bug in man record?
Thorbjörn Axelsson
thx+argus at medic.chalmers.se
Thu Feb 24 02:53:40 EST 2005
I have been seeing this since I set it up and just considered it a bug
to look into sometime.
$ ra -L0 -r argus.eth01 - man
StartTime Flgs Type SrcAddr Sport Dir DstAddr
Dport SrcPkt DstPkt SrcBytes DstBytes State
03 Feb 05 13:23:00 man argus v2.0
1 0 0 0 0 0 STA
24 Feb 05 08:13:01 man argus v2.0
178870372 14914 1240595 43 1170900874 14383 CON
24 Feb 05 08:18:01 man argus v2.0
178901104 16687 1911197 321 1198490253 23411 CON
24 Feb 05 08:23:01 man argus v2.0
178932730 18173 1674789 4294966962 1323632876 25328 CON
I'm pretty confident that the last entry of dropped packets (DstPkt) is
a 32bit integer that has wrapped backwards. A negative amount of
dropped packets is just insane [hmm.. I got a few extra bonus packets
:) ]
My guess is that this is some kind of thread-problem since this
instance of argus listens to two interfaces. I have two machines with
four interfaces each and in all four instances of argus I see the same
problem frequently, several times every hour.
I don't really want to break up my system, but it would be interesting
to test how four instances of argus would behave instead of two (i.e.
one argus / interface).
Not that this problem is crucial at the moment, but I do want to graph
the amount of dropped packets, but at the moment I can't really trust
those counters.
regards,
Thorbjörn
More information about the argus
mailing list