Provided by: argus-client_2.0.6.fixes.1-3_amd64 
NAME
rastrip - strip argus(8) data file.
COPYRIGHT
Copyright (c) 2000-2003 QoSient. All rights reserved.
SYNOPSIS
rastrip [[-M stripfield] [stripfield] ...] [raoptions]
DESCRIPTION
Rastrip reads argus data from an argus-data source, and removes data sections that are
specified on the command line, and outputs a valid argus-stream. If rastrip is run
without any stripfield directives, the default is to strip out all information from the
record except the FAR information and TCP specific information. This default generates an
argus-stream that contains the same semantic information that was present in argus-1.5
data records, and generates the same output from ra().
OPTIONS
Rastrip, like all ra based clients, supports a number of ra options including filtering of
input argus records through a terminating filter expression. See ra(1) for a complete
description of ra options. rastrip(1) specific options are:
-M [-|+]stripfield
Supported stripfields are:
far flow descriptors and flow metrics
mac media access control addresses
tcp TCP specific identifiers and metrics, such as base sequence numbers,
advertised window sizes and retransmission statistics.
icmp ICMP specific identifiers and metrics, such as the source address of
the ICMP packet, the declared gateway address and the ICMP types and
modes, such as ECHO or Port Unreachable, along with the port value.
rtp RTP and RTCP specific identifiers and metrics, such as the source
stream identifiers, the last sequence number and stream drop
statistics.
igmp IGMP specific identifiers and metrics.
arp IGMP specific identifiers and metrics, such as the MAC address of
the responder to arp requests for a specific address.
frag Fragmentation specific identifiers and metrics, such as the average
fragment size, number of fragments in this fragment, last offset
seen in this fragment.
esp ESP specific identifiers and metrics, such as the Security
Identifier the last sequence number seen and drop statistics.
mpls MPLS specific identifiers, such as the last MPLS label seen on this
flow.
vlan VLAN specific identifiers, such as the source and destination VLAN
identifiers. flow.
pppoe PPPOE specific identifiers, such as the source and destination SAP
identifiers.
agr Aggregation specific metrics, such as the number of records
aggregated, the mean record duration, standard deviations.
jitter Jitter specific metrics, such as the mean interpacket arrival time
while the flow is active, max, min and standard deviation, as well
as metrics for while the flow is idle.
user All user data capture buffers.
srcuser User data capture buffer from the source node.
dstuser User data capture buffer from the destination node.
stime Source jitter information.
dtime Destination jitter information.
INVOCATION
Sample invocations of rastrip(1). The first call reads argus(8) data from inputfile and
strips the record, leaving only the FAR data, which contains the flow descriptors and
basic metrics, and jitter information.
rastrip -r inputfile -M far jitter
The next sample invocation of rastrip(1), adds vlan specific information to the default
far and tcp information that would normally be retained.
rastrip -r inputfile -M +vlan
The next sample invocation of rastrip(1), removes only the user data capture buffers from
the argus-stream, keep the rest of the data intact.
rastrip -r inputfile -M -user
SEE ALSO
ra(1), rarc(5), argus(8), tcpdump(1)
FILES
AUTHORS
Carter Bullard (carter@qosient.com).
BUGS
04 December 2001 RASTRIP(1)