11.4. Retrieving Statistical Queries from the Command Line

Statistical data commands create tables and graphs of grouped items that are ranked by some criterion. For example, you can retrieve the list of hosts that sent the most packets or the the list of list of hosts that received the most packets. You can also find out which port/application accounted for the most bytes on your network, or find which host pair exchanged the most bytes.

Tabular results are returned in a formatted table, by default, or in a CSV format (use either the -c option for CSV without a header, or the -c+ option for CSV with a header line).

It is also possible to score by more complex criteria. For instance, it is possible to find the list of hosts that contacted the largest number of unique hosts , or the list of countries that contacted your servers on the largest number of unique server ports .

All told, there are 18 statistical data commands. They are summarized in the following tables:

Table 11.7. "Top Hosts" Statistical Commands

Command	Description
`ns2hostsb`	Top hosts ranked by total bytes sent/received
`ns2hostsp`	Top hosts ranked by total packets sent/received
`ns2hostss`	Top hosts ranked by total sessions initiated/accepted
`ns2hostsup`	Top hosts ranked by total unique ports used
`ns2hostsuh`	Top hosts ranked by total unique other IPs contacted

Table 11.8. "Top Host Pairs" Statistical Commands

Command	Description
`ns2pairsb`	Top host pairs ranked by total bytes sent/received
`ns2pairsp`	Top host pairs ranked by total packets sent/received
`ns2pairss`	Top host pairs ranked by total sessions initiated/accepted
`ns2pairsup`	Top host pairs ranked by total ports used

Table 11.9. "Top Ports" Statistical Commands

Command	Description
`ns2portsb`	Top ports ranked by total bytes sent/received
`ns2portsp`	Top ports ranked by total packets sent/received
`ns2portss`	Top ports ranked by total sessions initiated/accepted
`ns2portsuh`	Top ports ranked by total unique hosts

Table 11.10. "Top Countries" Statistical Commands

Command	Description
`ns2countryssb`	Top countries ranked by total bytes sent/received
`ns2countrysp`	Top countries ranked by total packets sent/received
`ns2countryss`	Top countries ranked by total sessions initiated/accepted
`ns2countrysup`	Top countries ranked by total unique ports used
`ns2countrysuh`	Top countries ranked by total unique hosts contacted

Decoding the Statistical Command Names

	Decoding the Statistical Command Names
`ns2-` is the standard prefix for all FlowTraq CLI commands. Next, one of `hosts-` , `ports-` , `pairs-` , or `countrys-` indicates what entity is being ranked. Finally, one of `b` , `p` , `s` , `up` , or `uh` indicates how those entities are ranked: by `b` ytes, `p` ackets, `s` essions, `u` nique `p` orts, or `u` nique `h` osts.

ns2- is the standard prefix for all FlowTraq CLI commands.

Next, one of hosts- , ports- , pairs- , or countrys- indicates what entity is being ranked.

Finally, one of b , p , s , up , or uh indicates how those entities are ranked: by b ytes, p ackets, s essions, u nique p orts, or u nique h osts.

As with the ns2sq command, you must specify a FlowTraq Server to connect to, supply login details, select a timeframe and (optionally) specify a filter. And like the ns2sq, the results are returned in a formatted table, by default, or in CSV format (use either the -c option for CSV without a header, or the -c+ option for CSV with a header line). Please refer to the complete list of parameters in Section 11.1, “Retrieving Raw Session Data from the Command Line: ns2sq”, Section 11.3, “Filter String Syntax” for more information on the filter language syntax, and Section 11.2, “Time Navigation” for information on timeframe specifications.

	Tip
	You may use the `-g` parameter to request the accompanying stack graph, and the `-gx` and `-gy` parameters to specify the size of the graph you would like.

	Tip
	You may use the `-w` parameter to request a timeseries for each row of the table.

Prev	Up	Next
	Home