ra possible formatting bug
Carter Bullard
carter at qosient.com
Tue Jan 30 09:41:34 EST 2001
Hey Russell,
Its the rtp discovery logic. Argus found an RTP pattern
in a few UDP flows, and its telling us that it thinks
there maybe RTP running on these ports. I need to tune it
down a bit (criteria should involve at least 3 packets
before determination is made).
So not an inherent problem with ra or argus, hopefully
just a tuning issue.
Carter
Carter Bullard
QoSient, LLC
300 E. 56th Street, Suite 18K
New York, New York 10022
carter at qosient.com
Phone +1 212 813-9426
Fax +1 212 813-9426
> -----Original Message-----
> From: r.fulton at auckland.ac.nz [mailto:r.fulton at auckland.ac.nz]
> Sent: Monday, January 29, 2001 11:19 PM
> To: Carter Bullard
> Subject: ra possible formatting bug
>
>
> Hi Carter,
>
> bash-2.04$ bin/ra -Incr
> data/2001.01.27/argus-2001.01.27.23.00.gz - host 202.27.184.3 | less
> 27 Jan 01 23:04:25 udp 202.27.184.3.37198 <->
> 130.216.1.4.53 1 1 89 337 ACC
> 27 Jan 01 23:07:55 udp 202.27.184.3.37198 <->
> 130.216.191.1.53 1 1 86 334 ACC
> 27 Jan 01 23:08:28 udp 130.216.240.2.21465 <->
> 202.27.184.3.53 1 1 86 155 ACC
> 27 Jan 01 23:12:31 udp 202.27.184.3.37198 <->
> 130.216.191.4.53 1 1 86 144 ACC
> 27 Jan 01 23:13:33 udp 202.27.184.3.37198 <->
> 130.216.1.4.53 1 1 86 144 ACC
> 27 Jan 01 23:13:47 udp 202.27.184.3.37198 <->
> 130.216.35.100.53 1 1 91 165 ACC
> 27 Jan 01 23:16:15 udp 202.27.184.3.37198 <->
> 130.216.191.1.53 1 1 97 155 ACC
> 27 Jan 01 23:20:14 udp 202.27.184.3.37198 <->
> 130.216.191.4.53 1 1 91 317 ACC
> 27 Jan 01 23:20:35 udp 202.27.184.3.37198 <->
> 130.216.1.4.53 1 1 86 340 ACC
> 27 Jan 01 23:21:46 rtp 130.216.1.1.39541 <->
> 202.27.184.3.53 1 1 89 232 ACC
> 27 Jan 01 23:29:12 udp 202.27.184.3.37198 <->
> 130.216.191.4.53 1 1 86 144 ACC
> 27 Jan 01 23:30:29 udp 202.27.184.3.37198 <->
> 130.216.191.1.53 1 1 87 145 ACC
> 27 Jan 01 23:32:24 udp 202.27.184.3.37198 <->
> 130.216.191.4.53 1 1 86 144 ACC
> 27 Jan 01 23:36:02 udp 202.27.184.3.37198 <->
> 130.216.191.1.53 1 1 97 155 ACC
> 27 Jan 01 23:46:14 udp 202.27.184.3.37198 <->
> 130.216.191.1.53 1 1 86 144 ACC
> 27 Jan 01 23:51:12 udp 202.27.184.3.37198 <->
> 130.216.191.4.53 1 1 86 144 ACC
> 27 Jan 01 23:55:57 rtp 202.27.184.3.37198 <->
> 130.216.191.1.53 1 1 97 155 ACC
> 27 Jan 01 23:57:28 udp 130.216.240.2.21500 <->
> 202.27.184.3.53 1 1 86 155 ACC
>
> Hmmm.... rtp ???? odd see what nn says....
>
> bash-2.04$ bin/ra -Inncr
> data/2001.01.27/argus-2001.01.27.23.00.gz - host 202.27.184.3 | less
> 27 Jan 01 23:04:25 17 202.27.184.3.37198 <->
> 130.216.1.4.53 1 1 89 337 ACC
> 27 Jan 01 23:07:55 17 202.27.184.3.37198 <->
> 130.216.191.1.53 1 1 86 334 ACC
> 27 Jan 01 23:08:28 17 130.216.240.2.21465 <->
> 202.27.184.3.53 1 1 86 155 ACC
> 27 Jan 01 23:12:31 17 202.27.184.3.37198 <->
> 130.216.191.4.53 1 1 86 144 ACC
> 27 Jan 01 23:13:33 17 202.27.184.3.37198 <->
> 130.216.1.4.53 1 1 86 144 ACC
> 27 Jan 01 23:13:47 17 202.27.184.3.37198 <->
> 130.216.35.100.53 1 1 91 165 ACC
> 27 Jan 01 23:16:15 17 202.27.184.3.37198 <->
> 130.216.191.1.53 1 1 97 155 ACC
> 27 Jan 01 23:20:14 17 202.27.184.3.37198 <->
> 130.216.191.4.53 1 1 91 317 ACC
> 27 Jan 01 23:20:35 17 202.27.184.3.37198 <->
> 130.216.1.4.53 1 1 86 340 ACC
> 27 Jan 01 23:21:46 17 130.216.1.1.39541 <->
> 202.27.184.3.53 1 1 89 232 ACC
> 27 Jan 01 23:29:12 17 202.27.184.3.37198 <->
> 130.216.191.4.53 1 1 86 144 ACC
> 27 Jan 01 23:30:29 17 202.27.184.3.37198 <->
> 130.216.191.1.53 1 1 87 145 ACC
> 27 Jan 01 23:32:24 17 202.27.184.3.37198 <->
> 130.216.191.4.53 1 1 86 144 ACC
> 27 Jan 01 23:36:02 17 202.27.184.3.37198 <->
> 130.216.191.1.53 1 1 97 155 ACC
> 27 Jan 01 23:46:14 17 202.27.184.3.37198 <->
> 130.216.191.1.53 1 1 86 144 ACC
> 27 Jan 01 23:51:12 17 202.27.184.3.37198 <->
> 130.216.191.4.53 1 1 86 144 ACC
> 27 Jan 01 23:55:57 17 202.27.184.3.37198 <->
> 130.216.191.1.53 1 1 97 155 ACC
> 27 Jan 01 23:57:28 17 130.216.240.2.21500 <->
> 202.27.184.3.53 1 1 86 155 ACC
>
> Hmmm.... looks like a bug to me, presumably in ra.
>
> Cheers, Russell
>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 3699 bytes
Desc: not available
URL: <https://pairlist1.pair.net/pipermail/argus/attachments/20010130/7c487172/attachment.bin>
More information about the argus
mailing list