And finally the test procdure (and initial results):

Peter Van Epp vanepp at sfu.ca
Mon Jun 19 14:20:41 EDT 2006 

	Now with the 2 ra.conf files that will print all fields we can compare
ra2 output with ra3 output and probe at the differences (mostly so far non 
printing fields):

The following were removed from ra2 (because they aren't in ra3 currently):

snet
dnet
tcpext

ra2.conf.full

RA_FIELD_DELIMITER=','
RA_PRINT_HOSTNAMES=protocol
RA_FIELD_SPECIFIER=time trans dur avgdur saddr daddr proto sport dport stos dtos sttl dttl bytes pkts load loss rate srcid ind mac dir jitter status user win seq mpls vlan ipid
RA_PRINT_UNIX_TIME=yes
RA_USEC_PRECISION=6
RA_PRINT_LABELS=0
--- end of conf file ---

	Which produces this (where ra is the 2.0.6-fixes.1+patches ra):

ra -F ra2.conf.full -r t.argus
StartTime,LastTime,Trans,Dur,AvgDur,SrcAddr,DstAddr,Type,Sport,Dport,SrcTOS,DstTOS,SrcTTL,DstTTL,SrcBytes,DstBytes,SrcPkt,DstPkt,Src_bps,Dst_bps,Src_Loss,Dst_Loss,Src_pps,Dst_pps,ProbeId,Flgs,SrcMacAddr,DstMacAddr,Dir,SrcJitter,DstJitter,State,srcUdata,dstUdata,SrcWin,DstWin,Seq,sMPLS,dMPLS,sVLAN,dVLAN,IpId
1132974665.005254,1132974683.159241,,18.153987,18.153987,229.97.122.203,1,man,v2.0,0,0,0,0,0,0,0,0,0,-0.00,-0.00,,0.00,0.00,3848370891,,,,,0.000,0.000,STA,,,,,0,,,,,
1149490800.390902,1149490800.392313,1,0.001411,0.001411,206.127.21.254,142.58.207.207,udp,65442,123,0,16,46,61,90,90,1,1,510276.40,510276.40,0.0000,0.0000,0.00,0.00,3848370891,,0:90:69:c0:e0:1f,0:e0:63:13:7e:0,<->,0.000,0.000,CON,,,,,1307546097,,,,,0xbc5f

	and this is from ra3 with the patches and conf file just posted (the 
-n is supress dst port translation which doesn't appear to be a config option
at the moment):

%ra3 -F ra3.conf.full -n -r t.argus
StartTime,LastTime,Trans,Dur,AvgDur,SrcAddr,DstAddr,Proto,Sport,Dport,sTos,dTos,sTtl,dTtl,SrcBytes,DstBytes,SrcPkts,DstPkts,Src_pps,Dst_pps,SrcLoss,DstLoss,Src_bps,Dst_bps,SrcId,SrcMac,DstMac,Dir,SrcJitter,DstJitter,srcUdata,dstUdata,SrcWin,DstWin,Seq,sMpls[0],dMpls[0],sVlan,dVlan,sIpId,dIpId
1149490800.390902,1149490800.392313,1,0.001411,0.001411,206.127.21.254,142.58.207.207,udp,65442,123, , , , ,90,90,1,1,708.717,708.717,0,0,510276.375,510276.375,229.97.122.203,0:90:69:c0:e0:1f,0:e0:63:13:7e:0,<->,,,,, , ,1307546097 ,  , , 


Peter Van Epp / Operations and Technical Support 
Simon Fraser University, Burnaby, B.C. Canada

More information about the argus mailing list