While you are looking at bugs in 1.8.1 ...
Carter Bullard
carter at qosient.com
Mon Jul 17 16:10:10 EDT 2000
Hey Peter,
This is not good. I'll look into it as soon as
my last machines get in, probably Wed.
Carter
-----Original Message-----
From: owner-argus at lists.andrew.cmu.edu
[mailto:owner-argus at lists.andrew.cmu.edu]On Behalf Of Peter Van Epp
Sent: Monday, July 17, 2000 1:41 PM
To: argus
Subject: While you are looking at bugs in 1.8.1 ...
I have one for you as well. Seems like a perfectly reasonable icmp
packet, but argus doesn't like it for some reason (at least as far as
admitting
to its IP addresses):
tcpdump -r tcpdump2.log -n -x
09:42:16.440982 192.75.240.149 > 206.251.6.192: icmp: echo request
4500 001c 0a3b 0000 0301 270a c04b f095
cefb 06c0 0800 ccff 0200 2900 0452 0002
0000 0000 0000 0000 0000 0000 0000
hcids# argus_bpf -r tcpdump2.log -w - |ra -n -c
1 packets recv'd by filter
0 packets dropped by kernel
Mon 07/17 09:55:22 man 0.0.0.0 0.0.0.0
0 0 0 0 INT
Mon 07/17 09:42:16 icmp 0.0.0.0 -> 0.0.0.0
1 0 ECO
Mon 07/17 09:55:22 man pkts 1 drops 0 flows active
0 closed 1 CLO
and the offending packet :-)
More information about the argus
mailing list