Mac OS X
vanepp at sfu.ca
vanepp at sfu.ca
Thu May 16 12:19:06 EDT 2002
Well FreeBSD is happy, there is still an endian issue with the ra
summary line though (although everything else looks OK):
OS X
local file (argus.out):
16 May 02 08:54:40 arp 142.58.1.246 who-has 142.58.1.180 1 0 60 0 INT
16 May 02 08:54:46 llc 0:0:1d:d4:97:ec.null -> 1:80:c2:0:0:0.null 2 0 120 0 INT
16 May 02 08:53:39 man pkts 932 bytes 210332 drops 0 flows 0 closed 127 SHT
FreeBSD file (argus.out.f)
16 May 02 08:55:32 arp 142.58.2.14 who-has 142.58.2.12 1 0 60 0 INT
16 May 02 08:55:58 arp 142.58.2.254 who-has 142.58.2.123 3 0 180 0 INT
16 May 02 08:53:14 man pkts 3243999106590310400 bytes -690453719824728064 drops 0 flows 0 closed 155 SHT
FreeBSD:
local file (argus.out, argus.out.f on OS X):
16 May 02 08:55:32 arp 142.58.2.14 who-has 142.58.2.12 1 0 60 0 INT
16 May 02 08:55:58 arp 142.58.2.254 who-has 142.58.2.123 3 0 180 0 INT
16 May 02 08:53:14 man pkts 1325 bytes 289782 drops 0 flows 0 closed 155 SHT
OS X file (argus.out.osx)
16 May 02 08:54:40 arp 142.58.1.246 who-has 142.58.1.180 1 0 60 0 INT
16 May 02 08:54:46 llc 0:0:1d:d4:97:ec.null -> 1:80:c2:0:0:0.null 2 0 120 0 INT
16 May 02 08:53:39 man pkts -6628454226559238144 bytes -7190837931492245504 drops 0 flows 0 closed 127 SHT
This brings on the thought that we should maybe be collecting some
tcp dump files with odd network traffic in them (IPsec and GRE, along with
Vines, Decnet, IPX, Appletalk etc. come to mind here for instance :-)) in
to a standard test data body. We could then use tcpreplay to feed the data
to argus and publish the output from the various tools on a reference platform
so that one and all can verify their port works correctly. It would also be
useful to keep argus output files from both endians for cross platform testing
as above.
Peter Van Epp / Operations and Technical Support
Simon Fraser University, Burnaby, B.C. Canada
More information about the argus
mailing list