Conventions
===========
ts = timestamp
ipt = inter-packet time (ipt = -1  means that it's the first packet of its session)
ps = payload size



================================================================================
 Host mode
================================================================================

- Files generated

"hosts": hosts information
"hosts_ip2id": IP <-> hostID equivalence. This file can be used as input with the "-H" option, to import the Host table
"pkts_all": ipt and ps; related to ALL aggregate traffic
"pkts_up": ipt and ps; packets sent by a single host
"pkts_dw": ipt and ps; packets recevied by a single host
"rate": rate of some parameters*
"report.txt": summary report


- Fields of each file


"hosts"
------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
hostID | time elapsed since previous host sending packets (us)* | time elapsed since previous host receiving packets (us)** |  time elapsed since previous host (us)  | # of packets sent | # of packets received | host status***
------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------

host status:  
	1 = host is suspect, marked packet count is over the threshold (default=5)
	0 = host is not a suspect
	

"hosts_id2IP"
----------------
hostID | host IP
----------------

"pkts_all"
----------
 ipt | ps
----------

"pkts_up" (packets generated by a host)
-------------------------
hostID | ipt | ps | mark****
-------------------------

"pkts_dw" (packets received by a host)
-------------------------
hostID | ipt | ps | mark****
-------------------------

rate*****
--------------------------------------------------------------------------
rate tick | # of packets  | # of bytes | # of flows | # of tcp pure pkts |
--------------------------------------------------------------------------

* set to "-1" if the host has not sent any packets
** set to "-1" if the host has not received any packets
*** "host status" is printed only if "-g" option is given
**** "mark" is printed only if "-g" option is given
***** rate file is generated only if "-R" option is given



================================================================================
 Flow mode
================================================================================

- Files generated

"flows": flows information
"IPs": flow 5-upla
"pkts_up": ipt and ps
"rate": rate of some parameters*
"report.txt": summary report


- Fields of each file

flows 
------------------------------------------------------------------------------------------------------------------------
hostID* | flowID | time elapsed since previous flow (us) | # of packets | # of bytes | flow duration (ms) | flow status**
------------------------------------------------------------------------------------------------------------------------

IPs
---------------------------------------------
flowID | srcIP:srcPort dstIP:dstPort Protocol
---------------------------------------------

pkts_up
--------------------------------------
flowID | ipt | ps | mark*** | mss****
--------------------------------------

rate*****
--------------------------------------------------------------------------
rate tick | # of packets  | # of bytes | # of flows | # of tcp pure pkts 
--------------------------------------------------------------------------

* "hostID" is printed only if "-H" option is used. Host table is generated in Host mode.
** "flow status" is printed only if "-g" option is used.
*** "mark" is printed only if "-g" option is used.
**** "mss" is printed only if "-m" option is used.
***** rate file is generated only if "-R" option is used.



================================================================================
Conversation mode
================================================================================

- Files generated

"conversations": conversations information
"IPs": client IP, server IP 
"pkts_up": ipt and ps; upstream (client to server)
"pkts_dw": ipt and ps; downstream (server to client)
"rate": rate of some parameters*
"report.txt": summary report


- Fields of each file

conversations 
-------------------------------------------------------------------------------------------------------------------------------------------------------------------
convID | time elapsed since previous conv (us) | # of packets to server | # of packets to client| # of bytes to server | # of bytes to client | conv duration (ms)
-------------------------------------------------------------------------------------------------------------------------------------------------------------------

IPs
---------------------------
convID | clientIP serverIP
---------------------------

pkts_up (from client to server)
-------------------------
convID | ipt | ps | mss*
-------------------------

pkts_dw (from server to client)
-------------------------
convID | ipt | ps | mss*
-------------------------

payloads
-------------------------------
convID | D/U |	payload_string
-------------------------------

rate**
---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
rate tick | # of upstream packets | # of downstream packets | # of upstream bytes | # of downstream bytes | # of sessions |# of tcp pure upstream packets | # of tcp pure downstream packtes 
---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------



* "mss" is printed only if "-m" option is used.
** rate file is generated only if "-R" option is given
