argus-*-rc.30 on the server
Peter Van Epp
vanepp at sfu.ca
Wed Sep 27 01:04:26 EDT 2006
Two apparant problems (although one may be a 2.0.6 bug). The correction
to ether_hostton got missed (it breaks on OpenBSD but works with this patch):
*** common/argus_util.c.orig Tue Sep 26 08:31:44 2006
--- common/argus_util.c Tue Sep 26 08:34:44 2006
***************
*** 2134,2145 ****
unsigned char ether_addr_octet[6];
};
#endif
! #if !defined(__APPLE_CC__) && !defined(__APPLE__)
! #if defined(__OpenBSD__)
extern int ether_hostton(char *, struct ether_addr *);
#else
extern int ether_hostton(const char *, struct ether_addr *);
- #endif
#endif
#endif
--- 2134,2143 ----
unsigned char ether_addr_octet[6];
};
#endif
! #if defined(__APPLE_CC__) && defined(__APPLE__)
extern int ether_hostton(char *, struct ether_addr *);
#else
extern int ether_hostton(const char *, struct ether_addr *);
#endif
#endif
and there is a count issue still:
%argus -r newcount.tcp -w newcount3.argus
%argus_bpf -r newcount.tcp -w newcount2.argus
%ra -r newcount2.argus -n
26 Sep 06 22:03:19 man 229.97.122.203 v2.0 1 0 0 0 0 0 STA
28 Aug 06 15:48:13 tcp 12.10.219.36.48467 -> 206.12.128.12.http 57 91 3903 64769 FIN
28 Aug 06 15:48:36 tcp 12.10.219.36.40669 -> 206.12.128.5.http 5 5 627 528 FIN
28 Aug 06 15:49:15 d tcp 12.10.219.36.12561 -> 206.12.128.5.http 119 167 7708 22910 FIN
28 Aug 06 15:48:46 tcp 12.10.219.36.30907 -> 206.12.128.5.http 40 57 3167 16727 FIN
28 Aug 06 15:48:57 d tcp 12.10.219.36.36414 -> 206.12.128.5.http 142 582 8640 51781 FIN
28 Aug 06 15:49:30 tcp 12.10.219.36.33739 -> 206.12.128.5.http 48 72 3559 40476 FIN
28 Aug 06 15:51:40 d tcp 12.10.219.36.27353 -> 206.12.128.5.http 163 622 9810 54074 FIN
26 Sep 06 22:03:19 man 229.97.122.203 v2.0 8 0 2170 0 292752 7 SHT
%ra3 -r newcount3.argus -n
15:48:13.671089 tcp 12.10.219.36.48467 -> 206.12.128.12.80 57 91 4173 64781 FIN
15:48:36.068000 tcp 12.10.219.36.40669 -> 206.12.128.5.80 4 3 585 426 CON
15:48:46.044857 tcp 12.10.219.36.30907 -> 206.12.128.5.80 40 57 3353 16739 FIN
15:48:52.426051 tcp 12.10.219.36.40669 -> 206.12.128.5.80 1 2 60 120 FIN
15:48:57.270715 r tcp 12.10.219.36.36414 -> 206.12.128.5.80 142 582 9336 52312 FIN
15:49:15.931324 i tcp 12.10.219.36.12561 -> 206.12.128.5.80 119 167 8236 23117 FIN
15:49:30.634693 tcp 12.10.219.36.33739 -> 206.12.128.5.80 48 72 3805 40488 FIN
15:51:40.001284 tcp 12.10.219.36.27353 -> 206.12.128.5.80 157 616 10194 47855 FIN
15:51:45.817270 d tcp 12.10.219.36.27353 -> 206.12.128.5.80 6 6 366 6806 FIN
22:02:47.290866 man 0 0 29 1 2170 10 29 1466880 STP
2.0.6 sum:
12.10.219.36 288679 251265 37414
3.0 sum:
12.10.219.36 292752 252644 40108
when most (but not all) other values are correct
2.0.6
12.10.166.35 3890 2037 1853
12.10.217.50 157986 151332 6654
12.10.217.70 765 273 492
12.10.219.36 288679 251265 37414
12.10.248.90 1190 466 724
12.10.254.2 213 81 132
12.10.254.3 246 81 165
12.10.30.136 73 73 0
3.0
12.10.166.35 3892 2038 1854
12.10.217.50 158106 151368 6738
12.10.217.70 765 273 492
12.10.219.36 292752 252644 40108
12.10.248.90 1190 466 724
12.10.254.2 213 81 132
12.10.254.3 246 81 165
12.10.30.136 73 73 0
Peter Van Epp / Operations and Technical Support
Simon Fraser University, Burnaby, B.C. Canada
More information about the argus
mailing list