Missing port number (same 2.0.3 buglet?)
Peter Van Epp
vanepp at sfu.ca
Tue Oct 30 11:26:42 EST 2001
My first suggestion would be run tcpdump on the same interface at the
same time (assuming cycles are available) and see what it thinks the IP address
/ port number is (which also gives a file for reproducing the bug in argus).
Peter Van Epp / Operations and Technical Support
Simon Fraser University, Burnaby, B.C. Canada
>
> Hi all,
>
> This may be related to the semi-bug that was found by Chris/Carter (and to
> be fixed in 2.0.4) but just in case it's not, I'm wondering under what
> conditions argus() would completely miss a port number in a tcp session.
>
> Example:
>
> 30 Oct 01 16:34:25 tcp 212.bbb.xxx.219.51116 -> 194.aaa.yyy.80 EST
> 30 Oct 01 16:34:56 tcp 212.bbb.xxx.219.51116 -> 194.aaa.yyy.80 EST
> 30 Oct 01 16:36:13 tcp 212.bbb.xxx.219.51116 -> 194.aaa.yyy.80 EST
> 30 Oct 01 16:36:44 tcp 212.bbb.xxx.219.51116 -> 194.aaa.yyy.80 EST
> 30 Oct 01 16:37:14 tcp 212.bbb.xxx.219.51116 -> 194.aaa.yyy.80 EST
>
> As you can see, it's got the source port just fine, 51116, however, there's
> no destination port. Indeed, raxml also can't find it, and even listening
> to argus() live with ra() doesn't catch it:
>
> 30 Oct 01 16:57:33 tcp 194.aaa.yyy.80 ?> 212.bbb.xxx.219.51116 EST
>
> Nothing being done for filtering other than specifying the two hosts in
> question.
>
> Thanks for any ideas!
>
> Scott
>
More information about the argus
mailing list