Official rc.24 releases on the server

Peter Van Epp vanepp at sfu.ca
Fri Aug 11 11:18:00 EDT 2006


On Fri, Aug 11, 2006 at 07:03:54AM -0400, Carter Bullard wrote:
> Hey Peter,
> Hmmmm, works here on 64-bit linux, 32-bit linux, g5 mac os x, reading  
> any
> of the files you've ever sent, either v3 or v2, so not sure what the  
> problem is.
> I'm 'on the road' until middle next week, but if you find something I  
> can
> fix, I'll try to get it up on the list before that!!!!!!
> 
> Carter
> 

	Hmmm, I  only tried the large file on both FreeBSD and the IBM Power5
and both gave no output. However rc.25 compiles and runs fine so I'll likely
ignore it :-). Pretty much the usual suspects (mostly explainable with 
direction and state supressed) on rc.25 so it looks good. Most of these can
be fixed in the perl script. I'm still thinking about whether something useful
(I think, as you say, entirely correct under all conditions is out of the 
question :-)) on the igmp ip_id: It should be fixable for capture machine ==
display machine endian anyway which may be useful if its easy enough. 

%./ra_test.pl rs178.2.argus | more
sipid 0xd21b 0x1bd2

line: 361 fields in error: sipid,
1151432429.126443,1151432860.570563,1,431.444120,431.444120,142.58.60.61,224.0.0
.251,igmp,22,0,0,0,1,0,100,0,16,0,2,0,1.85,0.00,0.00,0.00,0.0000,0.0000,38483708
91,q,0:11:24:97:47:52,1:0:5e:0:0:fb,->,,,CON,s[8]="........",,,,8856,,,0x0280,,0
xd21b
1151432429.126443,1151432860.570563,1,431.444120,431.444122,142.58.60.61,224.0.0
.251,igmp,,,0,,1,,100,0,16,0,2,0,1.854,0.000,0.005,0.000,0,0,229.97.122.203, v  
     ,0:11:24:97:47:52,1:0:5e:0:0:fb,->,,,INT,s[8]="........",,,,8856,,,0x0280,,
0x1bd2,

sipid 0xd21c 0x1cd2

line: 366 fields in error: sipid,
1151432429.128613,1151432860.570569,1,431.441956,431.441956,142.58.60.61,239.255
.255.253,igmp,22,0,0,0,1,0,100,0,16,0,2,0,1.85,0.00,0.00,0.00,0.0000,0.0000,3848
370891,q,0:11:24:97:47:52,1:0:5e:7f:ff:fd,->,,,CON,s[8]="........",,,,8857,,,0x0
280,,0xd21c
1151432429.128613,1151432860.570569,1,431.441956,431.441956,142.58.60.61,239.255
.255.253,igmp,,,0,,1,,100,0,16,0,2,0,1.854,0.000,0.005,0.000,0,0,229.97.122.203,
 v       ,0:11:24:97:47:52,1:0:5e:7f:ff:fd,->,,,INT,s[8]="........",,,,8857,,,0x
0280,,0x1cd2,

flgs2 = s
flgs32 = 

line: 1026 fields in error: flgs,
1151432430.055001,1151433528.697155,1,1098.642154,1098.642154,208.38.3.62,142.58
.213.62,esp,0,16248,0,0,52,0,1385072,0,1193096,0,5052,0,10085.70,0.00,4.60,0.00,
0.0000,0.0000,3848370891,qs,0:11:88:5:5d:1d,0:10:db:73:dd:51,->,841639.000000,,I
NT,s[16]="x?`X4........v$.",,,,7469,,,0x0200,,0x5b5f
1151432430.055001,1151433528.697155,1,1098.642154,1098.642212,208.38.3.62,142.58
.213.62,esp,,1532968824,0,,52,,1385072,0,1193096,0,5052,0,10085.700,0.000,4.598,
0.000,0,0,229.97.122.203, v       ,0:11:88:5:5d:1d,0:10:db:73:dd:51,->,841639.00
0000,,INT,s[16]="x?`X4........v$.",,,,7469,,,0x0200,,0x5b5f,


line: 1437 fields in error: proto,
1151432430.303049,1151432430.303049,1,0.000000,0.000000,37:20:31:31:3a:32,3e:4a:
75:6e:20:32,1234,0,0,,,,,89,0,75,0,1,0,0.00,0.00,inf,0.00,0.0000,0.0000,38483708
91,,37:20:31:31:3a:32,3e:4a:75:6e:20:32,->,,,INT,s[16]="E..K.. at ...Zg.:..",,,,755
3,,,,,
1151432430.303049,1151432430.303049,1,0.000000,0.000000,37:20:31:31:3a:32,3e:4a:
75:6e:20:32,12346,*,*,,,,,89,0,75,0,1,0,0.000,0.000,0.000,0.000,0,0,229.97.122.2
03,         ,37:20:31:31:3a:32,3e:4a:75:6e:20:32,->,,,INT,s[16]="E..K.. at ...Zg.:.
.",,,,7553,,,,,,


line: 7087 fields in error: proto,
1151432438.009534,1151433518.132416,1,1080.122882,1080.122882,0:2:2d:14:76:96,ff
:ff:ff:ff:ff:ff,1024,0,0,,,,,4180,0,3334,0,47,0,30.96,0.00,0.04,0.00,0.0000,0.00
00,3848370891,q,0:2:2d:14:76:96,ff:ff:ff:ff:ff:ff,->,,,INT,s[16]="............S.
..",,,,12948,,,0x0281,,
1151432438.009534,1151433518.132416,1,1080.122882,1080.122925,0:2:2d:14:76:96,ff
:ff:ff:ff:ff:ff,10240,*,*,,,,,4180,0,3334,0,47,0,30.959,0.000,0.044,0.000,0,0,22
9.97.122.203, v       ,0:2:2d:14:76:96,ff:ff:ff:ff:ff:ff,->,,,INT,s[16]=".......
.....S...",,,,12948,,,0x0281,,,

dport 69 *

line: 7119 fields in error: dport,
1151432438.061363,1151432446.063961,1,8.002598,8.002598,0:0:0:0:0:0,4c:46:1:1:1:
0,llc,0,69,,,,,488,0,416,0,4,0,487.84,0.00,0.50,0.00,0.0000,0.0000,3848370891,,0
:0:0:0:0:0,4c:46:1:1:1:0,->,,,INT,s[16]=".. at ...ZH.:......",,,,13398,,,,,
1151432438.061363,1151432446.063961,1,8.002598,8.002598,0:0:0:0:0:0,4c:46:1:1:1:
0,llc,*,0x45,,,,,488,0,416,0,4,0,487.842,0.000,0.500,0.000,0,0,229.97.122.203,  
       ,0:0:0:0:0:0,4c:46:1:1:1:0,->,,,INT,s[16]=".. at ...ZH.:......",,,,13398,,,,
,,


line: 8297 fields in error: proto,
1151432439.909985,1151433296.414413,1,856.504428,856.504428,142.58.141.41,142.58
.167.126,udp,1025,53,0,0,255,255,3392,10144,1460,8212,42,42,31.68,94.75,0.05,0.0
5,0.0000,0.0000,3848370891,q,0:12:3f:4d:94:7e,0:11:88:5:5d:1d,<->,,,CON,s[16]=".
7...........web",d[16]=".7...........web",,,14090,,,0x0200,0x8200,0x6b84
1151432439.909985,1151433296.414413,1,856.504428,856.504456,142.58.141.41,142.58
.167.126,rtp,1025,53,0,0,255,255,3392,10144,1460,8212,42,42,31.682,94.748,0.049,
0.049,0,0,229.97.122.203, v       ,0:12:3f:4d:94:7e,0:11:88:5:5d:1d,<->,,,CON,s[
16]=".7...........web",d[16]=".7...........web",,,14090,,,0x0200,0x8200,0x6b84,0
x6b84


line: 10498 fields in error: proto,
1151432443.760171,1151433523.733647,1,1079.973476,1079.973476,0:e:9b:42:aa:fa,ff
:ff:ff:ff:ff:ff,1024,0,0,,,,,1140,0,798,0,19,0,8.44,0.00,0.02,0.00,0.0000,0.0000
,3848370891,q,0:e:9b:42:aa:fa,ff:ff:ff:ff:ff:ff,->,,,INT,s[16]="............S...
",,,,15435,,,0x0281,,
1151432443.760171,1151433523.733647,1,1079.973476,1079.973511,0:e:9b:42:aa:fa,ff
:ff:ff:ff:ff:ff,10240,*,*,,,,,1140,0,798,0,19,0,8.445,0.000,0.018,0.000,0,0,229.
97.122.203, v       ,0:e:9b:42:aa:fa,ff:ff:ff:ff:ff:ff,->,,,INT,s[16]=".........
...S...",,,,15435,,,0x0281,,,


line: 13369 fields in error: proto,
1151432449.710964,1151433501.344255,1,1051.633291,1051.633291,0:1:f4:36:6b:45,1:
80:c2:0:0:2,3482,0,0,,,,,4464,0,3960,0,36,0,33.96,0.00,0.03,0.00,0.0000,0.0000,3
848370891,,0:1:f4:36:6b:45,1:80:c2:0:0:2,->,,,INT,s[16]="................",,,,17
147,,,,,
1151432449.710964,1151433501.344255,1,1051.633291,1051.633301,0:1:f4:36:6b:45,1:
80:c2:0:0:2,slow,*,*,,,,,4464,0,3960,0,36,0,33.959,0.000,0.034,0.000,0,0,229.97.
122.203,         ,0:1:f4:36:6b:45,1:80:c2:0:0:2,->,,,INT,s[16]="................
",,,,17147,,,,,,


line: 13671 fields in error: proto,
1151432450.477278,1151433506.357963,1,1055.880685,1055.880685,142.58.160.126,142
.58.172.111,udp,137,137,0,0,255,255,960,1104,500,644,10,10,7.27,8.36,0.01,0.01,0
.0000,0.0000,3848370891,q,0:11:43:17:b6:43,0:11:88:5:5d:1d,<->,,,CON,s[16]=".D..
........FDE",d[16]=".D..........FDE",,,18030,,,0x8200,0x8200,0xc165
1151432450.477278,1151433506.357963,1,1055.880685,1055.880737,142.58.160.126,142
.58.172.111,rtp,137,137,0,0,255,255,960,1104,500,644,10,10,7.274,8.365,0.009,0.0
09,0,0,229.97.122.203, v       ,0:11:43:17:b6:43,0:11:88:5:5d:1d,<->,,,CON,s[16]
=".D.......... FDE",d[16]=".D.......... FDE",,,18030,,,0x8200,0x8200,0xc165,0xc1
65

sport 0 
dport 0 

line: 14486 fields in error: dport,sport,
1151432452.697981,1151433521.295228,1,1068.597247,1068.597247,142.58.219.2,142.5
8.170.39,vine,0,0,0,0,255,255,2224,2396,1160,1256,28,30,16.65,17.94,0.03,0.03,0.
0000,0.0000,3848370891,q,0:10:4b:66:4f:9a,0:11:88:5:5d:1d,<->,,,CON,s[16]="...x.
$..........",d[16]=".8...$..........",,,18358,,,0x8200,0x8200,0x66b5
1151432452.697981,1151433521.295228,1,1068.597247,1068.597290,142.58.219.2,142.5
8.170.39,vines,,,0,0,255,255,2224,2396,1160,1256,28,30,16.650,17.938,0.026,0.028
,0,0,229.97.122.203, v       ,0:10:4b:66:4f:9a,0:11:88:5:5d:1d,<->,,,CON,s[16]="
...x.$..........",d[16]=".8...$..........",,,18358,,,0x8200,0x8200,0x66b5,0x66b5


Peter Van Epp / Operations and Technical Support 
Simon Fraser University, Burnaby, B.C. Canada



More information about the argus mailing list