is this correct?
Carter Bullard
carter at qosient.com
Tue May 14 06:59:53 EDT 2002
Hey Peter,
I'm on the road today, but I'll check it out tomorrow,
or late tonight. It is screwy. The sort order doesn't
look quite right, but for the most part they are correct,
in that they output data, its somewhat structured and
the programs aren't blowing up. Maybe an alignment error?
ramon outputs argus records, so if you want to see more
of whats going on, run ramon with the " -w - " option
and pipe it to ra or raxml.
Carter
Carter Bullard
QoSient, LLC
300 E. 56th Street, Suite 18K
New York, New York 10022
carter at qosient.com
Phone +1 212 588-9133
Fax +1 212 588-9134
http://qosient.com
> -----Original Message-----
> From: owner-argus-info at lists.andrew.cmu.edu
> [mailto:owner-argus-info at lists.andrew.cmu.edu] On Behalf Of
> Peter Van Epp
> Sent: Tuesday, May 14, 2002 12:20 AM
> To: argus
> Subject: is this correct?
>
>
> This output looks somewhat odd to me. It may be partly
> due to being an OS X capture file being displayed on FreeBSD
> (thats whats wrong with the
> ra summary counts, they are correct on OS X):
>
> ./ramon -M svc -c -n -r argus.out.osx
> 13 May 02 13:18:52 tcp 0.0.0.0.65535 64
> 62 5616
> 8476 EST
> 13 May 02 13:18:52 tcp 0.0.0.0.65535 62
> 64 8476
> 5616 EST
> 13 May 02 13:18:48 udp 0.0.0.0 24
> 24 2208
> 2208 CON
> 13 May 02 13:19:09 icmp 0.0.0.0 22
> 22 2156
> 2156 ECO
> 13 May 02 13:18:47 udp 0.0.0.0 11 0
> 1738
> 0 INT
> 13 May 02 13:18:47 udp 0.0.0.0 0
> 11 0
> 1738 INT
> 13 May 02 13:18:56 udp 0.0.0.0 2 2
> 469
> 469 TIM
> test6# ^svc^Topn
> ./ramon -M Topn -c -n -r argus.out.osx
> 13 May 02 13:18:52 ip 142.58.1.234 75
> 73 6694
> 9554 CON
> 13 May 02 13:18:52 ip 142.58.101.25 73
> 75 9554
> 6694 CON
> 13 May 02 13:18:48 ip 142.58.1.255 0
> 25 0
> 2451 TIM
> 13 May 02 13:18:47 ip 255.255.255.255 0
> 11 0
> 1738 INT
> 13 May 02 13:18:47 ip 142.58.1.33 11 0
> 1738
> 0 INT
> 13 May 02 13:18:48 ip 142.58.1.138 18 0
> 1656
> 0 INT
> 13 May 02 13:18:56 ip 142.58.1.160 6 0
> 552
> 0 INT
> 13 May 02 13:19:03 ip 142.58.1.136 1 0
> 243
> 0 TIM
> 13 May 02 13:18:56 ip 142.58.2.255 0 1
> 0
> 226 TIM
> 13 May 02 13:18:56 ip 142.58.2.2 1 0
> 226
> 0 TIM
> test6# ./ra -r argus.out.osx -c -n
> 13 May 02 13:18:45 man version=2.0 probeid=3848370891
> STA
> 13 May 02 13:18:56 udp 142.58.2.2.138 ->
> 142.58.2.255.138 1
> 0 226 0 TIM
> 13 May 02 13:19:03 udp 142.58.1.136.138 ->
> 142.58.1.255.138 1
> 0 243 0 TIM
> 13 May 02 13:19:00 arp 142.58.1.254 who-has
> 142.58.1.247 1
> 0 60 0 INT
> 13 May 02 13:19:01 arp 142.58.1.141 who-has
> 142.58.1.254 1
> 0 60 0 INT
> 13 May 02 13:19:02 llc 8:0:9:77:62:86.gbl ->
> ff:ff:ff:ff:ff:ff.gbl 1
> 0 110 0 INT
> 13 May 02 13:19:04 llc 8:0:9:98:99:2c.gbl ->
> ff:ff:ff:ff:ff:ff.gbl 1
> 0 110 0 INT
> 13 May 02 13:19:07 llc 0:6:29:75:9e:56.gbl ->
> ff:ff:ff:ff:ff:ff.gbl 1
> 0 110 0 INT
> 13 May 02 13:19:08 arp 142.58.1.135 who-has
> 142.58.1.137 1
> 0 60 0 INT
> 13 May 02 13:19:09 icmp 142.58.101.25 <->
> 142.58.1.234 1
> 1 98 98 ECO
> 13 May 02 13:19:10 llc 0:60:8:92:44:8b.gbl ->
> ff:ff:ff:ff:ff:ff.gbl 5
> 0 594 0 INT
> 13 May 02 13:19:10 icmp 142.58.101.25 <->
> 142.58.1.234 1
> 1 98 98 ECO
> 13 May 02 13:19:11 icmp 142.58.101.25 <->
> 142.58.1.234 1
> 1 98 98 ECO
> 13 May 02 13:19:11 llc 8:0:9:74:fa:83.gbl ->
> ff:ff:ff:ff:ff:ff.gbl 1
> 0 110 0 INT
> 13 May 02 13:19:12 icmp 142.58.101.25 <->
> 142.58.1.234 1
> 1 98 98 ECO
> 13 May 02 13:19:12 llc 0:30:65:96:85:58.snap ->
> 9:0:7:ff:ff:ff.snap 2
> 0 120 0 INT
> 13 May 02 13:19:13 icmp 142.58.101.25 <->
> 142.58.1.234 1
> 1 98 98 ECO
> 13 May 02 13:19:14 icmp 142.58.101.25 <->
> 142.58.1.234 1
> 1 98 98 ECO
> 13 May 02 13:19:15 icmp 142.58.101.25 <->
> 142.58.1.234 1
> 1 98 98 ECO
> 13 May 02 13:19:16 icmp 142.58.101.25 <->
> 142.58.1.234 1
> 1 98 98 ECO
> 13 May 02 13:19:17 icmp 142.58.101.25 <->
> 142.58.1.234 1
> 1 98 98 ECO
> 13 May 02 13:19:18 arp 142.58.2.2 who-has
> 142.58.2.254 1
> 0 60 0 INT
> 13 May 02 13:19:18 arp 142.58.1.254 who-has
> 142.58.1.137 1
> 0 60 0 INT
> 13 May 02 13:19:18 llc 0:30:65:e1:56:16.snap ->
> 9:0:7:ff:ff:ff.snap 1
> 0 60 0 INT
> 13 May 02 13:19:18 icmp 142.58.101.25 <->
> 142.58.1.234 1
> 1 98 98 ECO
> 13 May 02 13:19:18 llc 0:0:94:b6:dd:33.snap ->
> 9:0:7:ff:ff:ff.snap 1
> 0 60 0 INT
> 13 May 02 13:19:19 icmp 142.58.101.25 <->
> 142.58.1.234 1
> 1 98 98 ECO
> 13 May 02 13:19:19 llc 0:6:29:d3:1e:39.gbl ->
> ff:ff:ff:ff:ff:ff.gbl 1
> 0 94 0 INT
> 13 May 02 13:18:52 llc 0:e0:63:2:d2:44.gbl ->
> ff:ff:ff:ff:ff:ff.gbl 128
> 0 63104 0 INT
> 13 May 02 13:18:52 arp 142.58.1.140 who-has
> 142.58.1.137 1
> 0 60 0 INT
> 13 May 02 13:18:55 llc 8:0:11:d:8e:33.gbl ->
> ff:ff:ff:ff:ff:ff.gbl 1
> 0 110 0 INT
> 13 May 02 13:18:56 udp 142.58.1.160.137 ->
> 142.58.1.255.137 6
> 0 552 0 INT
> 13 May 02 13:18:56 llc 0:6:29:d3:17:eb.gbl ->
> ff:ff:ff:ff:ff:ff.gbl 6
> 0 564 0 INT
> 13 May 02 13:18:56 llc 0:d0:b7:65:5e:11.gbl ->
> ff:ff:ff:ff:ff:ff.gbl 1
> 0 110 0 INT
> 13 May 02 13:18:57 llc 0:6:29:d:42:f4.gbl ->
> ff:ff:ff:ff:ff:ff.gbl 1
> 0 110 0 INT
> 13 May 02 13:18:59 arp 142.58.1.137 who-has
> 142.58.1.136 1
> 0 60 0 INT
> 13 May 02 13:18:46 unkn 0:0:1d:d4:97:ec ->
> 1:0:1d:0:0:0 7
> 0 546 0 INT
> 13 May 02 13:18:46 llc 0:0:1d:d4:97:ec.stp ->
> 1:80:c2:0:0:0.stp 17
> 0 1020 0 INT
> 13 May 02 13:18:47 udp 142.58.1.33.2092 ->
> 255.255.255.255.192 11
> 0 1738 0 INT
> 13 May 02 13:18:48 udp 142.58.1.138.137 ->
> 142.58.1.255.137 18
> 0 1656 0 INT
> 13 May 02 13:18:50 llc 0:6:29:f5:2:7f.gbl ->
> ff:ff:ff:ff:ff:ff.gbl 1
> 0 110 0 INT
> 13 May 02 13:18:51 llc 0:a0:c9:8c:64:d6.gbl ->
> ff:ff:ff:ff:ff:ff.gbl 9
> 0 3056 0 INT
> 13 May 02 13:18:52 tcp 142.58.1.234.49154 ?>
> 142.58.101.25.22 64
> 62 5616 8476 EST
> 13 May 02 13:18:45 man pkts 8719250353565990912 bytes
> 3270740328889450496
> drops 0 flows 0 closed 42 SHT
> test6#
>
> and then the output from a local capture file on this machine:
>
> test6# ./ramon -M svc -c -n -r argus.out
> 13 May 02 21:16:00 icmp 0.0.0.0 40
> 40 2960
> 2960 ECO
> 13 May 02 21:15:52 udp 0.0.0.0 5 5
> 1207
> 1207 TIM
> 13 May 02 21:15:41 udp 0.0.0.0 12
> 12 1104
> 1104 CON
> 13 May 02 21:15:44 udp 0.0.0.0 5 5
> 450
> 450 CON
> 13 May 02 21:16:14 icmp 0.0.0.0 1 1
> 70
> 70 URH
> 13 May 02 21:15:38 tcp 0.0.0.0.65535 1 1
> 74
> 60 TIM
> 13 May 02 21:15:38 tcp 0.0.0.0.65535 1 1
> 60
> 74 TIM
> test6# ^svc^Topn
> ./ramon -M Topn -c -n -r argus.out
> 13 May 02 21:15:38 ip 142.58.46.113 21
> 21 1540
> 1554 TIM
> 13 May 02 21:15:38 ip 142.58.1.236 21
> 21 1554
> 1540 TIM
> 13 May 02 21:15:41 ip 142.58.1.255 0
> 16 0
> 2085 TIM
> 13 May 02 21:15:41 ip 142.58.1.160 12 0
> 1104
> 0 INT
> 13 May 02 21:15:44 ip 142.58.1.230 5 1
> 450
> 70 TIM
> 13 May 02 21:15:44 ip 142.58.195.100 0 5
> 0
> 450 INT
> 13 May 02 21:15:55 ip 142.58.1.137 1 0
> 252
> 0 TIM
> 13 May 02 21:16:03 ip 142.58.1.246 1 0
> 243
> 0 TIM
> 13 May 02 21:16:10 ip 142.58.1.228 1 0
> 243
> 0 TIM
> 13 May 02 21:15:57 ip 142.58.1.225 1 0
> 243
> 0 TIM
> 13 May 02 21:15:52 ip 142.58.2.255 0 1
> 0
> 226 TIM
> 13 May 02 21:15:52 ip 142.58.2.2 1 0
> 226
> 0 TIM
> 13 May 02 21:16:14 ip 142.58.1.254 1 0
> 70
> 0 TIM
> test6# ./ra -r argus.out -c -n
> 13 May 02 21:15:38 man version=2.0 probeid=3848370891
> STA
> 13 May 02 21:15:38 tcp 142.58.1.236.22 <?>
> 142.58.46.113.697 1
> 1 74 60 TIM
> 13 May 02 21:15:52 udp 142.58.2.2.138 ->
> 142.58.2.255.138 1
> 0 226 0 TIM
> 13 May 02 21:15:55 udp 142.58.1.137.138 ->
> 142.58.1.255.138 1
> 0 252 0 TIM
> 13 May 02 21:15:57 udp 142.58.1.225.138 ->
> 142.58.1.255.138 1
> 0 243 0 TIM
> 13 May 02 21:16:03 udp 142.58.1.246.138 ->
> 142.58.1.255.138 1
> 0 243 0 TIM
> 13 May 02 21:16:10 udp 142.58.1.228.138 ->
> 142.58.1.255.138 1
> 0 243 0 TIM
> 13 May 02 21:16:14 icmp 142.58.1.254 ->
> 142.58.1.230 1
> 0 70 0 URH
> 13 May 02 21:16:02 llc 0:6:29:75:9a:35.gbl ->
> ff:ff:ff:ff:ff:ff.gbl 1
> 0 110 0 INT
> 13 May 02 21:16:27 llc 0:6:29:f5:2:7f.gbl ->
> ff:ff:ff:ff:ff:ff.gbl 1
> 0 110 0 INT
> 13 May 02 21:15:49 llc 0:60:8:92:44:8b.gbl ->
> ff:ff:ff:ff:ff:ff.gbl 1
> 0 110 0 INT
> 13 May 02 21:16:03 icmp 142.58.46.113 <->
> 142.58.1.236 1
> 1 74 74 ECO
> 13 May 02 21:16:15 icmp 142.58.46.113 <->
> 142.58.1.236 1
> 1 74 74 ECO
> 13 May 02 21:16:12 icmp 142.58.46.113 <->
> 142.58.1.236 1
> 1 74 74 ECO
> 13 May 02 21:15:48 llc 0:60:b0:c7:e4:1a.gbl ->
> ff:ff:ff:ff:ff:ff.gbl 1
> 0 110 0 INT
> 13 May 02 21:16:30 llc 0:d0:b7:65:5e:11.gbl ->
> ff:ff:ff:ff:ff:ff.gbl 1
> 0 60 0 INT
> 13 May 02 21:16:14 llc 8:0:9:98:99:2c.gbl ->
> ff:ff:ff:ff:ff:ff.gbl 1
> 0 110 0 INT
> 13 May 02 21:16:01 icmp 142.58.46.113 <->
> 142.58.1.236 1
> 1 74 74 ECO
> 13 May 02 21:16:06 icmp 142.58.46.113 <->
> 142.58.1.236 1
> 1 74 74 ECO
> 13 May 02 21:16:18 icmp 142.58.46.113 <->
> 142.58.1.236 1
> 1 74 74 ECO
> 13 May 02 21:16:16 icmp 142.58.46.113 <->
> 142.58.1.236 1
> 1 74 74 ECO
> 13 May 02 21:15:55 arp 142.58.1.180 who-has
> 142.58.1.254 1
> 0 60 0 INT
> 13 May 02 21:16:29 llc 8:0:11:d:8e:33.gbl ->
> ff:ff:ff:ff:ff:ff.gbl 1
> 0 110 0 INT
> 13 May 02 21:16:20 icmp 142.58.46.113 <->
> 142.58.1.236 1
> 1 74 74 ECO
> 13 May 02 21:15:58 llc 0:2:55:70:1a:b.gbl ->
> ff:ff:ff:ff:ff:ff.gbl 1
> 0 110 0 INT
> 13 May 02 21:16:09 icmp 142.58.46.113 <->
> 142.58.1.236 1
> 1 74 74 ECO
> 13 May 02 21:16:03 llc 0:6:29:d3:a:17.gbl ->
> ff:ff:ff:ff:ff:ff.gbl 3
> 0 386 0 INT
> 13 May 02 21:16:19 icmp 142.58.46.113 <->
> 142.58.1.236 1
> 1 74 74 ECO
> 13 May 02 21:16:08 icmp 142.58.46.113 <->
> 142.58.1.236 1
> 1 74 74 ECO
> 13 May 02 21:16:25 llc 0:1:e6:31:e7:c8.gbl ->
> ff:ff:ff:ff:ff:ff.gbl 1
> 0 110 0 INT
> 13 May 02 21:16:03 arp 142.58.1.254 who-has
> 142.58.1.35 1
> 0 60 0 INT
> 13 May 02 21:16:12 llc 8:0:9:77:62:86.gbl ->
> ff:ff:ff:ff:ff:ff.gbl 1
> 0 110 0 INT
> 13 May 02 21:16:21 icmp 142.58.46.113 <->
> 142.58.1.236 1
> 1 74 74 ECO
> 13 May 02 21:16:07 icmp 142.58.46.113 <->
> 142.58.1.236 1
> 1 74 74 ECO
> 13 May 02 21:16:23 arp 142.58.1.254 who-has
> 142.58.1.103 1
> 0 60 0 INT
> 13 May 02 21:15:48 llc 0:60:b0:c7:e4:1a.netw ->
> ff:ff:ff:ff:ff:ff.netw 1
> 0 113 0 INT
> 13 May 02 21:15:44 llc 0:a0:c9:8c:64:d6.gbl ->
> ff:ff:ff:ff:ff:ff.gbl 11
> 0 2706 0 INT
> 13 May 02 21:16:05 arp 142.58.1.254 who-has
> 142.58.1.142 1
> 0 60 0 INT
> 13 May 02 21:16:10 llc 0:a0:83:3d:7:e7.gbl ->
> ff:ff:ff:ff:ff:ff.gbl 2
> 0 326 0 INT
> 13 May 02 21:16:05 icmp 142.58.46.113 <->
> 142.58.1.236 1
> 1 74 74 ECO
> 13 May 02 21:16:13 icmp 142.58.46.113 <->
> 142.58.1.236 1
> 1 74 74 ECO
> 13 May 02 21:16:09 arp 142.58.2.254 who-has
> 142.58.2.84 3
> 0 180 0 INT
> 13 May 02 21:15:44 llc 0:e0:63:2:d2:44.gbl ->
> ff:ff:ff:ff:ff:ff.gbl 117
> 0 57236 0 INT
> 13 May 02 21:16:02 icmp 142.58.46.113 <->
> 142.58.1.236 1
> 1 74 74 ECO
> 13 May 02 21:16:00 icmp 142.58.46.113 <->
> 142.58.1.236 1
> 1 74 74 ECO
> 13 May 02 21:16:21 llc 8:0:9:74:fa:83.gbl ->
> ff:ff:ff:ff:ff:ff.gbl 1
> 0 110 0 INT
> 13 May 02 21:15:40 llc 0:0:1d:d4:97:f0.stp ->
> 1:80:c2:0:0:0.stp 26
> 0 1560 0 INT
> 13 May 02 21:15:41 udp 142.58.1.160.137 ->
> 142.58.1.255.137 12
> 0 1104 0 INT
> 13 May 02 21:16:14 icmp 142.58.46.113 <->
> 142.58.1.236 1
> 1 74 74 ECO
> 13 May 02 21:16:11 icmp 142.58.46.113 <->
> 142.58.1.236 1
> 1 74 74 ECO
> 13 May 02 21:15:41 llc 0:6:29:d3:17:eb.gbl ->
> ff:ff:ff:ff:ff:ff.gbl 13
> 0 1188 0 INT
> 13 May 02 21:16:22 arp 142.58.1.100 who-has
> 142.58.1.137 1
> 0 60 0 INT
> 13 May 02 21:16:10 icmp 142.58.46.113 <->
> 142.58.1.236 1
> 1 74 74 ECO
> 13 May 02 21:15:44 udp 142.58.1.230.123 ->
> 142.58.195.100.123 5
> 0 450 0 INT
> 13 May 02 21:15:45 llc 0:6:29:75:9e:56.gbl ->
> ff:ff:ff:ff:ff:ff.gbl 1
> 0 110 0 INT
> 13 May 02 21:16:31 llc 0:6:29:d3:1e:39.gbl ->
> ff:ff:ff:ff:ff:ff.gbl 1
> 0 94 0 INT
> 13 May 02 21:15:38 man pkts 259 bytes 71284
> drops 0 flow
> s 0 closed 55 SHT
>
>
> Peter Van Epp / Operations and Technical Support
> Simon Fraser University, Burnaby, B.C. Canada
>
>
>
More information about the argus
mailing list