Argus 3.0.0.rc.29 ESP problem
Robin Gruyters
r.gruyters at yirdis.nl
Mon Sep 25 03:52:17 EDT 2006
Hi ya,
Last weekend I'd noticed a small problem when filtering ESP packets with ra.
With 3.0 is shows some weird port numbers with ESP protocol, but with
2.0.6 is doesn't. (the argus output file comes from 2.0.6 argus daemon)
output 2.0.6
[...]
Type SrcAddr Sport DstAddr Dport
50 82.xxx.xxx.xxx 213.xxx.xxx.xxx
50 82.xxx.xxx.xxx 213.xxx.xxx.xxx
50 82.xxx.xxx.xxx 213.xxx.xxx.xxx
50 82.xxx.xxx.xxx 213.xxx.xxx.xxx
50 82.xxx.xxx.xxx 213.xxx.xxx.xxx
50 82.xxx.xxx.xxx 213.xxx.xxx.xxx
50 82.xxx.xxx.xxx 213.xxx.xxx.xxx
50 82.xxx.xxx.xxx 213.xxx.xxx.xxx
50 82.xxx.xxx.xxx 213.xxx.xxx.xxx
[...]
output 3.0.0
[...]
Proto SrcAddr Sport DstAddr Dport
50 82.xxx.xxx.xxx.xxx 213.xxx.xxx.xxx.36195*
50 82.xxx.xxx.xxx.xxx 213.xxx.xxx.xxx.36261*
50 82.xxx.xxx.xxx.xxx 213.xxx.xxx.xxx.36621*
50 82.xxx.xxx.xxx.xxx 213.xxx.xxx.xxx.37021*
50 82.xxx.xxx.xxx.xxx 213.xxx.xxx.xxx.37421*
50 82.xxx.xxx.xxx.xxx 213.xxx.xxx.xxx.37814*
50 82.xxx.xxx.xxx.xxx 213.xxx.xxx.xxx.40043*
50 82.xxx.xxx.xxx.xxx 213.xxx.xxx.xxx.40456*
50 82.xxx.xxx.xxx.xxx 213.xxx.xxx.xxx.40521*
[...]
Any idea?
Regards,
Robin Gruyters
Network and Security Engineer
Yirdis B.V.
I: http://yirdis.com
P: +31 (0)36 5300394
F: +31 (0)36 5489119
More information about the argus
mailing list