more 2.0.6 conversion bugs in rc.27

Carter Bullard carter at qosient.com
Mon Aug 28 15:02:34 EDT 2006 

Hey Peter,
All Udp traffic has src and dst port numbers, so your mods to v2.x  
are incorrect.
But 65525 is not a good port number, so that may be an issue.

Argus-3.0.rc.27 fixes the argus data in the second problem (this is  
derived from
tcptest1.tcp, which you sent earlier) so that the windows and  
direction are all
correct.  The original argus-2.x output for this data is flawed, but  
I've corrected
argus-clients-3.0 so that it does the right thing with window size  
reporting, i.e.
if the packet count is zero, don't print a zero.

Carter


On Aug 27, 2006, at 6:42 PM, Peter Van Epp wrote:

> 	One more bug which looks to be tangled in the reversal code:
>
> %./ra_test.pl port.argus
> sport  65535
>
> line: 1 fields in error: sport,
> 1151432633.891051,1151432633.891051,1,0.000000,0.000000,64.231.58.119, 
> 142.58.65.252,udp,,5436,0,0,113,0,109,0,63,0,1,0,0.00,0.00,inf, 
> 0.00,0.0000,0.0000,3848370891,q,0:11:88:5:5d:1d,0:14:51:7a:b:b1,- 
> >,,,INT,s[16]="...A...&....N.t.",,,,62171,,,0x0286,,0x16f2
> 1151432633.891051,1151432633.891051,1,0.000000,0.000000,64.231.58.119, 
> 142.58.65.252,udp, 
> 65535,5436,0,,113,,109,0,63,0,1,0,0.000,0.000,0.000,0.000,0,0,229.97.1 
> 22.203,  v      ,0:11:88:5:5d:1d,0:14:51:7a:b:b1,->,,,INT,s[16] 
> ="...A...&....N.t.",,,,62171,,,0x0286,,0x16f2,
>
> 	Since there aren't any src packets there shouldn't be a source port
> number. When I tried defining the metric dsr and checking for src  
> packets
> I screwed up somewhere and added fields, but in any case  
> (presumably because
> of one of the "reverse some dsrs if no source packets" code) there  
> are source
> packets listed but no dest packets. Similar to this one where the  
> tcp windows
> are backwards:
>
> %./ra_test.pl  tcp12.argus
> swin 0 65535
> dwin 65535 0
>
> line: 1 fields in error: swin,dwin,
> 1155330533.832071,1155330534.228521,1,0.396450,0.396450,64.152.73.70,1 
> 42.58.121.65,tcp, 
> 80,2601,0,0,188,126,54,62,0,0,1,0,1089.67,1251.10,2.52,0.00,0.0000,0.0 
> 000,3848370891,d,0:90:69:c0:e0:1f,0:e0:63:13:7e:0,?>,,,RST,,, 
> 0,65535,1,,,,,0x999f
> 1155330533.832071,1155330534.228521,1,0.396450,0.396450,64.152.73.70,1 
> 42.58.121.65,tcp, 
> 80,2601,0,,188,,54,62,0,0,1,0,1089.671,1251.104,2.522,0.000,0,0,229.97 
> .122.203,       d ,0:90:69:c0:e0:1f,0:e0:63:13:7e:0,?>,,,RST,,, 
> 65535,0,1,,,,,0x999f,
>
> swin  0
> dwin  0
>
> line: 2 fields in error: swin,dwin,
> 1155330534.228521,1155330534.855027,1,0.626506,0.626506,64.152.73.70,1 
> 42.58.121.65,tcp, 
> 80,2601,0,0,188,126,108,124,0,0,2,2,1379.08,1583.38,3.19,3.19,0.0000,0 
> .0000,3848370891,,0:90:69:c0:e0:1f,0:e0:63:13:7e:0,<?>,,,RST,,,,, 
> 2,,,,,0xa2e1
> 1155330534.228521,1155330534.855027,1,0.626506,0.626506,64.152.73.70,1 
> 42.58.121.65,tcp, 
> 80,2601,0,0,188,126,108,124,0,0,2,2,1379.077,1583.385,3.192,3.192,0,0, 
> 229.97.122.203,         ,0:90:69:c0:e0:1f,0:e0:63:13:7e:0,<?>,,,,,, 
> 0,0,2,,,,,0xa2e1,0xa2e1
>
> Peter Van Epp / Operations and Technical Support
> Simon Fraser University, Burnaby, B.C. Canada
> <port.argus>
> <tcp12.argus>

Carter Bullard
CEO/President
QoSient, LLC
150 E. 57th Street Suite 12D
New York, New York 10022

+1 212 588-9133 Phone
+1 212 588-9134 Fax


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://pairlist1.pair.net/pipermail/argus/attachments/20060828/1ae02fca/attachment.html>

More information about the argus mailing list