argus-3.0 conformance testing and website repository

Carter Bullard carter at qosient.com
Fri Jun 23 16:46:46 EDT 2006


Hey Richard,
    That would be great!!!  After I put together some standard packet
traces into a respository, we can use any tools to see what they
do.   The comparison may give us some ideas as to how to
improve argus, but really (just a personal political statement)
I could care less what they do, as long as its correct (whatever
that means ;o)

    So, I have an arp and traceroute capture file, the tools you mention
don't do much with those, but these are real flows for argus.  We
may have to compare argus to, what, arpwatch, in order to see what
we could do?

Carter

On Jun 23, 2006, at 2:42 PM, Richard Bejtlich wrote:

> On 6/23/06, Carter Bullard <carter at qosient.com> wrote:
>> Gentle people,
>>      Looks like we're close to having some code stability, and we're
>> looking good on backward compatibility.    We have a minimum
>> set of working argus components, server, collector/distributor,
>> and clients.   Thanks to everyone on all the work!!!!!
>>
>>      We do need to do some correctness testing.  Does the argus
>> record match what is on the wire.   Nice thing is we've got a lot
>> of history here, but because of the surgical removal of chunks of
>> code, there maybe some problems.
>>
>
> How about comparing Argus output of that sample trace to output from
> other session collection tools/analyzers?
>
> For example:
>
> Conversation stats in Ethereal
> Tcptrace
> Fproble -> Flow-Tools
>
> Sincerely,
>
> Richard
>







More information about the argus mailing list