ra & ragator, alpha 4, output format change.

Chris Newton newton at unb.ca
Fri Jun 15 14:49:43 EDT 2001 

Two apparent bugs.

1)  Alpha 4 of the ra clients, ra, and ragator at least, have changed their 
format.  Witness:

[root at odyssey bin]# /usr/local/nva-src/argus-clients-2.0.1.alpha.4/bin/ra -S 
xxx.yyy.zzz.aaa -I -z -Z b -F ../conf/rarc |more
01-06-15 15:03:48       0.877269        2018.711603     man     
131.202.165.127 v2.0    1       0       0       0       0       0    STA
01-06-15 15:37:27       0.490000        0.120000        udp     138.73.1.253
 53      <->     208.171.246.128 domain  1       1    86       60      CON
01-06-15 15:36:57       0.480000        0.170000        tcp     139.103.81.26
 1214    ?>      12.101.33.226   1280    2       1    120      60      E
01-06-15 15:36:57       0.430000        28.590000       d       tcp     
202.128.10.35   1467    ->      131.202.135.55  1214    12   15       782     
8280    sSE


versus, the old client...

01-06-15 15:03:48       0.877269        2052.615346             man     
version=2.0     probeid=131.202.165.127 STA
01-06-15 15:38:01       0.500000        0.010000        I       udp     
207.179.140.83  137     ->      131.202.1.3     53      1    0
        80      0       INT
01-06-15 15:38:01       0.510000        0.000000                tcp     
195.252.132.29  61020   <|      131.202.135.72  1214    1    1
        62      60      sR
01-06-15 15:38:01       0.520000        0.010000                udp     
205.200.16.65   44235   <->     131.202.3.4     53      1    1
        77      230     ACC
01-06-15 15:38:01       0.570000        0.000000                icmp    
131.202.160.212         <->     207.179.176.91          1    1
        98      98      ECO
01-06-15 15:37:31       0.550000        0.000000                icmp    
131.202.1.3             ->      216.34.131.182          1    0
        udp_port        53      URP
01-06-15 15:37:30       0.190000        0.110000                udp     
131.202.244.3   1025    <->     213.177.194.5   53      2    2
        158     460     CON


 you'll note above, that the protocol column is shifted to the right if there 
are flag values to print... if not, then the flag column for that flow does 
not exist.  This is a change from the ra output (using the same conf file), of 
the older ra.


  2)  You'll notice in the above output from the first (alpha clients), that 
the name of the domain service is listed, not the port...  even telling the 
alpha client -nn, does not change the protocols from being named (ie: still 
names them), not the application.


Chris

_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/

Chris Newton, Systems Analyst
Computing Services, University of New Brunswick
newton at unb.ca 506-447-3212(voice) 506-453-3590(fax)

"The best way to have a good idea is to have a lot of ideas."
Linus Pauling (1901 - 1994) US chemist

More information about the argus mailing list