While you are looking at bugs in 1.8.1 ...
Peter Van Epp
vanepp at sfu.ca
Mon Jul 17 13:41:10 EDT 2000
I have one for you as well. Seems like a perfectly reasonable icmp
packet, but argus doesn't like it for some reason (at least as far as admitting
to its IP addresses):
tcpdump -r tcpdump2.log -n -x
09:42:16.440982 192.75.240.149 > 206.251.6.192: icmp: echo request
4500 001c 0a3b 0000 0301 270a c04b f095
cefb 06c0 0800 ccff 0200 2900 0452 0002
0000 0000 0000 0000 0000 0000 0000
hcids# argus_bpf -r tcpdump2.log -w - |ra -n -c
1 packets recv'd by filter
0 packets dropped by kernel
Mon 07/17 09:55:22 man 0.0.0.0 0.0.0.0 0 0 0 0 INT
Mon 07/17 09:42:16 icmp 0.0.0.0 -> 0.0.0.0 1 0 ECO
Mon 07/17 09:55:22 man pkts 1 drops 0 flows active 0 closed 1 CLO
and the offending packet :-)
begin 644 tcpdump2.log
MU,.RH0(`!````````````&`````!````:#=S.9:Z!@`\````/`````"`+<J8
M>@#@8SAS70@`10``'`H[```#`2<*P$OPE<[[!L`(`,S_`@`I``12``(`````
*````````````````
`
end
More information about the argus
mailing list