Bug in 1.8
Peter Van Epp
vanepp at sfu.ca
Thu Mar 2 12:48:17 EST 2000
There appears to be a bug in 1.8 (both the release version and the
last emailed beta):
% tcpdump -r tcpdump.log -n
13:10:41.834730 212.216.130.112 > 206.12.30.255: icmp: echo request
% argus_bpf -r tcpdump.log -w - | ra -n
1 packets recv'd by filter
0 packets dropped by kernel
Thu 03/02 09:42:40 man 0.0.0.0 0.0.0.0 INT
Wed 03/01 13:10:41 icmp 0.0.0.0 -> 0.0.0.0 ECO
Thu 03/02 09:42:40 man pkts 1 drops 0 flows 1 CLO
I spent some time scratching my head and cursing our router trying to
figure out why it wasn't blocking address 0.0.0.0 before thinking to start
tcpdump on argus interface simultaneously ... Below is a uuencoded copy of
tcpdump.log for testing purposes.
begin 600 tcpdump.log
MU,.RH0( ! $0 ! 48>].*J\# ] /0 #@8SAS
M70" +<J8>@@ 10 +Q%I !N ?<0U-B"<,X,'O\( "!B )*0PDM,30X
+,#<X-3@ <'0@
end
Peter Van Epp / Operations and Technical Support
Simon Fraser University, Burnaby, B.C. Canada
More information about the argus
mailing list