GSP
Quick Navigator
Search Site

Unix VPS
A - Starter
B - Basic
C - Preferred
D - Commercial
MPS - Dedicated
Previous VPSs
* Sign Up! *

Support
Contact Us
Online Help
Handbooks
Domain Status
Man Pages

FAQ
Virtual Servers
Pricing
Billing
Technical

Network
Facilities
Connectivity
Topology Map

Miscellaneous
Server Agreement
Year 2038
Credits
 

USA Flag

 

 

Man Pages
flowrate(3) SiLK Tool Suite flowrate(3)

flowrate - SiLK plug-in providing payload and rate filters and fields 

  rwfilter --plugin=flowrate.so [--payload-bytes=INTEGER_RANGE]
        [--payload-rate=DECIMAL_RANGE]
        [--bytes-per-second=DECIMAL_RANGE]
        [--packets-per-second=DECIMAL_RANGE]
        [--flowrate-zero-duration=MICROSECONDS] ...

  rwcut --plugin=flowrate.so --fields=FIELDS
        [--flowrate-zero-duration=MICROSECONDS] ...

  rwgroup --plugin=flowrate.so --fields=FIELDS
        [--flowrate-zero-duration=MICROSECONDS] ...

  rwsort --plugin=flowrate.so --fields=FIELDS
        [--flowrate-zero-duration=MICROSECONDS] ...

  rwstats --plugin=flowrate.so --fields=FIELDS --values=FIELDS
        [--flowrate-zero-duration=MICROSECONDS] ...

  rwuniq --plugin=flowrate.so --fields=FIELDS --values=FIELDS
        [--flowrate-zero-duration=MICROSECONDS] ...

When loaded into rwfilter(1), the flowrate plug-in provides switches that can partition flows based on bytes of payload and/or on the rates of data transfer.

For rwcut(1), rwgroup(1), rwsort(1), rwstats(1), and rwuniq(1), the flowrate plug-in provides fields that will print, sort flows by, and group flows by the bytes of payload, bytes-per-packet, bytes-per-second, packets-per-second, and bytes of payload per second. The flowrate plug-in also provides aggregate value fields in rwstats and rwuniq.

The payload byte count is determined by subtracting from the total byte count in the flow the bytes of overhead used by the packet headers. The payload calculation assumes minimal packet headers---that is, there are no options in the packets. For TCP, the switch assumes there are no TCP timestamps in the packets. Thus, the calculated payload will be the maximum possible bytes of payload. If the packet-overhead is larger than the reported number of bytes, the value is zero.

The various flow-rate quantities are determined by dividing the payload byte count, packet count, or byte count by the duration of the flow, giving the average rate across the flow. Flow records whose duration is zero create a problem when computing a flow-rate.

If a flow record's reported duration is zero, the count is divided by a value which defaults to 400 microseconds and may be specified by the --flowrate-zero-duration switch. The switch accepts a minimum of 1 microsecond. The smallest (non-zero) duration SiLK flow records support is 1 millisecond (1000 microseconds). Prior to SiLK 3.16.0, the flowrate plug-in used a duration of 1 second (1000000 microseconds) when the reported duration was zero except when the rate was used as an aggregate value field in rwstats or rwuniq.

The flowrate plug-in must be explicitly loaded into an application via the --plugin switch. The reason for this is due to name clashes with existing switches and fields. For example, adding the --packets-per-second switch to rwfilter means any short-cutting of the current --packets switch will fail.

The flowrate plug-in provides the following options to the indicated applications.

The following switch is available whenever the flowrate plug-in has been loaded into a supported application:
--flowrate-zero-duration=MICROSECONDS
When computing a rate and a flow record has a duration of zero, assume the duration is actually MICROSECONDS microseconds. The MICROSECONDS value must be one or greater. If this switch is not specified, a duration of 400 microseconds is used. The smallest non-zero duration SiLK flow records support is 1 millisecond (1000 microseconds). Since SiLK 3.16.0.

When the flowrate plug-in has been loaded, the following set of partitioning switches are added to rwfilter. To pass the filter, the record must pass the test implied by each switch. The form of the argument to each switch is described below. The partitioning switches are:
--payload-bytes=INTEGER_RANGE
Check whether the payload byte count is within INTEGER_RANGE.
--payload-rate=DECIMAL_RANGE
Check whether the average number of payload bytes seen per second in the flow is within DECIMAL_RANGE.
--packets-per-second=DECIMAL_RANGE
Check whether the average number of packets per second in the flow is within DECIMAL_RANGE.
--bytes-per-second=DECIMAL_RANGE
Check whether the average number of bytes per second in the flow is within DECIMAL_RANGE.

An INTEGER_RANGE is a range of two non-negative integers, and a DECIMAL_RANGE is a range of two non-negative decimal values with accuracy up to 0.0001. The ranges are specified as two values separated by a hyphen, MIN-MAX; for example "1-500" or "5.0-10.031". If a single value is given (e.g., 3.14), the range consists of that single value. The upper limit of the range may be omitted, such as "1-", in which case the upper limit is set to the maximum possible value.

--fields=FIELDS
FIELDS refers to a list of fields to use for the operation. The flowrate plug-in adds the following fields for display, sorting, and grouping using the rwcut(1), rwgroup (1), rwsort(1), rwstats(1), and rwuniq(1) tools:
payload-bytes
Print, sort by, or group by the number of bytes of payload.
payload-rate
Print, sort by, or group by the bytes of payload seen per second.
pckts/sec
Print, sort by, or group by the packets seen per second.
bytes/sec
Print, sort by, or group by the bytes seen per second.
bytes/packet
Print, sort by, or group by the average number of bytes contained in each packet.
--values=AGGREGATES
The flowrate plug-in adds the following aggregate value fields to rwstats and rwuniq. AGGREGATES refers to a list of values to compute for each bin. To compute these values, flowrate maintains separate sums for the numerator and denominator while reading the records, then flowrate computes the ratio when the output is generated.
payload-bytes
Compute the approximate bytes of payload for records in this bin.
payload-rate
Compute the average bytes of payload seen per second for records in this bin.
pckts/sec
Compute the average packets seen per second for records in this bin,
bytes/sec
Compute the average bytes seen per second for records in this bin.
bytes/packet
Compute the average number of bytes contained in each packet for records in this bin.

SILK_PATH
This environment variable gives the root of the install tree. When searching for plug-ins, a SiLK application may use this environment variable. See the "FILES" section for details.
SILK_PLUGIN_DEBUG
When set to 1, the SiLK applications print status messages to the standard error as they attempt to find and open the flowrate.so plug-in. A typical invocation using this variable is: 

 env SILK_PLUGIN_DEBUG=1 rwcut --plugin=flowrate.so --version

${SILK_PATH}/lib64/silk/flowrate.so
${SILK_PATH}/lib64/flowrate.so
${SILK_PATH}/lib/silk/flowrate.so
${SILK_PATH}/lib/flowrate.so
/usr/local/lib64/silk/flowrate.so
/usr/local/lib64/flowrate.so
/usr/local/lib/silk/flowrate.so
/usr/local/lib/flowrate.so
Possible locations for the plug-in.

rwcut(1), rwfilter(1), rwgroup(1), rwsort(1), rwstats(1), rwuniq(1), silk(7)
2022-04-12 SiLK 3.19.1
Search for    or go to Top of page |  Section 3 |  Main Index

Powered by GSP Visit the GSP FreeBSD Man Page Interface.
Output converted with ManDoc.