more 2.0.6 conversion bugs in rc.27

Peter Van Epp vanepp at sfu.ca
Sun Aug 27 18:42:50 EDT 2006 

	One more bug which looks to be tangled in the reversal code:

%./ra_test.pl port.argus
sport  65535

line: 1 fields in error: sport,
1151432633.891051,1151432633.891051,1,0.000000,0.000000,64.231.58.119,142.58.65.252,udp,,5436,0,0,113,0,109,0,63,0,1,0,0.00,0.00,inf,0.00,0.0000,0.0000,3848370891,q,0:11:88:5:5d:1d,0:14:51:7a:b:b1,->,,,INT,s[16]="...A...&....N.t.",,,,62171,,,0x0286,,0x16f2
1151432633.891051,1151432633.891051,1,0.000000,0.000000,64.231.58.119,142.58.65.252,udp,65535,5436,0,,113,,109,0,63,0,1,0,0.000,0.000,0.000,0.000,0,0,229.97.122.203,  v      ,0:11:88:5:5d:1d,0:14:51:7a:b:b1,->,,,INT,s[16]="...A...&....N.t.",,,,62171,,,0x0286,,0x16f2,

	Since there aren't any src packets there shouldn't be a source port
number. When I tried defining the metric dsr and checking for src packets
I screwed up somewhere and added fields, but in any case (presumably because
of one of the "reverse some dsrs if no source packets" code) there are source
packets listed but no dest packets. Similar to this one where the tcp windows
are backwards:

%./ra_test.pl  tcp12.argus
swin 0 65535
dwin 65535 0

line: 1 fields in error: swin,dwin,
1155330533.832071,1155330534.228521,1,0.396450,0.396450,64.152.73.70,142.58.121.65,tcp,80,2601,0,0,188,126,54,62,0,0,1,0,1089.67,1251.10,2.52,0.00,0.0000,0.0000,3848370891,d,0:90:69:c0:e0:1f,0:e0:63:13:7e:0,?>,,,RST,,,0,65535,1,,,,,0x999f
1155330533.832071,1155330534.228521,1,0.396450,0.396450,64.152.73.70,142.58.121.65,tcp,80,2601,0,,188,,54,62,0,0,1,0,1089.671,1251.104,2.522,0.000,0,0,229.97.122.203,       d ,0:90:69:c0:e0:1f,0:e0:63:13:7e:0,?>,,,RST,,,65535,0,1,,,,,0x999f,

swin  0
dwin  0

line: 2 fields in error: swin,dwin,
1155330534.228521,1155330534.855027,1,0.626506,0.626506,64.152.73.70,142.58.121.65,tcp,80,2601,0,0,188,126,108,124,0,0,2,2,1379.08,1583.38,3.19,3.19,0.0000,0.0000,3848370891,,0:90:69:c0:e0:1f,0:e0:63:13:7e:0,<?>,,,RST,,,,,2,,,,,0xa2e1
1155330534.228521,1155330534.855027,1,0.626506,0.626506,64.152.73.70,142.58.121.65,tcp,80,2601,0,0,188,126,108,124,0,0,2,2,1379.077,1583.385,3.192,3.192,0,0,229.97.122.203,         ,0:90:69:c0:e0:1f,0:e0:63:13:7e:0,<?>,,,,,,0,0,2,,,,,0xa2e1,0xa2e1

Peter Van Epp / Operations and Technical Support 
Simon Fraser University, Burnaby, B.C. Canada
-------------- next part --------------
A non-text attachment was scrubbed...
Name: port.argus
Type: application/octet-stream
Size: 308 bytes
Desc: not available
URL: <https://pairlist1.pair.net/pipermail/argus/attachments/20060827/fd42dc4f/attachment.obj>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: tcp12.argus
Type: application/octet-stream
Size: 524 bytes
Desc: not available
URL: <https://pairlist1.pair.net/pipermail/argus/attachments/20060827/fd42dc4f/attachment-0001.obj>

More information about the argus mailing list