logo
Free, unlimited AI code reviews that run on commit
git-lrc git-lrc GitHub Install Now We'd appreciate a star git-lrc - Free, unlimited AI code reviews that run on commit | Product Hunt git-lrc - Free, unlimited AI code reviews that run on commit | Product Hunt

rapath - print traceroute path information from argus(8) data.

Contents

Authors

       Carter Bullard (carter@qosient.com).

Bugs

rapath 3.0.8                                    07 November 2000                                       RAPATH(1)

Description

Rapath  reads  argus  data  from  an  argus-data  source,  and generates the path information that can be
       formulated from flows that experience ICMP responses.  When a  packet  cause  the  creation  of  an  ICMP
       response, for whatever reason, the intermediate node that generates the ICMP packet is, by definition, on
       the  path.   Argus  data  perserves  this  intermediate node address, and rapath uses this information to
       generate path information, for arbitrary IP network traffic.  Rapath is principally designed  to  recover
       traceroute.1  traffic,  so  that  if a trace is done in the network, argus will pick it up and record the
       intermediate nodes and the RTT for the volleys.  However the method is  generalized  such  that  it  also
       picks up routing loop conditions, when they exist in the observed packet stream.

       Rapath  will  generate  argus  flow  records  that  have  the src address, dst address and src ttl of the
       transmitted packet, aggregated so that the average duration, standard deviation, max and  min  rtt's  are
       preserved.   The  most accurate estimate of the actual Round-Trip Time (RTT) between a src IP address and
       an ICMP based intermediate node is the MinDur field. As the number of samples  gets  larger,  the  MinDur
       field  approaches the theoretical best case minimum RTT.  RTT's above this value, will include variations
       in network and device delay.

       When using the optional racluster.1 style flow descriptors, path  information  to  and  from  CIDR  based
       network  addresses  can be calculated, so that traces from and to multiple machines in the subnets can be
       grouped together.

       The output of rapath can be piped into ranonymize.1, in  order  to  share  path  performance  information
       without divulging the actual addresses of intermidate routers.

Files

Invocation
       A  sample  invocation  of rapath(1).  This call reads argus(8) data from inputfile and generates any path
       information, based on src and dst IP addresses, and writes the results to stdout.

         % rapath -r inputfile

                SrcId       SrcAddr  Dir      DstAddr            Inode sTtl       Mean     StdDev        Max        Min  Trans
         192.168.0.68  192.168.0.68   ->  128.2.42.10      192.168.0.1    1   0.000686   0.000037   0.000764   0.000627     18
         192.168.0.68  192.168.0.68   ->  128.2.42.10       10.22.96.1    2   0.009329   0.002719   0.019935   0.007435     18
         192.168.0.68  192.168.0.68   ->  128.2.42.10     208.59.246.2    3   0.010686   0.002619   0.020175   0.007698     18
         192.168.0.68  192.168.0.68   ->  128.2.42.10    207.172.15.85    4   0.013988   0.007116   0.032652   0.008923     11
         192.168.0.68  192.168.0.68   ->  128.2.42.10    207.172.15.67    4   0.010188   0.000218   0.010676   0.009932      7
         192.168.0.68  192.168.0.68   ->  128.2.42.10   198.32.118.161    5   0.010865   0.003557   0.019436   0.007937     18
         192.168.0.68  192.168.0.68   ->  128.2.42.10     64.57.20.251    6   0.044649   0.008916   0.076137   0.039844     18
         192.168.0.68  192.168.0.68   ->  128.2.42.10     64.57.21.146    7   0.056345   0.003985   0.065643   0.053371     18
         192.168.0.68  192.168.0.68   ->  128.2.42.10    147.73.16.120    8   0.052594   0.003037   0.061770   0.050151     18
         192.168.0.68  192.168.0.68   ->  128.2.42.10    128.2.255.249    9   0.055147   0.002541   0.064620   0.053151     18
         192.168.0.68  192.168.0.68   ->  128.2.42.10    128.2.255.212   10   0.051835   0.000326   0.052362   0.051392      9
         192.168.0.68  192.168.0.68   ->  128.2.42.10    128.2.255.205   10   0.054236   0.000658   0.055198   0.053028      9

       The output of rapath is an argus data stream, and can be written to a file, or piped  to  other  programs
       for  processing.  The resulting stream is a clustered data stream ordered by the unique " saddr  -> daddr
       " paths.

       The next sample invocation of rapath(1) prints out a graph of  the  path  information  using  letters  as
       index, with the node information provided as reference.

         % rapath -Ar inputfile

         192.168.0.68(192.168.0.68::128.2.42.10) A -> B -> C -> {D,E} -> F -> G -> H -> I -> J -> {K,L}
          Node         SrcId       SrcAddr  Dir      DstAddr            Inode sTtl       Mean     StdDev        Max        Min  Trans
           A    192.168.0.68  192.168.0.68   ->  128.2.42.10      192.168.0.1    1   0.000686   0.000037   0.000764   0.000627     18
           B    192.168.0.68  192.168.0.68   ->  128.2.42.10       10.22.96.1    2   0.009329   0.002719   0.019935   0.007435     18
           C    192.168.0.68  192.168.0.68   ->  128.2.42.10     208.59.246.2    3   0.010686   0.002619   0.020175   0.007698     18
           D    192.168.0.68  192.168.0.68   ->  128.2.42.10    207.172.15.85    4   0.013988   0.007116   0.032652   0.008923     11
           E    192.168.0.68  192.168.0.68   ->  128.2.42.10    207.172.15.67    4   0.010188   0.000218   0.010676   0.009932      7
           F    192.168.0.68  192.168.0.68   ->  128.2.42.10   198.32.118.161    5   0.010865   0.003557   0.019436   0.007937     18
           G    192.168.0.68  192.168.0.68   ->  128.2.42.10     64.57.20.251    6   0.044649   0.008916   0.076137   0.039844     18
           H    192.168.0.68  192.168.0.68   ->  128.2.42.10     64.57.21.146    7   0.056345   0.003985   0.065643   0.053371     18
           I    192.168.0.68  192.168.0.68   ->  128.2.42.10    147.73.16.120    8   0.052594   0.003037   0.061770   0.050151     18
           J    192.168.0.68  192.168.0.68   ->  128.2.42.10    128.2.255.249    9   0.055147   0.002541   0.064620   0.053151     18
           K    192.168.0.68  192.168.0.68   ->  128.2.42.10    128.2.255.212   10   0.051835   0.000326   0.052362   0.051392      9
           L    192.168.0.68  192.168.0.68   ->  128.2.42.10    128.2.255.205   10   0.054236   0.000658   0.055198   0.053028      9

       the  path.  Because network paths can be divergent, due to routing changes, load balancing, or redirects,
       multiple nodes can be observed at the same distance along the path. rapath(1) uses '{' and '}' to delimit
       the set of nodes that are observed at the same distance in the path.  Letters in the path are  references
       to inode addresses contained in the actual node records.

       The  next  sample  invocation of rapath(1) prints out just a graph of the path information in two sets of
       argus data; today's and last month, to highlight how paths change.   ASN  information  is  added  to  the
       records, to show how rapath(1) depicts ASN relationships, using a -fralabel.conf(5) option.

       The  -q option suppresses the default output of the actual argus record data compiled for each node along
       the path.  The '[' and ']' (brackets) deliniate AS's and will contain the set of nodes that were observed
       within the same AS.

          % rapath -f ralabel.conf -qA -r inputfile
          192.168.0.68(192.168.0.68::128.2.42.10) A -> [B] -> [C -> {D,E}] -> [F] -> [G -> H] -> [I] -> [J -> {K,L}]

          % rapath -f ralabel.conf -qA -r inputfile.last.month
          192.168.0.68(192.168.0.68::128.2.42.10) A -> [B] -> [C -> D] -> [E -> F -> G -> {H,I,J,K} -> {L,M,N} -> O -> P] -> [Q -> {R,S}]

       This next sample invocation of rapath(1) prints out a graph of the ASpath,  the  set  of  AS's  that  the
       network  path  traversed.  The  -q  option,  again  is  used  to  suppress  the output of the actual node
       information.  Where there is no AS number, possibly due to a private network or an  unregistered  address
       space, letters are used to denote the node.

          % rapath -f ralabel.conf -r inputfile -qA -M aspath
          192.168.0.68(192.168.0.68::128.2.42.10) A -> AS30496 -> AS6079 -> AS1257 -> AS11164 -> AS5050 -> AS9

       This  sample  invocation  of  rapath(1)  prints  out a graph of the ASpath, suppressing the output of the
       actual node information (-q), and printing actual IP addresses, rather than node labels.

          % rapath -f ralabel.conf -r inputfile -qA -M aspath addr
          192.168.0.68(192.168.0.68::128.2.42.10) 192.168.0.1 -> AS30496 -> AS6079 -> AS1257 -> AS11164 -> AS5050 -> AS9

       This sample invocation of rapath(1) prints  out  a  graph  of  the  ASpath,  with  distance  information,
       suppressing  the  output  of  the  actual  node  information  (-q).   This is the aspath output, but with
       distances in TTL's for each entry specified.

          % rapath -f ralabel.conf -r inputfile -qA -M aspath dist addr
          192.168.0.68(192.168.0.68::128.2.42.10) 192.168.0.1:1 -> AS30496:2 -> AS6079:3-4 -> AS1257:5 -> AS11164:6-7 -> AS5050:8 -> AS9:9-10

       This sample invocation of rapath(1) prints out a graph of the AS nodal path, suppressing  the  output  of
       the actual node information (-q).

          % rapath -f ralabel.conf -r inputfile -qA -M asnode
          192.168.0.68(192.168.0.68::128.2.42.10) AS30496:[A -> B] -> AS6079:[C -> {D,E}] -> AS1257:[F] -> AS11164:[G -> H] -> AS5050:[I] -> AS9:[J -> {K,L}]

          % rapath -f ralabel.conf -r inputfile.last.month -qA -M asnode
          192.168.0.68(192.168.0.68::128.2.42.10) A -> AS30496:[B] -> AS6079:[C -> D] -> AS3356:[E -> F -> G -> {H,I,J,K} -> {L,M,N} -> O -> P] -> AS9:[Q -> {R,S}]

       This  sample  invocation  of  rapath(1)  demonstrates  how  to use CIDR address aggregation, using the -m
       option, to generate path performance data from a class B subnet, to a class C subnet.

       % rapath -f ralabel.conf -r inputfile -A -m saddr/16 daddr/24 - srcid 192.168.0.68

       192.168.0.68(192.168.0.0/16::128.2.42.0/24) A -> [B] -> [C -> {D,E}] -> [F] -> [G -> H] -> [I] -> [J -> {K,L}]
        Node         SrcId            SrcAddr   Dir            DstAddr              Inode sTtl       Mean     StdDev        Max        Min  Trans
         A    192.168.0.68     192.168.0.0/16    ->      128.2.42.0/24        192.168.0.1    1   0.000686   0.000037   0.000764   0.000627     18
         B    192.168.0.68     192.168.0.0/16    ->      128.2.42.0/24         10.22.96.1    2   0.009329   0.002719   0.019935   0.007435     18
         C    192.168.0.68     192.168.0.0/16    ->      128.2.42.0/24       208.59.246.2    3   0.010686   0.002619   0.020175   0.007698     18
         D    192.168.0.68     192.168.0.0/16    ->      128.2.42.0/24      207.172.15.85    4   0.013988   0.007116   0.032652   0.008923     11
         E    192.168.0.68     192.168.0.0/16    ->      128.2.42.0/24      207.172.15.67    4   0.010188   0.000218   0.010676   0.009932      7
         F    192.168.0.68     192.168.0.0/16    ->      128.2.42.0/24     198.32.118.161    5   0.010865   0.003557   0.019436   0.007937     18
         G    192.168.0.68     192.168.0.0/16    ->      128.2.42.0/24       64.57.20.251    6   0.044649   0.008916   0.076137   0.039844     18
         H    192.168.0.68     192.168.0.0/16    ->      128.2.42.0/24       64.57.21.146    7   0.056345   0.003985   0.065643   0.053371     18
         I    192.168.0.68     192.168.0.0/16    ->      128.2.42.0/24      147.73.16.120    8   0.052594   0.003037   0.061770   0.050151     18
         J    192.168.0.68     192.168.0.0/16    ->      128.2.42.0/24      128.2.255.249    9   0.055147   0.002541   0.064620   0.053151     18
         K    192.168.0.68     192.168.0.0/16    ->      128.2.42.0/24      128.2.255.212   10   0.051835   0.000326   0.052362   0.051392      9
         L    192.168.0.68     192.168.0.0/16    ->      128.2.42.0/24      128.2.255.205   10   0.054236   0.000658   0.055198   0.053028      9


Name
rapath - print traceroute path information from argus(8) data.


Rapath Specific Options
       Rapath,  like  all  ra  based clients, supports a number of raoptions including filtering of input argus
       records through a terminating filter expression.  See ra(1) for a complete  description  of  raoptions.
       rapath(1) specific options are:

       -A  Draw a description of the path with a legend.
       -Mpathmodes
           Supported pathmodes are:
                      node - print a series of nodes that represent the path (default).
                      addr - print the IP addresses, instead of node labels.
             aspath[dist]- print the series of origin AS's along the path. Optional 'dist' adds the ttl range.
                    asnode - print the series of nodes, preceded with their AS's along the path.
       -mfields
           Specify modifications to the default flow identifiers.  Supported fields are:
                     srcid - the observation domain source identifier.
               saddr[/len] - the source address, optionally as a CIDR address.
               daddr[/len] - the destination address, optionally as a CIDR address.


See Also
ra(1),rarc(5),ralabel.conf(5),argus(8),
Synopsis
rapath [-A] [-M[aspath[dist]|asnode] ] [-mfields ] [raoptions] [--filter-expression]


See Also
Man Pages
chrpath  Man Pages
Man Pages
Path  Man Pages
Information
Information  PNG Icons
Man Pages
node  Man Pages
MCP
Argus  Mcp
Man Pages
scanf, fscanf, vscanf, vfscanf  Man Pages
Data
Data  PNG Icons
Address
Address  PNG Icons
Man Pages
conf  Man Pages
← View User commands Category← Back to Network diagnostics config🙏  Credits & Acknowledgments