A IPV6 triple
Peter Van Epp
vanepp at sfu.ca
Wed Jul 26 21:37:17 EDT 2006
Looks to be a few problems here too (again tcpdump file attached):
V3 doesn't appear to be providing Macs, I suspect the "udp" wants to be
"ipv6-udp", the v2 to v3 conversion isn't getting the ethertype correctly,
and aggregation appears different (which may be a bug or working as designed
:-)) since the pure V3 stream at the end has different packets than the first
2 (which are from the v2.0.6 file) and a much different duration which would
seem to point to different aggregation stratigies. I'm not sure if v6 has an
ipid, but the 0 at the end is a bit suspicious :-). The source address seems
convoluted enough for v6 but the dest address of ff02::fb (unless this is
shorthand for the v6 broadcast address which it may be) seems a little short.
%./ra_test.pl vs62.argus vs63.argus | more
sport 0 * 5353
dport 0 * 5353
srate 1298.16 1298.164 4166.856
smac 0:11:24:73:73:f8 0:11:24:73:73:f8
dmac 33:33:0:0:0:fb 33:33:0:0:0:fb
line: 1 fields in error: smac,srate,sbytes,dport,sabytes,seq,proto,end,daddr,stt
l,dmac,dur,spkts,saddr,sport,stos,
1151432429.567597,1151432449.583555,1,20.015958,20.015958,0:11:24:73:73:f8,33:33
:0:0:0:fb,ipv6,0,0,,,,,3248,0,3050,0,11,0,1298.16,0.00,0.55,0.00,0.0000,0.0000,3
848370891,q,0:11:24:73:73:f8,33:33:0:0:0:fb,->,,,INT,,,,,3,,,0x8200,,
1151432429.567597,1151432449.583555,1,20.015958,20.015959,0:11:24:73:73:f8,33:33
:0:0:0:fb,well,*,*,,,,,3248,0,3050,0,11,0,1298.164,0.000,0.550,0.000,0,0,229.97.
122.203, v ,0:11:24:73:73:f8,33:33:0:0:0:fb,->,,,INT,,,,,3,,,0x8200,,,
1151432429.567597,1151432431.568146,1,2.000549,2.000549,fe80::211:24ff:fe73:73f8
,ff02::fb,udp,5353,5353,0,,255,,1042,0,0,0,2,0,4166.856,0.000,1.000,0.000,0,0,0.
0.0.0, v ,,,->,,,INT,,,,,0,,,0x8200,,0x0000,
sport 0 *
dport 0 *
smac 0:11:24:73:73:f8 0:11:24:73:73:f8
dmac 33:33:2c:f:7a:38 33:33:2c:f:7a:38
line: 2 fields in error: smac,dport,sabytes,seq,proto,sttl,daddr,dmac,saddr,spor
t,stos,
1151432430.307551,1151432430.307551,1,0.000000,0.000000,0:11:24:73:73:f8,33:33:2
c:f:7a:38,ipv6,0,0,,,,,90,0,72,0,1,0,0.00,0.00,inf,0.00,0.0000,0.0000,3848370891
,q,0:11:24:73:73:f8,33:33:2c:f:7a:38,->,,,INT,,,,,4,,,0x8200,,
1151432430.307551,1151432430.307551,1,0.000000,0.000000,0:11:24:73:73:f8,33:33:2
c:f:7a:38,well,*,*,,,,,90,0,72,0,1,0,0.000,0.000,0.000,0.000,0,0,229.97.122.203,
v ,0:11:24:73:73:f8,33:33:2c:f:7a:38,->,,,INT,,,,,4,,,0x8200,,,
1151432430.307551,1151432430.307551,1,0.000000,0.000000,fe80::211:24ff:fe73:73f8
,ff02::2:2c0f:7a38,ipv6-icmp,,,0,,1,,90,0,0,0,1,0,0.000,0.000,0.000,0.000,0,0,0.
0.0.0, v ,,,->,,,MRQ,,,,,1,,,0x8200,,0x0000,
Peter Van Epp / Operations and Technical Support
Simon Fraser University, Burnaby, B.C. Canada
-------------- next part --------------
A non-text attachment was scrubbed...
Name: v6.tcp
Type: application/octet-stream
Size: 82446 bytes
Desc: not available
URL: <https://pairlist1.pair.net/pipermail/argus/attachments/20060726/d936f11f/attachment.obj>
More information about the argus
mailing list