argus-2.0.0N (resend)
Carter Bullard
carter at qosient.com
Thu Jan 11 08:50:19 EST 2001
Gentle people,
Argus-2.0.0N is now available for testing. This attempts to fix
a number of reported issues, including an argus core dump
condition, relating possibly to fragment processing. Please
use "N" server and clients for all testing. Thanks!!!
ftp://qosient.com/dev/argus/argus-2.0/argus-2.0.0N.tar.gz
If anyone has a core dump of any kind with this release,
please send me mail, ASAP!
Cisco netflow support is now working, (thanks David!).
All ra() based clients can read Cisco Netflow archive
files and can read netflow records directly from a
router/switch. Ra* will convert the records to Argus
records if the -w option is used.
Ragator() will merge the netflow records together, so
you can generate something of an Argus record from them.
We keep up with the fact that the resulting records came
from a Netflow record, so there is no confusion.
Please give this a run through.
802.1Q and MPLS label parsing is now working correctly,
although we will not have label reporting until after
the initial 2.0 release.
Fragment offset overlap is now being reported correctly, with
the 'V' flag being reported by ra() clients (overrights the
'F' flag when it occurs) when using the -I option.
Snap decodings for many snap dsaps are being reported
correctly now. If you were getting "unkn" protocol types,
this should clear most of them up now. If you are getting
"unkn" protocol reports after this, capture some packets
in a tcpdump() file and send them this way.
ra() filtering for all 180+ ether protos is now supported. Filter
expressions with "ether proto ipx", as an example, now work nicely.
A detailed list of the keywords for all of these supported
protocols is in ./include/ethername.h.
I have made some progress on the ./man/man1 documentation. This
needs some review, so if anyone is interested please take a look.
Getting closer everyone!!!!
Carter
Carter Bullard
QoSient, LLC
300 E. 56th Street, Suite 18K
New York, New York 10022
carter at qosient.com
Phone +1 212 813-9426
Fax +1 212 813-9426
More information about the argus
mailing list