navinsaven
commented
5 years ago When multiple circuits are specified, would the TopN be across all the circuits specified or would it output TopN for circuit A, TopN for circuit B and so on?
Closed fmadio closed 5 years ago
navinsaven
commented
5 years ago When multiple circuits are specified, would the TopN be across all the circuits specified or would it output TopN for circuit A, TopN for circuit B and so on?
fmadio
commented
5 years ago idea is TopN for circuit A, TopN for circuit B, .. C etc + TopN all other flows. Will that meet the requirements?
navinsaven
commented
5 years ago Yeah. That works. Thanks.
fmadio
commented
5 years ago for the JSON output do we need to output which TopN list the flow belongs to ? TopNList:0.1.2.3.4 etc. or its not required as search/sort by MAC pair is enough?
navinsaven
commented
5 years ago That won’t be required since we would search/sort by MAC pair.
fmadio
commented
5 years ago Understood
fmadio
commented
5 years ago merged in sorting from https://github.com/fmadio/pcap2json/pull/17
need to add a 2nd sort option when total bytes match, that way can get fully deterministic stdout json output.
tracking that here https://github.com/fmadio/pcap2json/issues/18
fmadio
commented
5 years ago re-opening. theres no default TopN list only the filtered TopN
fmadio
commented
5 years ago default list added, closing
TopN currently calculated for all flows. How to specify multiple TopN circuits is not clear.
e.g. filtering it so
--flow-top-n-circuit 00:11:22:33:44:55_66:77:88:99:aa:bb
would create a TopN flow list just for that MAC pair, with all other flows going into a generic TopN list
multiple circuits could be specified, please advise best approach