packet size descrepency
Carter Bullard
carter at qosient.com
Sat Nov 9 09:39:06 EST 2002
Hey Matthew,
Your absolutely correct, in that argus counts total
bytes seen, regardless of the ARGUS_GENERATE_MAC_DATA
variable. Seems like this is the right behavior, so
that argus generates consistent data.
Do you consider this a discrepancy? We could
change the name of the variable to ARGUS_INCLUDE_MAC_DATA?
Carter
> -----Original Message-----
> From: owner-argus-info at lists.andrew.cmu.edu
> [mailto:owner-argus-info at lists.andrew.cmu.edu] On Behalf Of
> Matthew Melvin
> Sent: Saturday, November 09, 2002 7:50 AM
> To: argus-info at lists.andrew.cmu.edu
> Subject: packet size descrepency
>
>
>
> I've been tinkering with argus over the last couple of days
> for using argus
> for traffic accounting. To try and check myself and make
> sure I'm getting
> sane numbers I've been comparing racount's view or things
> with ipchains view
> of things. It seems as if for every packet counted argus see
> 14 extra bytes
> that ipchains doesn't. That would seem consistant with argus
> including the
> src and dst mac's and length/type fields from the ethernet
> packet in its
> total byte count. Does that mean that
> 'ARGUS_GENERATE_MAC_DATA=no' only
> turns off the recording of MAC information not the counting
> of it. Or am I
> completly on the wrong track?
>
> M.
>
> --
> :wq
>
>
>
More information about the argus
mailing list