rc.28 code on the server
Peter Van Epp
vanepp at sfu.ca
Thu Aug 31 16:13:39 EDT 2006
Is this something that got fixed in rc.28 and/or is anyone else seeing
something like this (this started on an rc.27 argus) and at this point I'm not
sure if it is the machine or argus doing something odd. The next time it
occurs (if it occurs again) I'll start tcpdump on the input interfaces on
the rc.28 machine and see if the traffic is getting through PF-ring. So far
rc.28 hasn't done this ...
-rw-r--r-- 1 root root 248103017 2006-08-28 11:00 com_argus.2006.08.28.10.00.01.0.gz
-rw-r--r-- 1 root root 250700520 2006-08-28 12:00 com_argus.2006.08.28.11.00.01.0.gz
-rw-r--r-- 1 root root 205990503 2006-08-28 12:59 com_argus.2006.08.28.12.00.01.0.gz
-rw-r--r-- 1 root root 9365 2006-08-28 14:00 com_argus.2006.08.28.13.00.01.0.gz
-rw-r--r-- 1 root root 13356226 2006-08-28 15:00 com_argus.2006.08.28.14.00.01.0.gz
-rw-r--r-- 1 root root 227929506 2006-08-28 16:00 com_argus.2006.08.28.15.00.01.0.gz
-rw-r--r-- 1 root root 8789 2006-08-28 17:00 com_argus.2006.08.28.16.00.01.0.gz
-rw-r--r-- 1 root root 8674 2006-08-28 18:00 com_argus.2006.08.28.17.00.01.0.gz
-rw-r--r-- 1 root root 9003 2006-08-28 18:59 com_argus.2006.08.28.18.00.01.0.gz
...
-rw-r--r-- 1 root root 8714 2006-08-30 04:00 com_argus.2006.08.30.03.00.01.0.gz
-rw-r--r-- 1 root root 9056 2006-08-30 04:59 com_argus.2006.08.30.04.00.01.0.gz
-rw-r--r-- 1 root root 8778 2006-08-30 05:59 com_argus.2006.08.30.05.00.01.0.gz
-rw-r--r-- 1 root root 13663 2006-08-30 06:59 com_argus.2006.08.30.06.00.01.0.gz
-rw-r--r-- 1 root root 8600 2006-08-30 07:59 com_argus.2006.08.30.07.00.01.0.gz
-rw-r--r-- 1 root root 74229135 2006-08-30 09:00 com_argus.2006.08.30.08.00.01.0.gz
-rw-r--r-- 1 root root 171664017 2006-08-30 10:00 com_argus.2006.08.30.09.00.01.0.gz
-rw-r--r-- 1 root root 192866845 2006-08-30 11:00 com_argus.2006.08.30.10.00.01.0.gz
-rw-r--r-- 1 root root 204016615 2006-08-30 12:00 com_argus.2006.08.30.11.00.01.0.gz
what the traffic should look like from the production 2.0.6 sensor
on another port of the same netoptics regen tap:
-rw-r--r-- 1 argus argus 120980723 Aug 28 11:36 com_argus.2006.08.28.10.00.00.0.gz
-rw-r--r-- 1 argus argus 123339406 Aug 28 12:36 com_argus.2006.08.28.11.00.01.0.gz
-rw-r--r-- 1 argus argus 121647201 Aug 28 13:38 com_argus.2006.08.28.12.00.00.0.gz
-rw-r--r-- 1 argus argus 120930784 Aug 28 14:36 com_argus.2006.08.28.13.00.00.0.gz
-rw-r--r-- 1 argus argus 118050238 Aug 28 15:36 com_argus.2006.08.28.14.00.00.0.gz
-rw-r--r-- 1 argus argus 121435282 Aug 28 16:37 com_argus.2006.08.28.15.00.00.0.gz
-rw-r--r-- 1 argus argus 110350419 Aug 28 17:35 com_argus.2006.08.28.16.00.00.0.gz
-rw-r--r-- 1 argus argus 99515164 Aug 28 18:27 com_argus.2006.08.28.17.00.00.0.gz
-rw-r--r-- 1 argus argus 98197894 Aug 28 19:28 com_argus.2006.08.28.18.00.00.0.gz
and the rc.27 traffic from the com_argus.2006.08.28.13.00.01.0.gz file:
13:59:46.094891 arp 207.23.240.150 who 207.23.240.146 2 0 120 0 INT
13:59:47.315927 arp 207.23.240.149 who 207.23.240.150 1 0 60 0 INT
13:59:49.649137 arp 207.23.240.145 who 207.23.240.147 1 0 60 0 INT
13:59:55.094224 arp 207.23.240.150 who 207.23.240.146 1 0 60 0 INT
13:59:55.535175 arp 207.23.240.145 who 207.23.240.148 5 0 300 0 INT
13:59:55.538269 arp 207.23.240.145 who 207.23.240.146 5 0 300 0 INT
and the first part of the next hour when it suddenly recovered for a while:
14:52:58.135170 arp 207.23.240.145 who 207.23.2
40.147 1 0 60 0 INT
14:53:01.485225 arp 207.23.240.150 who 207.23.2
40.146 1 0 60 0 INT
14:53:09.336266 arp 207.23.240.145 who 207.23.2
40.147 1 0 60 0 INT
21:00:17.770307 man 0 0
2025 1 9 9 2025 936383052 CON
14:53:25.440184 arp 207.23.240.145 who 207.23.2
40.147 1 0 60 0 INT
14:53:38.038736 arp 207.23.240.145 who 207.23.2
40.147 1 0 60 0 INT
14:53:41.181923 arp 207.23.240.149 who 207.23.2
40.150 1 0 60 0 INT
14:53:52.488353 arp 207.23.240.150 who 207.23.2
40.146 1 0 60 0 INT
14:53:54.251419 arp 207.23.240.149 who 207.23.2
40.150 1 0 60 0 INT
14:53:55.440267 arp 207.23.240.145 who 207.23.2
40.147 1 0 60 0 INT
14:54:02.828733 arp 207.23.240.149 who 207.23.2
40.150 1 0 60 0 INT
14:54:09.002910 arp 207.23.240.149 who 207.23.2
40.150 1 0 60 0 INT
14:54:09.441663 arp 207.23.240.145 who 207.23.2
40.147 1 0 60 0 INT
21:00:17.770307 man 1 0
2026 1 10 9 2026 936385044 CON
14:54:16.489878 arp 207.23.240.150 who 207.23.2
40.146 1 0 60 0 INT
14:54:27.643210 arp 207.23.240.145 who 207.23.2
40.147 1 0 60 0 INT
14:54:42.244543 arp 207.23.240.145 who 207.23.2
40.147 1 0 60 0 INT
14:54:46.492655 arp 207.23.240.150 who 207.23.2
40.146 2 0 120 0 INT
14:54:54.389963 arp 207.23.240.149 who 207.23.2
40.150 1 0 60 0 INT
14:54:55.045667 arp 207.23.240.145 who 207.23.2
40.147 1 0 60 0 INT
14:54:55.492091 arp 207.23.240.150 who 207.23.2
40.146 1 0 60 0 INT
14:55:09.047166 arp 207.23.240.145 who 207.23.2
40.147 1 0 60 0 INT
21:00:17.770307 man 0 0
2025 1 8 8 2025 936386048 CON
14:55:24.548353 arp 207.23.240.145 who 207.23.2
40.147 1 0 60 0 INT
14:55:31.494229 arp 207.23.240.150 who 207.23.2
40.146 1 0 60 0 INT
14:55:40.749712 arp 207.23.240.145 who 207.23.2
40.147 1 0 60 0 INT
14:55:54.513931 arp 207.23.240.149 who 207.23.2
40.150 1 0 60 0 INT
14:55:59.351714 arp 207.23.240.145 who 207.23.2
40.147 1 0 60 0 INT
14:56:01.507091 arp 207.23.240.150 who 207.23.2
40.146 2 0 120 0 INT
14:56:10.506526 arp 207.23.240.150 who 207.23.2
40.146 1 0 60 0 INT
21:00:17.770307 man 1 0
2026 1 9 7 2026 936388032 CON
14:56:13.852709 arp 207.23.240.145 who 207.23.2
40.147 1 0 60 0 INT
14:56:22.507439 arp 207.23.240.150 who 207.23.2
40.146 1 0 60 0 INT
14:56:25.174858 udp 204.239.18.203.13730 <-> 88.104.
58.223.6970 684 4 337269 492 CON
14:56:25.175251 udp 204.239.18.203.15360 <-> 88.108.1
02.123.6970 690 7 383654 721 CON
14:56:25.175150 udp 204.239.18.203.17348 <-> 84.69.1
94.245.6970 350 5 209509 608 CON
14:56:25.175350 udp 204.239.18.203.29324 <-> 24.158.
46.112.6970 454 6 232990 668 CON
14:56:25.175550 tcp 204.239.18.38.80 <?> 139.142
.116.2.35699 2317 1306 3359138 86196 CON
14:56:25.177247 tcp 204.239.18.203.554 <?> 72.160.1
59.103.50123 233 101 347203 5466 CON
14:56:25.181544 tcp 142.58.241.219.60094 <?> 212.58.2
24.132.554 13 11 702 9208 CON
14:56:25.190625 s tcp 142.58.102.1.80 <?> 195.56.2
39.185.3767 119 60 169694 3520 CON
14:56:25.177746 s tcp 142.58.129.61.3389 <?> 207.216.
88.139.4181 83 39 57566 2202 CON
14:56:25.184039 d tcp 142.58.211.84.54583 <?> 209.73.1
89.126.80 305 275 20702 407070 CON
14:56:25.180143 tcp 142.58.44.23.51063 <?> 70.171.1
14.124.443 158 71 28096 4714 CON
Peter Van Epp / Operations and Technical Support
Simon Fraser University, Burnaby, B.C. Canada
More information about the argus
mailing list