[Flow-tools] New revision of flow-pairs (a fancy top-10 script)
Mike Hunter
mhunter at ack.berkeley.edu
Tue Oct 18 14:33:11 EDT 2005
Hi everybody,
I've written a new version of a script I use at UC Berkeley for textual
bandwidth reports. This is the previous announcement of the availability
of the script:
http://mailman.splintered.net/pipermail/flow-tools/2003-August/001503.html
The new version has a bug fix for improper aggregation of running
subtotals and some minor feature upgrades (port descriptions, flow-report
available in back-end, 0.0.0.0 removal hack, sorted "port-peers" for
better categorization...it's probably easier to just use diff to see the
changes :) ).
The project's not really important or active enough for me to be using
version numbers, but this is now the 1.0 release :)
http://lusArs.net/~mhunter/flow-pairs/flow-pairs-1.0.tar.gz
I go into more detail in the first URL, but very briefly, you use it like
this:
% flow-cat my_flow_file | flow-pairs [options...]
And you get this:
(F Flows) (I- Incoming) (O- Outgoing) (T- Total) (-P Packets) (-O Octets)
"I-O" means Incoming Octets. "*" means "not otherwise accounted for"
Host Peer F I-P I-O O-P O-O T-P T-O
128.32.155.79:20 128.3.183.99:* 68K 66M 51.2G 23M 925M 89M 52.1G
128.32.155.79:20 128.218.214.102:4655 2 22 888 39 45.5K 61 46.4K
128.32.155.79:20 64.54.98.71:* 24 50 2096 86 43.8K 136 45.9K
128.32.155.79:20 *:* 28 129 65.4K 115 27.6K 244 93K
128.32.155.79:80 132.239.1.232:* 76 25K 1338K 91K 103M 116K 105M
...
Or this:
Host Known Port F I-P I-O O-P O-O T-P T-O
hostname 1214/kazaa->* 5K 18K 23.2M 2.3M 2480M 2.3M 2504M
hostname *->1214/kazaa 9K 2M 1246M 15K 716K 2M 1246M
hostname 3770->* 46 18K 24.6M 0 0 18K 24.6M
...
Please let me know if you have any questions or comments.
Thanks!
Mike
More information about the Flow-tools
mailing list