Perf

The Perf agent responds to object type 'PERF'.

srctaps	list of ip address where the agent group should place source taps
dsttaps	list of ip address where the agent group should place victim taps
src	set to restrict tap and analysis to a specific source net
dst	set to restrict tap and analysis to a specific destination net
proto	set to restrict tap to a specific protocol

When a START event is received, the perf agent will start tcpdump on the specified interfaces with the specified traffic filters. When the STOP event is received, the agent will stop all tcpdump instances. Once stopped, you can send a COMPUTE event. This will cause the group of agents to collect all the tcpdump files on one node (transfered via ssh over the control plane) and perform its analysis with each src/dst combination. For example, if srctaps=(1.2.3.4, 5.6.7.8) and dsttaps=(5.5.5.5), it will run perf with the combinations

• 1.2.3.4 and 5.5.5.5
• 5.6.7.8 and 5.5.5.5

The results are placed on the control node and then retrieved via the GUI which displays them in a small window. You can also send the events ATTACK_START and ATTACK_STOP to note the start and end of an attack, perf will then only perform computations on packets during that time period.

TCPDump

The TCPDump agent responds to object type 'TCPDUMP'.

taps	list of ip address where the agent group should run tcpdump instances
filter	bpf filter passed on to tcpdump
caplen	packet capture length in bytes
file	prefix to use for tcpdump file, default is 'default'

The TCPDump agent is a direct interface to tcpdump. It simply starts tcpdump on the selected interfaces and saves the dump files in /space on each node. You do not need to use this interface if using the perf agent as the perf agent will start a tcpdump instance for you.