Confirming Argus accuracy

[Carter Bullard]

Hey Andrew,
   Yes, argus can read tcpdump formatted files, so
you can validate the argus results by looking at the
packets themselves and comparing with the argus output.

   If you do find any inconsistency, please don't hesitate
to send some mail to the list.   The best way to fix
any bug that you may turn up is to make your packet
capture files that demonstrate the bug available to
the list.  If that would be possible, that would be
excellent!!!

Thanks,

Carter

Carter Bullard
QoSient, LLC
300 E. 56th Street, Suite 18K
New York, New York  10022

carter at qosient.com
Phone +1 212 588-9133
Fax   +1 212 588-9134
http://qosient.com
 

-----Original Message-----
From: owner-argus-info at lists.andrew.cmu.edu
[mailto:owner-argus-info at lists.andrew.cmu.edu] On Behalf Of Andrew
Pollock
Sent: Monday, October 14, 2002 1:01 AM
To: argus-info at lists.andrew.cmu.edu
Subject: Re: Confirming Argus accuracy


On Mon, Oct 14, 2002 at 02:55:00PM +1000, Andrew Pollock wrote:
> Hi,
> 
> I've got a problem where on a segment that Argus is monitoring, it 
> seems
> to be producing stupid results.
> 
> I'm not pointing the finger at Argus, I'm suspecting the Ethernet 
> setup at
> this stage, however, I need to get to the bottom of it.
> 
> Is there a way that I can use tcpdump files to simulate traffic?
> 
> What I'd like to try and do is capture some traffic from a few other 
> areas
> on the network with tcpdump (I don't want to and can't install Argus 
> everywhere) and then try and work out if and where I'm losing
visibility 
> of the traffic.

Helps if I read the man page *before* I ask the silly question.

Andrew