is this correct?
Peter Van Epp
vanepp at sfu.ca
Tue May 14 00:20:14 EDT 2002
This output looks somewhat odd to me. It may be partly due to being an
OS X capture file being displayed on FreeBSD (thats whats wrong with the
ra summary counts, they are correct on OS X):
./ramon -M svc -c -n -r argus.out.osx
13 May 02 13:18:52 tcp 0.0.0.0.65535 64 62 5616
8476 EST
13 May 02 13:18:52 tcp 0.0.0.0.65535 62 64 8476
5616 EST
13 May 02 13:18:48 udp 0.0.0.0 24 24 2208
2208 CON
13 May 02 13:19:09 icmp 0.0.0.0 22 22 2156
2156 ECO
13 May 02 13:18:47 udp 0.0.0.0 11 0 1738
0 INT
13 May 02 13:18:47 udp 0.0.0.0 0 11 0
1738 INT
13 May 02 13:18:56 udp 0.0.0.0 2 2 469
469 TIM
test6# ^svc^Topn
./ramon -M Topn -c -n -r argus.out.osx
13 May 02 13:18:52 ip 142.58.1.234 75 73 6694
9554 CON
13 May 02 13:18:52 ip 142.58.101.25 73 75 9554
6694 CON
13 May 02 13:18:48 ip 142.58.1.255 0 25 0
2451 TIM
13 May 02 13:18:47 ip 255.255.255.255 0 11 0
1738 INT
13 May 02 13:18:47 ip 142.58.1.33 11 0 1738
0 INT
13 May 02 13:18:48 ip 142.58.1.138 18 0 1656
0 INT
13 May 02 13:18:56 ip 142.58.1.160 6 0 552
0 INT
13 May 02 13:19:03 ip 142.58.1.136 1 0 243
0 TIM
13 May 02 13:18:56 ip 142.58.2.255 0 1 0
226 TIM
13 May 02 13:18:56 ip 142.58.2.2 1 0 226
0 TIM
test6# ./ra -r argus.out.osx -c -n
13 May 02 13:18:45 man version=2.0 probeid=3848370891
STA
13 May 02 13:18:56 udp 142.58.2.2.138 -> 142.58.2.255.138 1
0 226 0 TIM
13 May 02 13:19:03 udp 142.58.1.136.138 -> 142.58.1.255.138 1
0 243 0 TIM
13 May 02 13:19:00 arp 142.58.1.254 who-has 142.58.1.247 1
0 60 0 INT
13 May 02 13:19:01 arp 142.58.1.141 who-has 142.58.1.254 1
0 60 0 INT
13 May 02 13:19:02 llc 8:0:9:77:62:86.gbl -> ff:ff:ff:ff:ff:ff.gbl 1
0 110 0 INT
13 May 02 13:19:04 llc 8:0:9:98:99:2c.gbl -> ff:ff:ff:ff:ff:ff.gbl 1
0 110 0 INT
13 May 02 13:19:07 llc 0:6:29:75:9e:56.gbl -> ff:ff:ff:ff:ff:ff.gbl 1
0 110 0 INT
13 May 02 13:19:08 arp 142.58.1.135 who-has 142.58.1.137 1
0 60 0 INT
13 May 02 13:19:09 icmp 142.58.101.25 <-> 142.58.1.234 1
1 98 98 ECO
13 May 02 13:19:10 llc 0:60:8:92:44:8b.gbl -> ff:ff:ff:ff:ff:ff.gbl 5
0 594 0 INT
13 May 02 13:19:10 icmp 142.58.101.25 <-> 142.58.1.234 1
1 98 98 ECO
13 May 02 13:19:11 icmp 142.58.101.25 <-> 142.58.1.234 1
1 98 98 ECO
13 May 02 13:19:11 llc 8:0:9:74:fa:83.gbl -> ff:ff:ff:ff:ff:ff.gbl 1
0 110 0 INT
13 May 02 13:19:12 icmp 142.58.101.25 <-> 142.58.1.234 1
1 98 98 ECO
13 May 02 13:19:12 llc 0:30:65:96:85:58.snap -> 9:0:7:ff:ff:ff.snap 2
0 120 0 INT
13 May 02 13:19:13 icmp 142.58.101.25 <-> 142.58.1.234 1
1 98 98 ECO
13 May 02 13:19:14 icmp 142.58.101.25 <-> 142.58.1.234 1
1 98 98 ECO
13 May 02 13:19:15 icmp 142.58.101.25 <-> 142.58.1.234 1
1 98 98 ECO
13 May 02 13:19:16 icmp 142.58.101.25 <-> 142.58.1.234 1
1 98 98 ECO
13 May 02 13:19:17 icmp 142.58.101.25 <-> 142.58.1.234 1
1 98 98 ECO
13 May 02 13:19:18 arp 142.58.2.2 who-has 142.58.2.254 1
0 60 0 INT
13 May 02 13:19:18 arp 142.58.1.254 who-has 142.58.1.137 1
0 60 0 INT
13 May 02 13:19:18 llc 0:30:65:e1:56:16.snap -> 9:0:7:ff:ff:ff.snap 1
0 60 0 INT
13 May 02 13:19:18 icmp 142.58.101.25 <-> 142.58.1.234 1
1 98 98 ECO
13 May 02 13:19:18 llc 0:0:94:b6:dd:33.snap -> 9:0:7:ff:ff:ff.snap 1
0 60 0 INT
13 May 02 13:19:19 icmp 142.58.101.25 <-> 142.58.1.234 1
1 98 98 ECO
13 May 02 13:19:19 llc 0:6:29:d3:1e:39.gbl -> ff:ff:ff:ff:ff:ff.gbl 1
0 94 0 INT
13 May 02 13:18:52 llc 0:e0:63:2:d2:44.gbl -> ff:ff:ff:ff:ff:ff.gbl 128
0 63104 0 INT
13 May 02 13:18:52 arp 142.58.1.140 who-has 142.58.1.137 1
0 60 0 INT
13 May 02 13:18:55 llc 8:0:11:d:8e:33.gbl -> ff:ff:ff:ff:ff:ff.gbl 1
0 110 0 INT
13 May 02 13:18:56 udp 142.58.1.160.137 -> 142.58.1.255.137 6
0 552 0 INT
13 May 02 13:18:56 llc 0:6:29:d3:17:eb.gbl -> ff:ff:ff:ff:ff:ff.gbl 6
0 564 0 INT
13 May 02 13:18:56 llc 0:d0:b7:65:5e:11.gbl -> ff:ff:ff:ff:ff:ff.gbl 1
0 110 0 INT
13 May 02 13:18:57 llc 0:6:29:d:42:f4.gbl -> ff:ff:ff:ff:ff:ff.gbl 1
0 110 0 INT
13 May 02 13:18:59 arp 142.58.1.137 who-has 142.58.1.136 1
0 60 0 INT
13 May 02 13:18:46 unkn 0:0:1d:d4:97:ec -> 1:0:1d:0:0:0 7
0 546 0 INT
13 May 02 13:18:46 llc 0:0:1d:d4:97:ec.stp -> 1:80:c2:0:0:0.stp 17
0 1020 0 INT
13 May 02 13:18:47 udp 142.58.1.33.2092 -> 255.255.255.255.192 11
0 1738 0 INT
13 May 02 13:18:48 udp 142.58.1.138.137 -> 142.58.1.255.137 18
0 1656 0 INT
13 May 02 13:18:50 llc 0:6:29:f5:2:7f.gbl -> ff:ff:ff:ff:ff:ff.gbl 1
0 110 0 INT
13 May 02 13:18:51 llc 0:a0:c9:8c:64:d6.gbl -> ff:ff:ff:ff:ff:ff.gbl 9
0 3056 0 INT
13 May 02 13:18:52 tcp 142.58.1.234.49154 ?> 142.58.101.25.22 64
62 5616 8476 EST
13 May 02 13:18:45 man pkts 8719250353565990912 bytes 3270740328889450496
drops 0 flows 0 closed 42 SHT
test6#
and then the output from a local capture file on this machine:
test6# ./ramon -M svc -c -n -r argus.out
13 May 02 21:16:00 icmp 0.0.0.0 40 40 2960
2960 ECO
13 May 02 21:15:52 udp 0.0.0.0 5 5 1207
1207 TIM
13 May 02 21:15:41 udp 0.0.0.0 12 12 1104
1104 CON
13 May 02 21:15:44 udp 0.0.0.0 5 5 450
450 CON
13 May 02 21:16:14 icmp 0.0.0.0 1 1 70
70 URH
13 May 02 21:15:38 tcp 0.0.0.0.65535 1 1 74
60 TIM
13 May 02 21:15:38 tcp 0.0.0.0.65535 1 1 60
74 TIM
test6# ^svc^Topn
./ramon -M Topn -c -n -r argus.out
13 May 02 21:15:38 ip 142.58.46.113 21 21 1540
1554 TIM
13 May 02 21:15:38 ip 142.58.1.236 21 21 1554
1540 TIM
13 May 02 21:15:41 ip 142.58.1.255 0 16 0
2085 TIM
13 May 02 21:15:41 ip 142.58.1.160 12 0 1104
0 INT
13 May 02 21:15:44 ip 142.58.1.230 5 1 450
70 TIM
13 May 02 21:15:44 ip 142.58.195.100 0 5 0
450 INT
13 May 02 21:15:55 ip 142.58.1.137 1 0 252
0 TIM
13 May 02 21:16:03 ip 142.58.1.246 1 0 243
0 TIM
13 May 02 21:16:10 ip 142.58.1.228 1 0 243
0 TIM
13 May 02 21:15:57 ip 142.58.1.225 1 0 243
0 TIM
13 May 02 21:15:52 ip 142.58.2.255 0 1 0
226 TIM
13 May 02 21:15:52 ip 142.58.2.2 1 0 226
0 TIM
13 May 02 21:16:14 ip 142.58.1.254 1 0 70
0 TIM
test6# ./ra -r argus.out -c -n
13 May 02 21:15:38 man version=2.0 probeid=3848370891
STA
13 May 02 21:15:38 tcp 142.58.1.236.22 <?> 142.58.46.113.697 1
1 74 60 TIM
13 May 02 21:15:52 udp 142.58.2.2.138 -> 142.58.2.255.138 1
0 226 0 TIM
13 May 02 21:15:55 udp 142.58.1.137.138 -> 142.58.1.255.138 1
0 252 0 TIM
13 May 02 21:15:57 udp 142.58.1.225.138 -> 142.58.1.255.138 1
0 243 0 TIM
13 May 02 21:16:03 udp 142.58.1.246.138 -> 142.58.1.255.138 1
0 243 0 TIM
13 May 02 21:16:10 udp 142.58.1.228.138 -> 142.58.1.255.138 1
0 243 0 TIM
13 May 02 21:16:14 icmp 142.58.1.254 -> 142.58.1.230 1
0 70 0 URH
13 May 02 21:16:02 llc 0:6:29:75:9a:35.gbl -> ff:ff:ff:ff:ff:ff.gbl 1
0 110 0 INT
13 May 02 21:16:27 llc 0:6:29:f5:2:7f.gbl -> ff:ff:ff:ff:ff:ff.gbl 1
0 110 0 INT
13 May 02 21:15:49 llc 0:60:8:92:44:8b.gbl -> ff:ff:ff:ff:ff:ff.gbl 1
0 110 0 INT
13 May 02 21:16:03 icmp 142.58.46.113 <-> 142.58.1.236 1
1 74 74 ECO
13 May 02 21:16:15 icmp 142.58.46.113 <-> 142.58.1.236 1
1 74 74 ECO
13 May 02 21:16:12 icmp 142.58.46.113 <-> 142.58.1.236 1
1 74 74 ECO
13 May 02 21:15:48 llc 0:60:b0:c7:e4:1a.gbl -> ff:ff:ff:ff:ff:ff.gbl 1
0 110 0 INT
13 May 02 21:16:30 llc 0:d0:b7:65:5e:11.gbl -> ff:ff:ff:ff:ff:ff.gbl 1
0 60 0 INT
13 May 02 21:16:14 llc 8:0:9:98:99:2c.gbl -> ff:ff:ff:ff:ff:ff.gbl 1
0 110 0 INT
13 May 02 21:16:01 icmp 142.58.46.113 <-> 142.58.1.236 1
1 74 74 ECO
13 May 02 21:16:06 icmp 142.58.46.113 <-> 142.58.1.236 1
1 74 74 ECO
13 May 02 21:16:18 icmp 142.58.46.113 <-> 142.58.1.236 1
1 74 74 ECO
13 May 02 21:16:16 icmp 142.58.46.113 <-> 142.58.1.236 1
1 74 74 ECO
13 May 02 21:15:55 arp 142.58.1.180 who-has 142.58.1.254 1
0 60 0 INT
13 May 02 21:16:29 llc 8:0:11:d:8e:33.gbl -> ff:ff:ff:ff:ff:ff.gbl 1
0 110 0 INT
13 May 02 21:16:20 icmp 142.58.46.113 <-> 142.58.1.236 1
1 74 74 ECO
13 May 02 21:15:58 llc 0:2:55:70:1a:b.gbl -> ff:ff:ff:ff:ff:ff.gbl 1
0 110 0 INT
13 May 02 21:16:09 icmp 142.58.46.113 <-> 142.58.1.236 1
1 74 74 ECO
13 May 02 21:16:03 llc 0:6:29:d3:a:17.gbl -> ff:ff:ff:ff:ff:ff.gbl 3
0 386 0 INT
13 May 02 21:16:19 icmp 142.58.46.113 <-> 142.58.1.236 1
1 74 74 ECO
13 May 02 21:16:08 icmp 142.58.46.113 <-> 142.58.1.236 1
1 74 74 ECO
13 May 02 21:16:25 llc 0:1:e6:31:e7:c8.gbl -> ff:ff:ff:ff:ff:ff.gbl 1
0 110 0 INT
13 May 02 21:16:03 arp 142.58.1.254 who-has 142.58.1.35 1
0 60 0 INT
13 May 02 21:16:12 llc 8:0:9:77:62:86.gbl -> ff:ff:ff:ff:ff:ff.gbl 1
0 110 0 INT
13 May 02 21:16:21 icmp 142.58.46.113 <-> 142.58.1.236 1
1 74 74 ECO
13 May 02 21:16:07 icmp 142.58.46.113 <-> 142.58.1.236 1
1 74 74 ECO
13 May 02 21:16:23 arp 142.58.1.254 who-has 142.58.1.103 1
0 60 0 INT
13 May 02 21:15:48 llc 0:60:b0:c7:e4:1a.netw -> ff:ff:ff:ff:ff:ff.netw 1
0 113 0 INT
13 May 02 21:15:44 llc 0:a0:c9:8c:64:d6.gbl -> ff:ff:ff:ff:ff:ff.gbl 11
0 2706 0 INT
13 May 02 21:16:05 arp 142.58.1.254 who-has 142.58.1.142 1
0 60 0 INT
13 May 02 21:16:10 llc 0:a0:83:3d:7:e7.gbl -> ff:ff:ff:ff:ff:ff.gbl 2
0 326 0 INT
13 May 02 21:16:05 icmp 142.58.46.113 <-> 142.58.1.236 1
1 74 74 ECO
13 May 02 21:16:13 icmp 142.58.46.113 <-> 142.58.1.236 1
1 74 74 ECO
13 May 02 21:16:09 arp 142.58.2.254 who-has 142.58.2.84 3
0 180 0 INT
13 May 02 21:15:44 llc 0:e0:63:2:d2:44.gbl -> ff:ff:ff:ff:ff:ff.gbl 117
0 57236 0 INT
13 May 02 21:16:02 icmp 142.58.46.113 <-> 142.58.1.236 1
1 74 74 ECO
13 May 02 21:16:00 icmp 142.58.46.113 <-> 142.58.1.236 1
1 74 74 ECO
13 May 02 21:16:21 llc 8:0:9:74:fa:83.gbl -> ff:ff:ff:ff:ff:ff.gbl 1
0 110 0 INT
13 May 02 21:15:40 llc 0:0:1d:d4:97:f0.stp -> 1:80:c2:0:0:0.stp 26
0 1560 0 INT
13 May 02 21:15:41 udp 142.58.1.160.137 -> 142.58.1.255.137 12
0 1104 0 INT
13 May 02 21:16:14 icmp 142.58.46.113 <-> 142.58.1.236 1
1 74 74 ECO
13 May 02 21:16:11 icmp 142.58.46.113 <-> 142.58.1.236 1
1 74 74 ECO
13 May 02 21:15:41 llc 0:6:29:d3:17:eb.gbl -> ff:ff:ff:ff:ff:ff.gbl 13
0 1188 0 INT
13 May 02 21:16:22 arp 142.58.1.100 who-has 142.58.1.137 1
0 60 0 INT
13 May 02 21:16:10 icmp 142.58.46.113 <-> 142.58.1.236 1
1 74 74 ECO
13 May 02 21:15:44 udp 142.58.1.230.123 -> 142.58.195.100.123 5
0 450 0 INT
13 May 02 21:15:45 llc 0:6:29:75:9e:56.gbl -> ff:ff:ff:ff:ff:ff.gbl 1
0 110 0 INT
13 May 02 21:16:31 llc 0:6:29:d3:1e:39.gbl -> ff:ff:ff:ff:ff:ff.gbl 1
0 94 0 INT
13 May 02 21:15:38 man pkts 259 bytes 71284 drops 0 flow
s 0 closed 55 SHT
Peter Van Epp / Operations and Technical Support
Simon Fraser University, Burnaby, B.C. Canada
More information about the argus
mailing list