencies of argus 3, lets download argus 3 server and its client suite to install.
shell>wget \ftp://qosient.com/dev/argus-3.0/argus-3.0.0.tar.gz
shell>wget \
ftp://qosient.com/dev/argus-3.0/argus-clients-3.0.0.rc.63.tar.gz
Once you have downloaded them, you just need to perform usual compilation steps by decompressing them -> configure; make && make install.
And if you still don't know what argus is about, check out this post.
P/S: Both argus and silktools are included in the HeX liveCD.
Enjoy ;]
And if you still don't know what argus is about, check out this post.
P/S: Both argus and silktools are included in the HeX liveCD.
I've been working with Ubuntu and Argus and found the following setting to be very helpful for dealing with missed packets.
ReplyDeletesysctl -w net.core.rmem_max=33554432
sysctl -w net.core.rmem_default=33554432
sysctl -w net.core.netdev_max_backlog=10000
And add them to /etc/sysctl.conf too.
I got these settings from "http://www.net.t-labs.tu-berlin.de/research/hppc/" on the recommendation from some Bro presentations. Before these changes, Argus MAN records were reporting a regular amount of dropped packets.
Hi esteban,
ReplyDeleteYeah, those are very useful tips for tuning. In fact you can check out the NSM wiki here too -
http://www.vorant.com/nsmwiki/Performance
Yes, argus management record is great to monitor the health of it!