argus-3.0 conformance testing and website repository
Peter Van Epp
vanepp at sfu.ca
Sun Jun 25 23:05:11 EDT 2006
On Fri, Jun 23, 2006 at 11:17:06AM -0400, Carter Bullard wrote:
> Gentle people,
> Looks like we're close to having some code stability, and we're
> looking good on backward compatibility. We have a minimum
> set of working argus components, server, collector/distributor,
> and clients. Thanks to everyone on all the work!!!!!
>
> We do need to do some correctness testing. Does the argus
> record match what is on the wire. Nice thing is we've got a lot
> of history here, but because of the surgical removal of chunks of
> code, there maybe some problems.
>
> I recommend that we find a collection of packet traces, possibly
> that are just single flows, and use them to verify functionality.
> We can grab packet traces off the net, which will be a good thing,
> (i think the def con packet traces are a good candidate) and/or
> we can establish some of our own. I'll put the packet traces in
> a repository on the argus web site. Purely for conformance
> testing and as examples of what we can do with packets.
>
This sounds like a good idea, as does tcpdump format (not least because
tcpreplay will put it back on the wire for testing from the wire forward :-)).
If we can find a tcpdump editor (and I recall finding one, puppet
in the netlib repository strikes a bell) then some of us with un releasable
but interesting traffic could perhaps modify them to be releasable :-).
The descriptions of what argus will do with various protocols would be
good for educating the ignorant (i.e. me :-)) of what more things argus will
do for me.
Peter Van Epp / Operations and Technical Support
Simon Fraser University, Burnaby, B.C. Canada
More information about the argus
mailing list