Argus can be used to help support network security management and network forensics. It can also be used to track network performance through the stack, and capture higher level protocol data. Argus data can be used for “spike tracking” of many fields. These records are used in both immediate network utilization analysis, and historical analysis or trending. With a sensor network using Argus, organizations may validate the connectivity of end-hosts through multiple routers. Historical netflow data can be used in forensic investigations several months, or years, after an incident has taken place.
Argus’ netflow records offer up to a 10,000:1 ratio from the packet size to the record written to disk, which allows installations to save records for much longer than full packet captures. When network security is very important, non-repudiation becomes a very important requirement that must be provided throughout the network. Network research labs have used Argus to provide network performance measurements of unique protocols, such as Infiniband over IPv6. Argus can be quickly adapted to new protocols, and in some cases, provides the basic metrics without extension. Individuals use Argus in their home networks to give them a heads up on DSL and Cable Modem based networks. Argus provides a higher order view into packet data, that allows a network user the ability to see problems quickly.