While you are looking at bugs in 1.8.1 ...
Carter Bullard
carter at qosient.com
Tue Jul 18 07:33:53 EDT 2000
Hey Peter,
Yes I have the bug for this icmp echo problem.
A tentative solution is to make this change to
./server/cons_icmp.c.
I'll have a more complete solution in Argus-2.0.
Carter
unix4.andrew.cmu.edu% diff cons_icmp.c cons_icmp.c.new
130c130
< if (len >= sizeof (struct icmp)) {
---
> if (len >= ICMP_MINLEN) {
-----Original Message-----
From: owner-argus at lists.andrew.cmu.edu
[mailto:owner-argus at lists.andrew.cmu.edu]On Behalf Of Peter Van Epp
Sent: Monday, July 17, 2000 1:41 PM
To: argus
Subject: While you are looking at bugs in 1.8.1 ...
I have one for you as well. Seems like a perfectly reasonable icmp
packet, but argus doesn't like it for some reason (at least as far as
admitting
to its IP addresses):
tcpdump -r tcpdump2.log -n -x
09:42:16.440982 192.75.240.149 > 206.251.6.192: icmp: echo request
4500 001c 0a3b 0000 0301 270a c04b f095
cefb 06c0 0800 ccff 0200 2900 0452 0002
0000 0000 0000 0000 0000 0000 0000
hcids# argus_bpf -r tcpdump2.log -w - |ra -n -c
1 packets recv'd by filter
0 packets dropped by kernel
Mon 07/17 09:55:22 man 0.0.0.0 0.0.0.0
0 0 0 0 INT
Mon 07/17 09:42:16 icmp 0.0.0.0 -> 0.0.0.0
1 0 ECO
Mon 07/17 09:55:22 man pkts 1 drops 0 flows active
0 closed 1 CLO
and the offending packet :-)
More information about the argus
mailing list